Random Question 101 - 120 Flashcards
Question 101:
During a risk assessment, a security team discovers that their current vulnerability management program isn’t effectively addressing critical vulnerabilities. Which approach would most effectively enhance the vulnerability management process while aligning with security best practices?
Options:
A. Patch all vulnerabilities immediately regardless of impact.
B. Risk-based vulnerability prioritization with continuous monitoring.
C. Annual vulnerability scans of critical systems.
D. Implement automated patching without testing.
Correct Answer: B
Explanation:
Risk-based vulnerability prioritization with continuous monitoring ensures critical vulnerabilities are addressed based on their actual risk to the organization, while maintaining ongoing visibility into the security posture.
Question 102:
A global organization is implementing a new security framework while managing third-party risks. Security analysts have identified TWO critical areas that require immediate attention to maintain compliance and reduce risk exposure. Which combination of measures would most effectively address these concerns?
Options:
A. Implementation of continuous third-party monitoring systems.
B. Annual security awareness training.
C. Integration of GRC tools with vendor risk assessments.
D. Weekly vulnerability scanning.
E. Monthly password changes.
Correct Answer: A, C
Explanation: Continuous third-party monitoring provides real-time visibility into vendor risks, while GRC tool integration with vendor risk assessments ensures comprehensive compliance management and risk visibility across the organization’s vendor ecosystem.
Governance, risk, and compliance (GRC) tools help organizations manage risk, compliance, and internal audits. When choosing a GRC tool, you can consider things like:
- Functionality: What core functions you need
Integration: How well the tool
- integrates with your existing systems
- User-friendliness: How easy the tool is to use
- Pricing: How much the tool costs
Question 103:
During incident response to a sophisticated attack, the security team discovers evidence of data exfiltration but cannot determine the full scope of the compromise. Which incident response process would be most appropriate to implement immediately while maintaining business operations?
Options:
A. Full system shutdown and recovery from backups.
B. Targeted containment with enhanced monitoring and analysis.
C. Immediate eradication of all suspected systems.
D. Implementation of new security controls.
Correct Answer: B
Explanation: Targeted containment with enhanced monitoring and analysis allows for continuous investigation of the breach scope while preventing further damage, maintaining critical business operations, and gathering necessary evidence.
Question 104:
An organization’s security team is designing a comprehensive business continuity plan for their critical infrastructure. Which approach would best ensure both system availability and security during a disaster recovery scenario?
Options:
A. Multiple backup sites without security controls.
B. Single backup site with basic security measures.
C. Integrated DR plan with security controls and regular testing.
D. Offsite backups without recovery procedures.
Correct Answer: C
Explanation: An integrated DR plan with security controls and regular testing ensures both system availability and security during recovery, maintaining security posture while enabling efficient business restoration during disasters.
Question 105:
During a security audit, a team identifies multiple vulnerabilities across different systems. The organization needs to implement a compensating control due to technical limitations preventing the deployment of the primary control. Which TWO of the following best describe the characteristics of a compensating control? (Choose TWO)
Options:
A. Provides the same level of protection as the original control but through different means.
B. Temporarily replaces the primary control until budget allows for implementation.
C. Meets the intent and rigor of the original control requirements.
D. Costs less than the original control to implement and maintain.
E. Requires annual review and certification by external auditors.
Correct Answer: A, C
Explanation:
Compensating controls must provide similar protection level as original controls (A) and satisfy original control requirements (C) regardless of cost or audit requirements.
Question 106:
A security analyst is implementing Zero Trust principles in an organization’s network. Which of the following best represents the primary function of the Control Plane in Zero Trust architecture?
Options:
A. Manages actual data flow between network segments.
B. Handles policy decisions and access management.
C. Provides encryption for data in transit.
D. Monitors network traffic patterns.
Correct Answer: B
Explanation:
The Control Plane in Zero Trust architecture is responsible for policy decisions and managing access controls, while Data Plane handles actual data movement.
Question 107:
Your organization recently experienced a security breach. During the incident response process, which phase focuses on identifying what systems were affected and determining the current and potential business impact?
Options:
A. Containment.
B. Analysis.
C. Detection.
D. Eradication.
Correct Answer: B
Explanation:
The Analysis phase involves investigating affected systems, determining the scope of compromise, and assessing the business impact of the security incident.
Question 108:
A company is implementing multiple security measures to protect their data center. Which TWO of the following combinations would provide the most effective physical security controls for preventing unauthorized access?
(Choose TWO)
Options:
A. Access control vestibule with pressure sensors.
B. Security cameras with motion detection.
C. Bollards with microwave sensors.
D. Fencing with infrared detection.
E. Security guards with ultrasonic sensors.
Correct Answer: A, D
Explanation:
Access control vestibule with pressure sensors provides layered entry control, while fencing with infrared detection creates a secure perimeter with intrusion detection capabilities, offering comprehensive physical security.
Question 109:
During a security incident, the organization discovers that an attacker gained access through a third-party vendor’s compromised credentials. Which of the following security concepts was most likely violated in terms of accountability?
Options:
A. Authentication.
B. Authorization.
C. Non-repudiation.
D. Accounting.
Correct Answer: C
Explanation:
Non-repudiation ensures actions cannot be denied by the person who performed them, which was compromised when the attacker used someone else’s credentials to gain access.
Question 100:
An organization is implementing deception technology to detect potential threats. Which of the following would be most effective in identifying an insider threat attempting to access sensitive financial data?
Options:
A. Deploying a honeynet across multiple network segments.
B. Implementing a honeypot with fake network services.
C. Creating honeytokens in financial databases.
D. Setting up multiple honeypots in the DMZ.
Correct Answer: C
Explanation:
Honeytokens in financial databases are most effective for detecting insider threats as they are fake credentials or records that would only be accessed by someone specifically searching for financial data.
Question 111:
A security team is developing their incident response strategy and needs to determine the priority for incident handling. Which TWO of the following factors should be considered the MOST critical when prioritizing security incidents? (Choose TWO)
Options:
A. Current and potential technical impact on systems.
B. Time required to implement containment measures.
C. Business functional impact and information sensitivity.
D. Cost of forensic investigation procedures.
E. Availability of backup personnel for response.
Correct Answer: A, C
Explanation: Incident prioritization should primarily focus on both technical impact on systems
(A) and business/information impact
(C), as these directly affect the organization’s operations and risk level.
Question 102:
During a risk assessment, an organization identifies that their primary security control cannot be implemented due to technical limitations. Which of the following best describes the relationship between compensating controls and the original control requirements?
Options:
A. Must be more cost-effective than original controls.
B. Must meet the original control intent and rigor.
C. Must be temporary until original controls can be implemented.
D. Must be approved by external auditors.
Correct Answer: B
Explanation: Compensating controls must satisfy the same security objectives and provide equivalent protection as the original control, maintaining the intended level of security.
Within user authentication, which elements usually classify as “something you are” and “something you have”?
A: Security questions and PIN
B: Username and password
C: Smart card and email address
D: Fingerprint and mobile
**Correct Answer: D: Fingerprint and mobile **
As Amanda tries to transition from on-premises infrastructure to a hybrid cloud setup, what aspects she must consider that weren’t relevant in a single on-premises data center?
A: RTOs
B: Power resilience
C: Data sovereignty
D: RPOs
Correct Answer: C: Data sovereignty
“Data sovereignty” in security refers to a country’s legal right to control and regulate how data generated within its borders is collected, stored, processed, and distributed, ensuring that sensitive information remains subject to the laws of that jurisdiction, particularly regarding privacy and security measures; essentially, it means a nation has the authority to govern how data belonging to its citizens is handled, even when stored or processed overseas.
What is the primary role of Security Information and Event Management (SIEM) tools in operational security?
A: Conducting vulnerability assessments
B: Encrypting network traffic
C: Monitoring and analyzing security events
D: Configuring access controls
**Correct Answer:
C: Monitoring and analyzing security events
**
What is considered a recommended approach for enhancing the security of a web application?
A: Implementing strong session management techniques
B: Storing user credentials in plain text
C: Allowing unrestricted file uploads
D: Disabling input
**Correct Answer:
A: Implementing strong session management techniques
**
Which group mentioned below is typically not a part of an organization’s cybersecurity incident response team?
A: Technical subject matter experts
B: Cybersecurity experts
C: Law enforcement
D: Management
**Correct Answer:
C: Law enforcement
**
What method is used to assess the value of assets?
A: The cost to replace the item
B: The depreciated cost of the item
C: The original cost of the item
D: Any of the above based on organizational preference
Correct Answer:
D: Any of the above based on organizational preference
How do we refer to spam messages sent via Internet messaging platforms?
A: TwoFaceTiming
B: IMSPAM
C: SMSPAM
D: SPIM
**Correct Answer: D: SPIM **
SPIM (Spam over Instant Messaging) is a type of cyber security threat that involves sending unwanted messages through instant messaging platforms. SPIM messages can include advertisements, promotions, or links to malicious websites.
SPIM are spam messages symptomatic of widely-used free instant messaging apps like Messenger, Whatsapp, Viber, Telegram, Skype and WeChat. These spam messages are usually commercial-type spam but can contain malware and spyware. Most apps have built-in filters that block messages from unknown sources.
Where are Industrial Control Systems (ICS) and SCADA systems most commonly implemented?
A: Consumer electronics
B: Gaming systems
C: Industrial and critical infrastructure environments
D: Personal computing
**Correct Answer: C: Industrial and critical infrastructure environments **
SCADA security is the protection of Supervisory Control and Data Acquisition (SCADA) networks from cyber threats. SCADA systems monitor and control critical infrastructure, such as water, power, and natural gas. SCADA security is important because attacks on these systems can disrupt access to essential services.
What kind of policy document has Bob’s organization established to outline the appropriate usage of its network, systems, and services?
A: An acceptable use policy.
B: Business continuity policy
C: An incident response policy.
D: This is a standard, not a policy
**Correct Answer: A: An acceptable use policy **
An “acceptable use policy” (AUP) in security is a set of rules and guidelines that define how an organization’s technology resources, like computers, networks, and email, can be used appropriately, outlining what is considered acceptable behavior and what is not, with the goal of protecting sensitive information and preventing security breaches; essentially, it acts as a code of conduct for digital interactions within an organization.
What is the primary objective of utilizing the ‘tracert’/’traceroute’ command in network operations?
A: To detect and display the network path to a destination
B: To establish secure connections with remote hosts
C: To identify network switches and routers
D: To reveal the IP address of the user’s device
**Correct Answer: A: To detect and display the network path to a destination **
What is the title of the Vice President of Sales concerning data management duties, particularly in requesting daily backups of sales data from the IT team?
A: Data protection officer
B: Data processor
C: Data owner
D: Data steward
**Correct Answer: C: Data Owner **
A “Data Owner” in security refers to the individual or group within an organization who is ultimately responsible for the security, quality, and governance of a specific set of data, including defining who can access it, ensuring its proper usage, and managing its lifecycle from creation to deletion; essentially, they hold the highest level of accountability for a particular data asset within their domain.
Data Stewards help define, implement, and enforce data management policies and procedures within their specific Data Domain. A Data Trustee may delegate to the Data Steward the authority to represent the Data Trustee in data-related policy discussions.
Bob is investigating host antivirus logs following a system breach and realizes that the antivirus software failed to catch the malware. Considering the options, which is the least acceptable reason for this failure?
A: Outdated antivirus signatures
B. Zero-day attack
C: Antivirus software failure
D: APT attack
**Correct Answer:
C: Antivirus software failure
**