Random Question 101 - 120 Flashcards
Question 101:
During a risk assessment, a security team discovers that their current vulnerability management program isn’t effectively addressing critical vulnerabilities. Which approach would most effectively enhance the vulnerability management process while aligning with security best practices?
Options:
A. Patch all vulnerabilities immediately regardless of impact.
B. Risk-based vulnerability prioritization with continuous monitoring.
C. Annual vulnerability scans of critical systems.
D. Implement automated patching without testing.
Correct Answer: B
Explanation:
Risk-based vulnerability prioritization with continuous monitoring ensures critical vulnerabilities are addressed based on their actual risk to the organization, while maintaining ongoing visibility into the security posture.
Question 102:
A global organization is implementing a new security framework while managing third-party risks. Security analysts have identified TWO critical areas that require immediate attention to maintain compliance and reduce risk exposure. Which combination of measures would most effectively address these concerns?
Options:
A. Implementation of continuous third-party monitoring systems.
B. Annual security awareness training.
C. Integration of GRC tools with vendor risk assessments.
D. Weekly vulnerability scanning.
E. Monthly password changes.
Correct Answer: A, C
Explanation: Continuous third-party monitoring provides real-time visibility into vendor risks, while GRC tool integration with vendor risk assessments ensures comprehensive compliance management and risk visibility across the organization’s vendor ecosystem.
Governance, risk, and compliance (GRC) tools help organizations manage risk, compliance, and internal audits. When choosing a GRC tool, you can consider things like:
- Functionality: What core functions you need
Integration: How well the tool
- integrates with your existing systems
- User-friendliness: How easy the tool is to use
- Pricing: How much the tool costs
Question 103:
During incident response to a sophisticated attack, the security team discovers evidence of data exfiltration but cannot determine the full scope of the compromise. Which incident response process would be most appropriate to implement immediately while maintaining business operations?
Options:
A. Full system shutdown and recovery from backups.
B. Targeted containment with enhanced monitoring and analysis.
C. Immediate eradication of all suspected systems.
D. Implementation of new security controls.
Correct Answer: B
Explanation: Targeted containment with enhanced monitoring and analysis allows for continuous investigation of the breach scope while preventing further damage, maintaining critical business operations, and gathering necessary evidence.
Question 104:
An organization’s security team is designing a comprehensive business continuity plan for their critical infrastructure. Which approach would best ensure both system availability and security during a disaster recovery scenario?
Options:
A. Multiple backup sites without security controls.
B. Single backup site with basic security measures.
C. Integrated DR plan with security controls and regular testing.
D. Offsite backups without recovery procedures.
Correct Answer: C
Explanation: An integrated DR plan with security controls and regular testing ensures both system availability and security during recovery, maintaining security posture while enabling efficient business restoration during disasters.
Question 105:
During a security audit, a team identifies multiple vulnerabilities across different systems. The organization needs to implement a compensating control due to technical limitations preventing the deployment of the primary control. Which TWO of the following best describe the characteristics of a compensating control? (Choose TWO)
Options:
A. Provides the same level of protection as the original control but through different means.
B. Temporarily replaces the primary control until budget allows for implementation.
C. Meets the intent and rigor of the original control requirements.
D. Costs less than the original control to implement and maintain.
E. Requires annual review and certification by external auditors.
Correct Answer: A, C
Explanation:
Compensating controls must provide similar protection level as original controls (A) and satisfy original control requirements (C) regardless of cost or audit requirements.
Question 106:
A security analyst is implementing Zero Trust principles in an organization’s network. Which of the following best represents the primary function of the Control Plane in Zero Trust architecture?
Options:
A. Manages actual data flow between network segments.
B. Handles policy decisions and access management.
C. Provides encryption for data in transit.
D. Monitors network traffic patterns.
Correct Answer: B
Explanation:
The Control Plane in Zero Trust architecture is responsible for policy decisions and managing access controls, while Data Plane handles actual data movement.
Question 107:
Your organization recently experienced a security breach. During the incident response process, which phase focuses on identifying what systems were affected and determining the current and potential business impact?
Options:
A. Containment.
B. Analysis.
C. Detection.
D. Eradication.
Correct Answer: B
Explanation:
The Analysis phase involves investigating affected systems, determining the scope of compromise, and assessing the business impact of the security incident.
Question 108:
A company is implementing multiple security measures to protect their data center. Which TWO of the following combinations would provide the most effective physical security controls for preventing unauthorized access?
(Choose TWO)
Options:
A. Access control vestibule with pressure sensors.
B. Security cameras with motion detection.
C. Bollards with microwave sensors.
D. Fencing with infrared detection.
E. Security guards with ultrasonic sensors.
Correct Answer: A, D
Explanation:
Access control vestibule with pressure sensors provides layered entry control, while fencing with infrared detection creates a secure perimeter with intrusion detection capabilities, offering comprehensive physical security.
Question 109:
During a security incident, the organization discovers that an attacker gained access through a third-party vendor’s compromised credentials. Which of the following security concepts was most likely violated in terms of accountability?
Options:
A. Authentication.
B. Authorization.
C. Non-repudiation.
D. Accounting.
Correct Answer: C
Explanation:
Non-repudiation ensures actions cannot be denied by the person who performed them, which was compromised when the attacker used someone else’s credentials to gain access.
Question 100:
An organization is implementing deception technology to detect potential threats. Which of the following would be most effective in identifying an insider threat attempting to access sensitive financial data?
Options:
A. Deploying a honeynet across multiple network segments.
B. Implementing a honeypot with fake network services.
C. Creating honeytokens in financial databases.
D. Setting up multiple honeypots in the DMZ.
Correct Answer: C
Explanation:
Honeytokens in financial databases are most effective for detecting insider threats as they are fake credentials or records that would only be accessed by someone specifically searching for financial data.
Question 111:
A security team is developing their incident response strategy and needs to determine the priority for incident handling. Which TWO of the following factors should be considered the MOST critical when prioritizing security incidents? (Choose TWO)
Options:
A. Current and potential technical impact on systems.
B. Time required to implement containment measures.
C. Business functional impact and information sensitivity.
D. Cost of forensic investigation procedures.
E. Availability of backup personnel for response.
Correct Answer: A, C
Explanation: Incident prioritization should primarily focus on both technical impact on systems
(A) and business/information impact
(C), as these directly affect the organization’s operations and risk level.
Question 102:
During a risk assessment, an organization identifies that their primary security control cannot be implemented due to technical limitations. Which of the following best describes the relationship between compensating controls and the original control requirements?
Options:
A. Must be more cost-effective than original controls.
B. Must meet the original control intent and rigor.
C. Must be temporary until original controls can be implemented.
D. Must be approved by external auditors.
Correct Answer: B
Explanation: Compensating controls must satisfy the same security objectives and provide equivalent protection as the original control, maintaining the intended level of security.
