Random Question 101 - 120

Question 1

Question 101:

During a risk assessment, a security team discovers that their current vulnerability management program isn’t effectively addressing critical vulnerabilities. Which approach would most effectively enhance the vulnerability management process while aligning with security best practices?

Options:

A. Patch all vulnerabilities immediately regardless of impact.

B. Risk-based vulnerability prioritization with continuous monitoring.

C. Annual vulnerability scans of critical systems.

D. Implement automated patching without testing.

Answer 1

Correct Answer: B

Explanation:

Risk-based vulnerability prioritization with continuous monitoring ensures critical vulnerabilities are addressed based on their actual risk to the organization, while maintaining ongoing visibility into the security posture.

Question 2

Question 102:

A global organization is implementing a new security framework while managing third-party risks. Security analysts have identified TWO critical areas that require immediate attention to maintain compliance and reduce risk exposure. Which combination of measures would most effectively address these concerns?

Options:

A. Implementation of continuous third-party monitoring systems.

B. Annual security awareness training.

C. Integration of GRC tools with vendor risk assessments.

D. Weekly vulnerability scanning.

E. Monthly password changes.

Answer 2

Correct Answer: A, C

Explanation: Continuous third-party monitoring provides real-time visibility into vendor risks, while GRC tool integration with vendor risk assessments ensures comprehensive compliance management and risk visibility across the organization’s vendor ecosystem.

Governance, risk, and compliance (GRC) tools help organizations manage risk, compliance, and internal audits. When choosing a GRC tool, you can consider things like:
- Functionality: What core functions you need
Integration: How well the tool
- integrates with your existing systems
- User-friendliness: How easy the tool is to use
- Pricing: How much the tool costs

Question 3

Question 103:

During incident response to a sophisticated attack, the security team discovers evidence of data exfiltration but cannot determine the full scope of the compromise. Which incident response process would be most appropriate to implement immediately while maintaining business operations?

Options:

A. Full system shutdown and recovery from backups.

B. Targeted containment with enhanced monitoring and analysis.

C. Immediate eradication of all suspected systems.

D. Implementation of new security controls.

Answer 3

Correct Answer: B

Explanation: Targeted containment with enhanced monitoring and analysis allows for continuous investigation of the breach scope while preventing further damage, maintaining critical business operations, and gathering necessary evidence.

Question 4

Question 104:

An organization’s security team is designing a comprehensive business continuity plan for their critical infrastructure. Which approach would best ensure both system availability and security during a disaster recovery scenario?

Options:

A. Multiple backup sites without security controls.

B. Single backup site with basic security measures.

C. Integrated DR plan with security controls and regular testing.

D. Offsite backups without recovery procedures.

Answer 4

Correct Answer: C

Explanation: An integrated DR plan with security controls and regular testing ensures both system availability and security during recovery, maintaining security posture while enabling efficient business restoration during disasters.

Question 5

Question 105:

During a security audit, a team identifies multiple vulnerabilities across different systems. The organization needs to implement a compensating control due to technical limitations preventing the deployment of the primary control. Which TWO of the following best describe the characteristics of a compensating control? (Choose TWO)

Options:

A. Provides the same level of protection as the original control but through different means.

B. Temporarily replaces the primary control until budget allows for implementation.

C. Meets the intent and rigor of the original control requirements.

D. Costs less than the original control to implement and maintain.

E. Requires annual review and certification by external auditors.

Answer 5

Correct Answer: A, C

Explanation:

Compensating controls must provide similar protection level as original controls (A) and satisfy original control requirements (C) regardless of cost or audit requirements.

Question 6

Question 106:

A security analyst is implementing Zero Trust principles in an organization’s network. Which of the following best represents the primary function of the Control Plane in Zero Trust architecture?

Options:

A. Manages actual data flow between network segments.

B. Handles policy decisions and access management.

C. Provides encryption for data in transit.

D. Monitors network traffic patterns.

Answer 6

Correct Answer: B

Explanation:

The Control Plane in Zero Trust architecture is responsible for policy decisions and managing access controls, while Data Plane handles actual data movement.

Question 7

Question 107:
Your organization recently experienced a security breach. During the incident response process, which phase focuses on identifying what systems were affected and determining the current and potential business impact?

Options:

A. Containment.

B. Analysis.

C. Detection.

D. Eradication.

Answer 7

Correct Answer: B

Explanation:

The Analysis phase involves investigating affected systems, determining the scope of compromise, and assessing the business impact of the security incident.

Question 8

Question 108:

A company is implementing multiple security measures to protect their data center. Which TWO of the following combinations would provide the most effective physical security controls for preventing unauthorized access?
(Choose TWO)

Options:

A. Access control vestibule with pressure sensors.

B. Security cameras with motion detection.

C. Bollards with microwave sensors.

D. Fencing with infrared detection.

E. Security guards with ultrasonic sensors.

Answer 8

Correct Answer: A, D

Explanation:

Access control vestibule with pressure sensors provides layered entry control, while fencing with infrared detection creates a secure perimeter with intrusion detection capabilities, offering comprehensive physical security.

Question 9

Question 109:

During a security incident, the organization discovers that an attacker gained access through a third-party vendor’s compromised credentials. Which of the following security concepts was most likely violated in terms of accountability?

Options:

A. Authentication.

B. Authorization.

C. Non-repudiation.

D. Accounting.

Answer 9

Correct Answer: C

Explanation:

Non-repudiation ensures actions cannot be denied by the person who performed them, which was compromised when the attacker used someone else’s credentials to gain access.

Question 10

Question 100:

An organization is implementing deception technology to detect potential threats. Which of the following would be most effective in identifying an insider threat attempting to access sensitive financial data?

Options:

A. Deploying a honeynet across multiple network segments.

B. Implementing a honeypot with fake network services.

C. Creating honeytokens in financial databases.

D. Setting up multiple honeypots in the DMZ.

Answer 10

Correct Answer: C

Explanation:

Honeytokens in financial databases are most effective for detecting insider threats as they are fake credentials or records that would only be accessed by someone specifically searching for financial data.

Question 11

Question 111:

A security team is developing their incident response strategy and needs to determine the priority for incident handling. Which TWO of the following factors should be considered the MOST critical when prioritizing security incidents? (Choose TWO)

Options:

A. Current and potential technical impact on systems.

B. Time required to implement containment measures.

C. Business functional impact and information sensitivity.

D. Cost of forensic investigation procedures.

E. Availability of backup personnel for response.

Answer 11

Correct Answer: A, C

Explanation: Incident prioritization should primarily focus on both technical impact on systems
(A) and business/information impact
(C), as these directly affect the organization’s operations and risk level.

Question 12

Question 102:

During a risk assessment, an organization identifies that their primary security control cannot be implemented due to technical limitations. Which of the following best describes the relationship between compensating controls and the original control requirements?

Options:

A. Must be more cost-effective than original controls.

B. Must meet the original control intent and rigor.

C. Must be temporary until original controls can be implemented.

D. Must be approved by external auditors.

Answer 12

Correct Answer: B

Explanation: Compensating controls must satisfy the same security objectives and provide equivalent protection as the original control, maintaining the intended level of security.

Question 13

Within user authentication, which elements usually classify as “something you are” and “something you have”?

A: Security questions and PIN
B: Username and password
C: Smart card and email address
D: Fingerprint and mobile

Answer 13

**Correct Answer: D: Fingerprint and mobile **

Question 14

As Amanda tries to transition from on-premises infrastructure to a hybrid cloud setup, what aspects she must consider that weren’t relevant in a single on-premises data center?

A: RTOs
B: Power resilience
C: Data sovereignty
D: RPOs

Answer 14

Correct Answer: C: Data sovereignty

“Data sovereignty” in security refers to a country’s legal right to control and regulate how data generated within its borders is collected, stored, processed, and distributed, ensuring that sensitive information remains subject to the laws of that jurisdiction, particularly regarding privacy and security measures; essentially, it means a nation has the authority to govern how data belonging to its citizens is handled, even when stored or processed overseas.

Question 15

What is the primary role of Security Information and Event Management (SIEM) tools in operational security?

A: Conducting vulnerability assessments
B: Encrypting network traffic
C: Monitoring and analyzing security events
D: Configuring access controls

Answer 15

**Correct Answer:
C: Monitoring and analyzing security events
**

Question 16

What is considered a recommended approach for enhancing the security of a web application?

A: Implementing strong session management techniques
B: Storing user credentials in plain text
C: Allowing unrestricted file uploads
D: Disabling input

Answer 16

**Correct Answer:
A: Implementing strong session management techniques
**

Question 17

Which group mentioned below is typically not a part of an organization’s cybersecurity incident response team?

A: Technical subject matter experts
B: Cybersecurity experts
C: Law enforcement
D: Management

Answer 17

**Correct Answer:
C: Law enforcement
**

Question 18

What method is used to assess the value of assets?

A: The cost to replace the item
B: The depreciated cost of the item
C: The original cost of the item
D: Any of the above based on organizational preference

Answer 18

Correct Answer:
D: Any of the above based on organizational preference

Question 19

How do we refer to spam messages sent via Internet messaging platforms?

A: TwoFaceTiming
B: IMSPAM
C: SMSPAM
D: SPIM

Answer 19

**Correct Answer: D: SPIM **

SPIM (Spam over Instant Messaging) is a type of cyber security threat that involves sending unwanted messages through instant messaging platforms. SPIM messages can include advertisements, promotions, or links to malicious websites.

SPIM are spam messages symptomatic of widely-used free instant messaging apps like Messenger, Whatsapp, Viber, Telegram, Skype and WeChat. These spam messages are usually commercial-type spam but can contain malware and spyware. Most apps have built-in filters that block messages from unknown sources.

Question 20

Where are Industrial Control Systems (ICS) and SCADA systems most commonly implemented?

A: Consumer electronics
B: Gaming systems
C: Industrial and critical infrastructure environments
D: Personal computing

Answer 20

**Correct Answer: C: Industrial and critical infrastructure environments **

SCADA security is the protection of Supervisory Control and Data Acquisition (SCADA) networks from cyber threats. SCADA systems monitor and control critical infrastructure, such as water, power, and natural gas. SCADA security is important because attacks on these systems can disrupt access to essential services.

Question 21

What kind of policy document has Bob’s organization established to outline the appropriate usage of its network, systems, and services?

A: An acceptable use policy.
B: Business continuity policy
C: An incident response policy.
D: This is a standard, not a policy

Answer 21

**Correct Answer: A: An acceptable use policy **

An “acceptable use policy” (AUP) in security is a set of rules and guidelines that define how an organization’s technology resources, like computers, networks, and email, can be used appropriately, outlining what is considered acceptable behavior and what is not, with the goal of protecting sensitive information and preventing security breaches; essentially, it acts as a code of conduct for digital interactions within an organization.

Question 22

What is the primary objective of utilizing the ‘tracert’/’traceroute’ command in network operations?

A: To detect and display the network path to a destination
B: To establish secure connections with remote hosts
C: To identify network switches and routers
D: To reveal the IP address of the user’s device

Answer 22

**Correct Answer: A: To detect and display the network path to a destination **

Question 23

What is the title of the Vice President of Sales concerning data management duties, particularly in requesting daily backups of sales data from the IT team?

A: Data protection officer
B: Data processor
C: Data owner
D: Data steward

Answer 23

**Correct Answer: C: Data Owner **

A “Data Owner” in security refers to the individual or group within an organization who is ultimately responsible for the security, quality, and governance of a specific set of data, including defining who can access it, ensuring its proper usage, and managing its lifecycle from creation to deletion; essentially, they hold the highest level of accountability for a particular data asset within their domain.

Data Stewards help define, implement, and enforce data management policies and procedures within their specific Data Domain. A Data Trustee may delegate to the Data Steward the authority to represent the Data Trustee in data-related policy discussions.

Question 24

Bob is investigating host antivirus logs following a system breach and realizes that the antivirus software failed to catch the malware. Considering the options, which is the least acceptable reason for this failure?

A: Outdated antivirus signatures
B. Zero-day attack
C: Antivirus software failure
D: APT attack

Answer 24

**Correct Answer:
C: Antivirus software failure
**

Question 25

Which activity should Amanda allow to proceed without restriction as she gets ready for a change window? A: Scaling clustered systems up or down B: Patching C: Changing hostnames D: Modifying database configurations

Answer 25

**Correct Answer: A: Scaling clustered systems up or down **

Question 26

What tool should the engineer utilize to detect and prevent data tampering within the enterprise infrastructure? A: FTP B: File Integrity Monitoring (FIM) C: Antivirus D: IPS

Answer 26

**Correct Answer: File Integrity Monitoring (FIM) ** "File Integrity Monitoring," which refers to a security process that continuously checks and verifies the integrity of critical system files, like operating system components, applications, and databases, to detect any unauthorized modifications or corruption, essentially identifying potential tampering or malicious activity by comparing them to a trusted baseline.

Question 27

Which command is most suitable for Bob to capture network packets from the command line? A: FTK B: dd C: tcpdump D: wireshark

Answer 27

**Correct Answer: C: tcpdump ** TCPdump is a command-line tool developed for capturing and analyzing network traffic on any arbitrary user's system. It performs as a beneficial tool for troubleshooting network issues and serves as a security tool.

Question 28

Which supply chain participant is vulnerable to exploitation by attackers who target vulnerabilities in pre-installed software on a device? A: Service provider B: Hardware provider C: Software provider D: Cloud provider

Answer 28

**Correct Answer: C: Software provider ** Some prominent software providers in the security space include: Trend Micro, Check Point, Fortinet, Palo Alto Networks, CyberArk, Microsoft, Avira, and Netsurion; all offering various security solutions like next-generation firewalls, endpoint protection, cloud security, and threat intelligence platforms.

Question 29

Bob is addressing authentication issues with his organization's VPN, utilizing a RADIUS backend. To monitor the traffic, Bob needs to be aware of the ports associated with RADIUS. What are these ports? A: TCP ports 1433 and 1521 B: UDP ports 1433 and 1521 C: TCP ports 1812 and 1813 D: UDP ports 1812 and 1813

Answer 29

**Correct Answer: C: Antivirus software failure ** RADIUS (Remote Authentication Dial-In User Service) typically uses UDP ports 1812 for authentication and 1813 for accounting, meaning these are the ports you need to open on a firewall to allow RADIUS traffic to flow between devices and the RADIUS server; older systems might use port 1645 for authentication and 1646 for accounting.

Question 30

While assessing a cryptographic system, it's determined that the algorithm is publicly known, but the key is held confidentially. Which security principle is being upheld? A: XOR theorem B: Shannon's maxim C: Caesar's principle D: Kerckhoffs' principle

Answer 30

**Correct Answer: D: Kerckhoffs' principle ** Kerckhoffs' Principle states that the security of a cryptosystem must lie in the choice of its keys only; everything else (including the algorithm itself) should be considered public knowledge.

Question 31

Which principle states that multiple alterations to a computer system should not occur simultaneously? A: Change management B: Due diligence C: Due care D: Acceptable use

Answer 31

**Correct Answer: A: Change management ** Change management security is a structured process that helps organizations manage changes to their security protocols, technologies, and processes. It helps to reduce the risk of vulnerabilities and disruptions.

Question 32

Which strategy in risk management involves shifting the responsibility or consequences of a risk to another party, often achieved through insurance coverage or contractual agreements? A: Accept B: Avoid C: Mitigate D: Transfer

Answer 32

**Correct Answer: D: Transfer ** A securities account transfer or transfer of securities account is the process of transferring a securities account from one securities services company to another. For such a securities account transfer to take place, both the old and the new securities account must be active.

Question 33

Which method is commonly recommended for preventing packet sniffing attacks? A: Regularly updating software and firmware B: Encrypting network communications C: Using intrusion detection systems D: Implementing strong access controls

Answer 33

**Correct Answer: B: Encrypting network communications **

Question 34

Which forensic tool depends on properly configured system clocks for its optimal operation? A: File metadata analysis B: Disk hashing C: Forensic disk acquisition D: Timelining

Answer 34

**Correct Answer: D: Timelining ** A timeline in security is a chronological record of events that can help identify security incidents and breaches. Timelines can be used to analyze system logs, user activity, and other data sources. An incident timeline is a complete real-time record of an incident. It often includes manual entries (chat), consolidated records of pages, alerts, and acknowledgments, and automatic system updates (for example, notification that someone has changed the severity level of an incident or marked it as resolved).

Question 35

What type of control best illustrates the network firewall that Josh is reviewing and updating to accommodate changing organizational needs? A: Detective B: Deterrent C: Preventative D: Corrective

Answer 35

**Correct Answer: C: Preventative ** Preventative security measures are actions taken before a threat to reduce the likelihood of a successful attack. These measures can include policies, encryption, firewalls, and physical barriers. -- **Encryption**: Scrambles data into a code that can only be unlocked with a unique key. This protects sensitive data like passwords and credit card numbers. -- **Firewalls**: Protect devices from attacks. -- **Intrusion detection/prevention systems (IDS/IPS)**: Analyze network traffic for patterns and anomalies that may indicate a potential attack. -- **Access control**: Restricts access to applications and data to only authorized users and services. -- **Security cameras**: Deter intruders from unlawful activities. -- **Antivirus and antispyware software**: Thwart attacks on devices.

Question 36

What is the primary function of a digital signature in cryptography? A: Authenticate users B: Prevent unauthorized access C: Verify the integrity and authenticity of a message D: Encrypt data

Answer 36

**Correct Answer: C: Verify the integrity and authenticity of a message ** The primary function of a digital signature in cryptography is to verify the authenticity and integrity of a digital message or document, essentially proving that the message originated from a known sender and has not been tampered with during transmission, thus providing "non-repudiation" where the sender cannot deny sending the message; it acts like a virtual fingerprint uniquely tied to the signer.

Question 37

If a security team discovers that a group of servers within a company's internal server farm in a large data center was breached before the latest updates were applied and breach attempts were not logged on any other servers, which threat actor is MOST likely to be involved? A: Script kiddie B: Nation State C: Competitor D: Insider

Answer 37

**Correct Answer: D: Insider** Insider threat risks Fraud, Theft of confidential information, Theft of intellectual property, and Sabotage of computer systems. Insider threat prevention Implementing access controls, Using multifactor authentication, Establishing security policies, and Regularly reviewing and updating security policies. An insider is any person who has/had authorized access to or knowledge of an organization's resources, including personnel, facilities, information, equipment, networks, and systems.

Question 38

When an individual application undergoes an update or modification, what action should be taken to guarantee the changes are incorporated? A: Downtime B: Service restart C: Restricted activities D: Application restart

Answer 38

**Correct Answer: D: Application restart ** the process of completely shutting down and then relaunching an application, often required after applying security updates or making configuration changes to ensure the new security settings take effect properly, as many updates may need to modify files currently being used by the application, necessitating a restart to fully implement the changes.

Question 39

When Bob modifies the rules on his organization's firewall to accommodate a new mail server installation, which type of control is he employing? A: Compensating B: Technical C: Operational D: Managerial

Answer 39

**Correct Answer: B: Technical ** Technical security is the use of technology and processes to protect information systems, networks, and devices. The goal is to keep sensitive information confidential, intact, and available. Technical security refers to the processes and technologies used to protect information systems, networks, and devices from threats, damage, and unauthorized access. Its purpose is to safeguard the confidentiality, integrity, and availability of sensitive information.

Question 40

Among the choices provided, what is the primary motivation for an attack carried out by a criminal organization? A: Grudge B: Financial C: Political D: Thrill

Answer 40

**Correct Answer: B: Financial **

Question 41

Steve wants to manage a Windows system's graphic user interface remotely and is looking for a secure protocol to achieve this. Which protocol would best suit his requirements? A: RDP B: VPN C: SSH D: Telnet

Answer 41

**Correct Answer: A: RDP **

Question 42

Bob is structuring network security controls for a pivotal system governing a manufacturing process and seeks the utmost level of network segmentation. Which control should he prioritize to accomplish this aim? A: Air gap B: Router segmentation C: Firewall zone segmentation D: VLAN segmentation

Answer 42

**Correct Answer: A: Air gap ** Air gap security is a cybersecurity method that separates a network or computer from other networks, especially the Internet. This physical separation prevents unauthorized access and cyber threats. An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. An air-gapped computer is physically segregated and incapable of connecting wirelessly or physically with other computers or network devices.

Question 43

What is the main objective of User Training within an organization's IT ecosystem for managing personnel? A: Building stakeholder confidence and addressing non-compliance B: Ensuring a well-informed workforce through tailored training C: Validating compliance with specific laws and regulations D: Preventing unauthorized data sharing with Data Loss Prevention (DLP) policies

Answer 43

**Correct Answer: B: Ensuring a well-informed workforce through tailored training ** The primary objective of user training in security is to educate employees and end-users about cybersecurity best practices, enabling them to identify and respond appropriately to potential security threats, thereby minimizing the risk of data breaches and protecting an organization's sensitive information by empowering them to make security-conscious decisions in their daily work activities.

Question 44

Steve is working on a new application with significant cryptography requirements. Which technique should he prioritize to guarantee the correct implementation of cryptography? A: Hire a vendor to develop a custom cryptographic module B: Test the software before use C: Write the cryptographic code directly in his application D: Use a popular open-source cryptographic module

Answer 44

**Correct Answer: D: Use a popular open-source cryptographic module **

Question 45

Bob is performing an asset valuation exercise to ensure insurance policies cover the restoration of operations post asset destruction. Which asset valuation technique should Bob prioritize for this purpose? A: Replacement cost B: Original purchase price C: Subject matter expert estimated value D: Depreciated value

Answer 45

**Correct Answer: A: Replacement cost ** The amount of money it would currently take to replace a security system or asset, like a camera, access control panel, or security guard service, with a new one of similar quality and functionality, without taking depreciation into account; essentially, the cost to purchase a brand new equivalent in the current market to replace a damaged or outdated security component.

Question 46

What is the common result of a risk assessment process? A: Conducting regular security training for employees B: Development of a disaster recovery plan C: Implementation of new cybersecurity policies D: Identification and prioritization of risks

Answer 46

**Correct Answer: D: Identification and prioritization of risks ** A security risk assessment process involves systematically identifying, analyzing, and prioritizing potential threats and vulnerabilities to an organization's assets, evaluating their likelihood of occurrence and potential impact, and then developing mitigation strategies to manage those risks effectively; typically including steps like asset identification, threat identification, vulnerability analysis, risk calculation, risk prioritization, and control implementation.

Question 47

Who is responsible for generating the Certificate Signing Request (CSR) for Bob's web server certificate, considering Geotrust is the root CA and his company has an intermediate CA? A: Bob creates the CSR on the web server B: Bob creates the CSR on the Geotrust website C: Geotrust creates the CSR after receiving a request from Bob D: The internal CA creates the CSR after receiving a request from Bob

Answer 47

** Answer: A: Bob creates the CSR on the web server ** "Certificate Signing Request," which is a crucial step in obtaining a digital certificate for a website or server, essentially acts as a request sent to a Certificate Authority (CA) containing necessary information like the domain name, organization details, and the public key, allowing the CA to verify the identity and issue a trusted certificate for secure communication online.

Question 48

What is the primary goal of encryption standards? A: Specify access control mechanisms B: Define onboarding processes C: Detail password reset procedures D: Outline acceptable encryption algorithms and key management practices

Answer 48

** Answer: D: Outline acceptable encryption algorithms and key management practices** The primary goal of encryption standards in security is to protect the confidentiality of digital data by transforming it into an unreadable format that can only be accessed by authorized parties with the correct decryption key, effectively safeguarding sensitive information from unauthorized access even if it is intercepted or compromised.

Question 49

Which security practice is recommended to prevent successful brute force attacks on a Windows system, according to Kathy's concerns? A: Rename the Administrator account B: Expire the Administrator account password monthly C: Disable the Administrator account D: Encrypt the contents of the Administrator account

Answer 49

** Answer: A: Rename the Administrator account **

Question 50

What is the name of the attack when an attacker modifies a segment of data used in a stream cipher to expose wirelessly encrypted data after breaching your wireless network? A: Rogue WAP B: Evil twin C: WPS attack D: IV attack

Answer 50

** Answer: D: IV attack** An initialization vector (IV) attack is an attack on wireless networks. It modifies the IV of an encrypted wireless packet during transmission. Once an attacker learns the plaintext of one packet, the attacker can compute the RC4 key stream generated by the IV used. It refers to a type of cryptographic attack that exploits vulnerabilities in the "Initialization Vector" (IV) used during encryption, allowing attackers to potentially decrypt sensitive data by predicting or manipulating the IV, which is supposed to randomize the encryption process and prevent pattern recognition; this attack is particularly prevalent in wireless networks like Wi-Fi, especially when using outdated encryption protocols like WEP that have weak IV implementations.

Question 51

In the face of a significant risk of ransomware attacks targeting network storage systems, which technical control would offer the most effective mitigation strategy? A: Regularly back up data to encrypted offline storage. B: Deploy security information and event management (SIEM) for centralized logging and analysis. C: Implement multi-factor authentication for all network access. D: Install antivirus software on all endpoints and servers.

Answer 51

** Answer: A: Regularly back up data to encrypted offline storage. **

Question 52

What type of testing should a user undertake to assess whether a web application can handle unexpected or random inputs without crashing? A: Fuzzing B: Dynamic code analysis C: Manual code review D: Code signing

Answer 52

** Answer: A: Fuzzing ** Fuzzing, or fuzz testing, is a software testing technique that automatically detects bugs and vulnerabilities in software, operating systems, or networks. It's a quality assurance technique that's used to stress applications and cause unexpected behavior.

Question 53

In a Linux environment, Bob (user: rbob) belongs to the "leaders" group. He tries to open "secret_file.txt", but the permissions for "others" are restricted. What level of access can Bob expect? A: Bob can read and execute the file. B: Bob can read, write, and execute the file. C: Bob can only read the file. D: Bob can read and write the file.

Answer 53

** Answer: C: Bob can only read the file. **

Question 54

A program attempts to store more data in a designated memory space than it can hold, causing it to overwrite data in unintended locations. This situation is known as: A: Integer overflow B: Buffer overflow C: Memory leak D: DLL injection

Answer 54

** Answer: B: Buffer overflow ** A "buffer overflow" in security refers to a software coding error where a program attempts to write more data into a designated memory space (called a buffer) than it can hold, causing the excess data to spill over and overwrite adjacent memory locations, potentially allowing attackers to inject malicious code and gain control of the system; essentially, it's a vulnerability that can be exploited by hackers to gain unauthorized access to a system by manipulating a program's memory allocation.

Question 55

Before an event occurs, what technology can Bob deploy to enable him to accurately monitor bandwidth usage and observe the destination of traffic during a compromise? A: A firewall B: Packetflow C: NetFlow D: A DLP

Answer 55

** Answer: NetFlow** NetFlow is a network protocol that helps security teams monitor and analyze network traffic to detect and respond to security threats. NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network flow. By analyzing NetFlow data, you can get a picture of network traffic flow and volume.

Question 56

Which of the following actions is Bob most likely to undertake to minimize the occurrence of false positive reports in his vulnerability scans? A: Increase the size of the target network B: Implement credentialed scanning C: Disable safe checks D: Decrease the scan sensitivity

Answer 56

** Answer: B: Implement credentialed scanning ** To implement credentialed scanning in security, you need to configure a vulnerability scanner to use valid user credentials to access target systems, allowing for a deeper analysis of vulnerabilities by examining system configurations and software details that are only accessible to authenticated users, providing a more accurate assessment compared to non-credentialed scans.

Question 57

Why is it essential to conduct Universal Resource Locator (URL) scanning in web filtering? A: To determine the reputation of a website B: To block or allow access based on the specific web address C: To enhance website loading speeds D: To implement secure protocols

Answer 57

** Answer: B: To block or allow access based on the specific web address ** "URL scanning" in security refers to the process of analyzing a web address (Uniform Resource Locator) to identify potential threats like malware, phishing attempts, or harmful software, essentially checking if a link is safe to click on before accessing a website; it's a key part of cybersecurity to protect users from malicious online content.

Question 58

Which of the following is a mandatory requirement for the technician to implement when setting up a system to authenticate users solely based on their username and password when accessing computers within the office building, and rejecting any attempts to authenticate from locations outside the office building? A: Dual factor authentication B: Single-factor authentication C: Biometric authentication D: Transitive authentication

Answer 58

** Answer: D: Transitive authentication** "Transitive authentication" in security refers to a system where a user authenticates themselves once, and that authentication is then "trusted" by subsequent systems they access, allowing them to gain access to multiple services without needing to re-authenticate each time, essentially meaning their identity is "transitively" accepted across different systems; a prime example of this is Single Sign-On (SSO) where a user logs in once to access multiple applications within a network.

Question 59

When configuring access control for a cloud environment, you wish to assign permissions based on user attributes. Which access control scheme would be the most fitting option for this task? A: Attribute-Based Access Control (ABAC) B: Role-Based Access Control (RBAC) C: Rule-Based Access Control (RBAC2) D: Mandatory Access Control (MAC)

Answer 59

** Answer: A: Attribute-Based Access Control (ABAC) ** The purpose of ABAC is to protect objects such as data, network devices, and IT resources from unauthorized users and actions—those that don't have “approved” characteristics as defined by an organization's security policies

Question 60

An attacker has compromised data integrity in a security breach by leveraging the chance of two separate inputs generating the same hash value in a cryptographic function. What type of attack is being described here? A: Rainbow Table Attack B: Birthday Attack C: Phishing Attack D: Brute-Force Attack

Answer 60

** Answer: B: Birthday Attack ** A "birthday attack" in security is a cryptographic attack that exploits the mathematical concept of the "birthday paradox" to find collisions in hash functions, essentially finding two different inputs that produce the same output hash, allowing attackers to potentially forge digital signatures or crack passwords by manipulating data to appear legitimate to a system.

Question 61

Simon is organizing the rollout of a new VPN outlined in the high-level diagram displayed here. What classification of VPN is Simon intending to deploy? A: Remote access VPN B: TLS VPN C: IPsec VPN D: Site-to-site VPN

Answer 61

** Answer: D: Site-to-site VPN ** A "site-to-site VPN" in security refers to a virtual private network that creates a secure, encrypted connection between two or more geographically separate networks, like different offices of a company, allowing them to exchange data privately over the public internet, essentially acting like a private tunnel between the networks; it's primarily used to enable secure communication and data sharing between different locations of an organization while protecting sensitive information from unauthorized access.

Question 62

Bob seeks to validate an encrypted and digitally signed message transmitted using asymmetric encryption. What specific item does he need from the sender for message authentication? A: Bob's public key B: Bob's private key C: The sender's private key D: The sender's public key

Answer 62

** Answer: D: The sender's public key **

Question 63

Eva is tasked with developing her organization's change management policy. What aspects need to be covered in this policy? A: Descriptions of how a change request should be created, formatted, reviewed, and approved B: An outline of the regulatory requirements for changes C: High-level descriptions of how the organization will review, approve, and implement proposed changes D: A detailed process for review and approval of changes

Answer 63

** Answer: C: High-level descriptions of how the organization will review, approve, and implement proposed changes **

Question 64

Susan is worried about the logs produced by various devices on her network having inaccurate timestamps due to the different internal clocks of each device. Which protocol can help her best address this issue? A: Network Time Protocol (NTP) B: Transport Layer Security (TLS) C: Secure Shell (SSH) D: Online Certificate Status Protocol (OSCP)

Answer 64

** Answer: A: Network Time Protocol (NTP) ** NTP is vulnerable to Man-in-the-Middle (MITM) attacks. This is where a malicious actor sits between you and the NTP server, listens in on the conversation, forges messages, and lies to you about time.

Question 65

What kind of log data offers supplementary context and details about other data, facilitating the comprehension and interpretation of that data? A: Firewall logs B: Endpoint logs C: Metadata D: Application logs

Answer 65

** Answer: C: Metadata ** Metadata in security is information about data that can be used to detect threats, improve security, and analyze data. It can also be used for tracking and classification. For filesystems, metadata is data that provides information about a file's contents. Sources: NIST SP 800-86 under Metadata. The information associated with a key describes its specific characteristics, constraints, acceptable uses, ownership, etc. Sometimes called the key's attributes.

Question 66

What is the main objective of root cause analysis in incident response? A: To identify and understand the underlying cause of an incident B: To conduct a tabletop exercise C: To ignore the underlying cause of an incident D: To recover affected systems without understanding the cause

Answer 66

** Answer: A: To identify and understand the underlying cause of an incident **

Question 67

After browsing the internet, Bob found all his files corrupted upon waking up. A message on his wallpaper demanded money to be sent to a foreign country for file decryption. What is Bob experiencing? A: A keylogger B: Spyware C: A logic bomb D: Ransomware

Answer 67

** Answer: D: Ransomware ** Ransomware is a type of malware that prevents users from accessing their devices or data until they pay a ransom. Ransomware can encrypt files, lock devices, or steal data.

Question 68

In a recent penetration exercise, the intruder dressed as a security guard identical to the firm's and instructed individuals to vacate the data center due to a security risk. Which social engineering principle is most prominently demonstrated by this approach? A: Consensus B: Authority C: Scarcity D: Intimidation

Answer 68

** Answer: B: Authority ** Security authority refers to the legal and operational power of security personnel to protect people and property. Security authority can come from a variety of sources, including laws, regulations, and the entity being protected.

Question 69

When considering large corporations with a complex network environment, including servers, routers, switches, and workstations, what is the recommended method to prevent the proliferation of worms? A: Segmenting the network with firewalls B: Using SSL certificates C: Disabling or restricting DHCP D: Installing WAF

Answer 69

** Answer: A: Segmenting the network with firewalls **

Question 70

Which of the following options serves as the prime example of technical security control? A: Firewall rules B: Asset inventory C: Employee credit checks D: Fire detection system

Answer 70

** Answer: A: Firewall rules ** Technical controls are the hardware and software components that protect a system against cyberattacks. Firewalls, intrusion detection systems (IDS), encryption, and identification and authentication mechanisms are examples of technical controls (Harris and Maymi 2016).