Random Questions 81 - 100 Flashcards
Question 81:
A company is configuring a multi-factor authentication system for its remote employees using Azure Active Directory (Azure AD). The configuration requires setting up an application proxy and configuring the authentication settings.
{
“settings”: {
“applicationProxy”: true,
“authenticationMethods”: [
“mfa”,
“SMS”
]
}
}
Options:
A. Enable Azure AD Application Proxy.
B. Disable multi-factor authentication for remote access.
C. Configure the SMS as an additional MFA method.
D. Set up a custom domain for email services.
E. Disable application proxy and use on-premises servers only.
**Correct Answer: A, C **
Explanation: To enable multi-factor authentication (MFA) with Azure AD Application Proxy for remote employees, both the application proxy must be enabled and SMS as an additional MFA method should be configured.
Question 82:
An organization has a policy that requires all data transmitted between their web server and clients to be encrypted. They are using HTTPS but want to implement stronger security measures.
{
“settings” : {
“sslVersion”: “TLSv1.3”,
“cipherSuite”: [“ECDHE-ECDSA-AES256-GCM-SHA384”, “ECDHE-RSA-AES256-GCM-SHA384”]
}
}
Options:
A. Upgrade SSL/TLS version to TLS 1.3.
B. Use weaker encryption ciphers like AES128.
C. Disable HTTP Strict Transport Security (HSTS).
D. Configure a reverse proxy for load balancing.
E. Enable plaintext fallbacks.
Correct Answer: A
Explanation:
To enhance the security of data transmitted between the web server and clients, upgrading the SSL/TLS version to TLS 1.3 is necessary as it provides better security compared to older versions.
Question 83:
A network administrator needs to secure a remote access solution that involves multiple layers of authentication and encryption for securing communications.
Options:
A. Use SSH with public key authentication.
B. Implement a simple username/password login.
C. Configure WPA2 on the Wi-Fi network for better security.
D. Enable two-factor authentication (2FA) using RSA tokens.
E. Disable all non-essential services to minimize attack surface.
Correct Answer: A, D
Explanation:
For securing remote access with multiple layers of authentication and encryption, using SSH with public key authentication and enabling two-factor authentication using RSA tokens are recommended practices as they provide strong security measures.
Question 84:
In a recent update of CompTIA Security+ (SYO-701), which two-factor authentication methods are now emphasized as critical for securing network access?
Options:
A. Biometric Fingerprint Scanning and USB Tokens
B. SMS One-Time Password (OTP) and FIDO2
C. Email Verification and Smart Cards
D. Physical Keys and Static Passwords
E. QR Code Authentication and Bluetooth Low Energy Tags
** Correct Answer: B **
Explanation: The current CompTIA Security+ exam highlights the importance of modern authentication methods like SMS OTP and FIDO2 for secure network
Question 85:
An organization needs to implement a threat intelligence platform. Which two components should be prioritized based on current CISSP exam standards?
Options:
A. Web filtering
B. User behavior analytics (UBA)
C. Intrusion detection systems (IDS)
D. Security information and event management
(SIEM)
E. Antivirus software
Correct Answer: B, D
Explanation:
UBA and SIEM are critical for advanced threat detection and monitoring.
Question 86:
A company is configuring its network to enhance security. Which two protocols should be used to secure file transfers over the Internet?
Options:
А. НТТР
B. HTTPS
C. FTP
D. SFTP
E. SMTP
Correct Answer: B, D
Explanation:
Secure Hypertext Transfer Protocol (HTTPS) and Secure File Transfer Protocol (SFTP) ensure data integrity and confidentiality during file.
Question 87:
An organization is facing frequent phishing attacks. Which two strategies should be implemented to mitigate this risk?
Options:
A. Email filtering
B. Strong password policies
C. Multi-factor authentication (MFA)
D. Regular patch management
E. Employee training
Correct Answer: A, E
Explanation:
Implementing email filtering and providing regular employee training can significantly reduce the incidence of phishing attacks.
Question 88:
The network administrator needs to configure a firewall rule for a new application server that requires outbound traffic only to a specific external IP address. Which configuration should be used?
Options:
A. Allow all inbound traffic
B. Deny all inbound traffic
C. Allow all outbound traffic
D. Allow outbound traffic to < external_|P>
E. Deny outbound traffic
Correct Answer: D
Explanation: The rule should allow outbound traffic only to the specific external IP
Question 89:
A company wants to implement a Zero Trust Architecture (ZTA) for its cloud services. Which two components are essential in ZTA?
Options:
A. Multi-factor authentication (MFA)
B. Network segmentation
C. Continuous monitoring
D. Intrusion detection systems (IDS)
E. Regular security audits
Correct Answer: A, B
Explanation:
MFA and network segmentation are fundamental to Zero Trust Architecture, ensuring that only authorized entities can access resources.
Question 90:
During a security assessment, a security analyst discovers multiple instances where sensitive data is being transmitted between internal networks using an unencrypted protocol. The organization has a strict policy requiring encryption for all sensitive data transmission, but implementing encryption would require significant infrastructure changes. Which TWO control types would be most appropriate to implement immediately while planning for a long-term solution?
Options:
A. Detective controls to monitor data transmission patterns.
B. Compensating controls to provide alternative security measures.
C. Directive controls to enforce new security policies.
D. Corrective controls to fix the encryption issues.
E. Deterrent controls to discourage unauthorized access.
Correct Answer: A, B
Explanation:
Detective controls monitor transmissions to identify potential breaches, while compensating controls provide alternative security measures when primary controls cannot be immediately implemented. These are most suitable as temporary solutions while planning infrastructure changes.
Question 91:
A security team is implementing deception technology to detect advanced persistent threats. The CISO wants to maximize the effectiveness of this implementation across multiple network segments. Which approach would provide the most comprehensive threat intelligence while minimizing the risk of adversaries detecting the deception?
Options:
A. Deploy multiple identical honeypots across all network segments.
B. Implement a single sophisticated honeynet in the DMZ.
C. Place honeytokens throughout different systems and monitor their usage.
D. Create one high-interaction honeypot per network segment.
Correct Answer: C
Explanation:
Honeytokens distributed throughout systems provide wide coverage, are difficult for attackers to identify as fake, and offer valuable threat intelligence while requiring minimal resources and reducing detection risk.
Question 92:
An organization’s incident response team is analyzing a potential security breach where attackers might have gained unauthorized access to multiple systems. The team needs to determine the exact scope of the compromise while ensuring business continuity. Which type of security control would be most effective in identifying the extent of the breach without disrupting operations?
Options:
A. Preventive controls to block further unauthorized access.
B. Detective controls with enhanced logging and monitoring.
C. Corrective controls to remove compromised accounts.
D. Compensating controls to restrict system access.
Correct Answer: B
Explanation:
Detective controls with enhanced logging and monitoring allow continuous analysis of system activities to determine breach scope while maintaining normal operations, providing visibility without disrupting business processes.
Question 93:
A large enterprise is experiencing frequent security incidents across different departments. After investigation, the security team discovers that TWO critical factors are contributing to these incidents. Which combination of issues most likely represents the root causes that need immediate attention?
Options:
A. Inadequate security awareness training program implementation.
B. Outdated intrusion detection systems.
C. Gaps in third-party risk management processes.
D. Limited network bandwidth.
E. Inconsistent security policy enforcement across departments.
Correct Answer: A, E
Explanation:
Inadequate security awareness training leads to human errors and security breaches, while inconsistent policy enforcement creates security gaps across departments.
These fundamental issues directly impact overall security posture and require immediate attention for effective risk reduction.
Question 95:
An organization’s security team is investigating a potential data breach where sensitive information might have been exfiltrated. The incident response team needs to determine the attack vector while maintaining chain of custody. Which sequence of incident response processes would be most appropriate?
Options:
A. Recovery, Analysis, Containment, Documentation.
B. Detection, Eradication, Lessons Learned, Preparation.
C. Detection, Analysis, Containment, Eradication.
D. Containment, Analysis, Recovery, Preparation.
Correct Answer: C
Explanation: The sequence of Detection (identifying the breach), Analysis (determining attack vector), Containment (preventing further damage), and Eradication (removing threat) represents the correct logical progression while maintaining proper incident handling procedures.
Detection –> Analysis –> Containment –> Eradication.
Question 94:
During a business continuity planning session, the risk management team identifies a critical business process that requires 99.999% uptime. The process handles sensitive financial transactions but has recently experienced multiple disruptions. Which approach would best address both the availability and security requirements?
Options:
A. Implement load balancers with basic failover capabilities.
B. Deploy redundant systems with real-time synchronization and zero trust principles.
C. Increase system monitoring without architectural changes.
D. Add more security controls to existing infrastructure.
Correct Answer: B
Explanation: Redundant systems with real-time synchronization ensure high availability (99.999% uptime), while zero trust principles provide comprehensive security for sensitive financial transactions, addressing both critical requirements simultaneously.
Question 96:
A multinational corporation is implementing a zero trust architecture while transitioning to cloud services. Given the complex environment, which TWO components are most critical to ensure proper security control implementation across both control and data planes?
Options:
A. Continuous monitoring and verification of all access requests.
B. Implementation of traditional perimeter-based security.
C. Dynamic policy enforcement based on real-time context.
D. Regular backup of cloud resources.
E. Static access control lists.
Correct Answer: A, C
Explanation: In zero trust architecture, continuous monitoring, and verification of all access requests ensure proper authentication, while dynamic policy enforcement based on real-time context maintains security across both planes by adapting to changing conditions and threats.
Question 97:
During a security audit, an organization discovers that their current security metrics fail to accurately represent their security posture to executive management. Which approach would most effectively address this gap while aligning with security program management best practices?
Options:
A. Implement technical security controls without metrics.
B. Create metrics focused solely on system uptime.
C. Develop risk-based metrics aligned with business objectives.
D. Report raw security event logs to management.
Correct Answer: C
Explanation: Risk-based metrics aligned with business objectives provide meaningful insights to executive management, demonstrating security program effectiveness in business terms while supporting informed decision-making.
Question 98:
A security team identifies suspicious activity indicating a potential advanced persistent threat (APT) in their network. The organization needs to gather intelligence about the attacker’s techniques while preventing data exfiltration. Which deception technology strategy would be most effective?
Options:
A. Deploy a basic honeypot with limited interaction capabilities.
B. Implement a sophisticated honeynet with monitored services.
C. Place security cameras in the server room.
D. Install additional firewalls.
Correct Answer: B
Explanation: A sophisticated honeynet with monitored services provides detailed intelligence about APT tactics while safely containing and observing attacker activities, enabling better threat analysis and response strategies.
Question 99:
A healthcare organization has experienced multiple social engineering attacks targeting different departments. Analysis reveals that TWO key vulnerabilities are consistently being exploited. Which combination of issues most likely represents these critical vulnerabilities?
Options:
A. Insufficient verification procedures for urgent requests.
B. Outdated antivirus software.
C. Lack of role-based social engineering awareness training.
D. Weak network passwords.
E. Inconsistent incident reporting
Correct Answer: A, C
Explanation: Insufficient verification procedures allow attackers to exploit urgency in their social engineering attempts, while lack of role-based awareness training leaves employees unprepared for department-specific social engineering tactics targeting their particular roles.
Question 100:
An organization implements a comprehensive physical security system for their new data center. After a security assessment, which combination of physical security measures would provide the most effective defense-in-depth protection while maintaining efficient access for authorized personnel?
Options:
A. Multiple security guards with access badges.
B. Integrated system of bollards, access control vestibule, and multi-factor authentication.
C. Standard door locks with CCTV cameras.
D. Basic keypad entry with motion
Correct Answer: B
Explanation:
An integrated system combining bollards (perimeter protection), access control vestibule (controlled entry point), and multi-factor authentication provides comprehensive physical security through multiple layers while maintaining efficient authorized access.
What indicator might suggest an active brute-force attempt to access an account, requiring further investigation?
A - Blocked content.
B - Account lockout.
C - Concurrent session usage.
D - Dictionary attack.
** Answer: B - Account lockout. **
An account lockout might suggest a brute-force attempt to access an account and would necessitate further investigation to determine the cause.
Which is the used to describe the cyber threat involving the use of SMS messages to trick recipients into downloading malicious software or divulging personal information?
A - Spear-phishing.
B - Spam.
C- Smishing.
D - Malware.
** Answer: C- Smishing. **
Smishing, which is a combination of “SMS” and “phishing”, is a type of attack that involves using SMS messages to trick recipients into actions like downloading malicious software or providing personal information.
Which of the following methods is described as a less secure form of strong authentication that is vulnerable to on-path attacks and sends a question to the user’s phone via SMS to ask if the authorization attempt is approved?
A - Email authentication.
B - SMS OTP.
C - SMS challenge/response.
D - IM authentication.
** Answer: C - SMS challenge/response. **
With SMS challenge/response, a question is sent to the user’s phone via SMS, asking if the authorization attempt is approved. If the user text back “Yes”, authorization is completed, and if the user text back ‘No”, authentication fails. It is a less secure form of strong authentication that is vulnerable to on-path attacks.
What is one of the methods attackers can use to spread malware through digital images?
A - Deleting metadata.
B - Embedding destructive code within an image.
C- Increasing image resolution.
D - Compressing the image.
** Answer:
B - Embedding destructive code within an image.
**
Attackers can embed destructive code within an image to spread malware. When the image is opened, the hidden code may be executed, leading to system compromise.
What does the term unsupported systems and applications refer to?
A - Systems with extensive technical support.
B - Systems that have reached end-of-life (EOL) and no longer receive regular updates.
C- Systems supported by multiple vendors.
D - Systems that are newly launched.
** Answer:
B - Systems that have reached end-of-life (EOL) and no longer receive regular updates.
**
Unsupported systems and applications are software tools or platforms that do not receive regular updates, security patches, or technical support, often because they have reached their official end-of-life (EOL). Without updates, these systems become prime targets for cybercriminals and pose significant security risks.
Which security approach requires installation on individual client devices and can provide more granular control and customization but may be more resource-intensive?
A - Agentless security.
B - Client-based security.
C- Unsupported security.
D - Patched security.
** Answer: B - Client-based security. **
Client-based security requires that software (an agent) be installed on the client device itself to actively monitor and protect against malicious activities. It can provide more granular control and customization but may be more resource-intensive.
Which of the following wireless network security protocols is considered outdated and susceptible to exploitation if used in modern networks?
A - WPA3.
B - WEP.
C- WPA2.
D - WPA2-Enterprise.
** Answer: B - WEP. **
WEP (Wired Equivalent Privacy) is considered outdated and susceptible to exploitation due to its encryption and vulnerabilities.
What technique involves scanning a list of telephone numbers and dialing them to search for computer systems and fax machines, sifting out phone numbers associated with voice lines?
A - Vishing.
B - Smishing.
C- War-dialing.
D - Typosquatting.
** Answer: C - War-dialing.
War-dialing involves scanning a list of telephone numbers and dialing them in search on computer systems and fax machines, filtering out numbers associated with voice lines.
Which approach is critical in the context of supply chain cybersecurity for identifying and addressing security gaps in vendors?
A - Regular product quality assessment.
B - Continuous monitoring and vendor risk management.
C - Strictly focusing on the cost-efficiency of vendors.
D - Emphasizing only raw material quality.
** Answer:
B - Continuous monitoring and vendor risk management.
**
Continuous monitoring and vendor risk management, including regular security assessments and contractual obligations, help in identifying and addressing security gaps in vendors.
What term refers to phasing attacks accomplished through telephone conversations, where attackers might impersonate legitimate institutions to steal sensitive information?
A - War-dialing.
В - Typosquatting.
C - Vishing.
D - Smishing.
** Answer: C - Vishing. **
Vishing, or voice phishing, refers to phishing attacks accomplished by telephone conversations that are often used to steal sensitive information.
In which social engineering technique does an attacker register a domain that is a common typo of a legitimate site to host malware or impersonate the real website and leverage human error when typing a URL?
A - Smishing.
В - War-dialing.
C - Typosquatting.
D - Vishing.
** Answer: C - Typosquatting.**
Typosquatting leverages human error when typing a URL… An attacker registers a domain that is a common typo of a legitimate site to host malware or impersonate the real website. Victims who type in the wrong URL are subject to this attack.
Which vulnerability enables an attacker to introduce malicious code into system memory, making detection challenging?
A - Zero-day.
B - Malicious update.
C - Memory injection.
D - Race condition.
** Answer: C- Memory injection. **
Memory injection involves introducing malicious code into a system’s memory. This makes detection challenging because the code runs within a legitimate process.
What is one of the primary measures for preventing buffer overflow?
A - Using secure channels for updates.
B - Implementing stack protection.
C - Educating users about updates.
D - Monitoring time of use.
** Answer: B - Implementing stack protection. **
Implementing stack protection is a security mechanism specifically designed to prevent buffer overflow.
A buffer overflow is one of the best-known forms of software security vulnerability and is still a commonly used cyber attack. You can prevent a buffer overflow attack by auditing code, providing training, using compiler tools, using safe functions, patching web and application servers, and scanning applications.
A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor, who is not held to the same security control standards. Which of the following is the most likely source of the breach?
Side channel
Malware
Supply chain
Cryptographic downgrade
** Answer: Supply chain. **
A supply chain attack involves exploiting vulnerabilities in a company’s supply chain, which includes vendors, partners, or other entities connected to the organization.
The compromised security control standards of the vendor may have allowed attackers to gain unauthorized access to the company’s systems and exfiltrate sensitive data. This type of attack emphasizes the importance of ensuring that all entities within the supply chain maintain appropriate security measures to mitigate the risk of breaches.
The other options:
Side channel: Side-channel attacks involve exploiting information leaked during the execution of a system, but it is not the most likely source for the described breach.
Cryptographic downgrade: Cryptographic downgrade attacks involve forcing the use of weaker cryptographic algorithms, and they are not directly related to the scenario described.
Malware: While malware could be involved in a breach, the scenario emphasizes the involvement of a dedicated business partner connection to a vendor, suggesting a broader supply chain compromise.
A security analyst needs to recommend a solution that will allow current Active Directory accounts and groups to be used for access controls on both network and remote-access devices. Which of the following should the analyst recommend? (Select two).
TACACS+
CHAP
Kerberos
OpenID
OAuth
RADIUS
** Answer: B - RADIUS, Kerberos **
Kerberos: Kerberos is a network authentication protocol that is commonly used with Active Directory. It supports strong authentication and can be used for both network and remote-access devices.
**RADIUS (Remote Authentication Dial-In User Service): ** RADIUS is a network protocol that supports centralized authentication and authorization. It can integrate with Active Directory and is commonly used for remote-access solutions.
A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?
The software was not added to the application whitelist
A new firewall rule is needed to access the application
The system was isolated from the network due to infected software
The system was quarantined for missing software updates
** Answer: The software was not added to the application whitelist **
If the document-scanning software program does not respond when launched, the most likely cause is that the software has not been added to the application whitelist. Application whitelisting is a security measure that only allows approved applications to run on a system. If the new software is not on the whitelist, the system may prevent it from executing.
An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements of the cloud provider?
SLA
MOU
NDA
ВРА
** Answer: SLA **
The SLA is a formal contract that outlines the agreed-upon terms and conditions between the service provider and the customer, including details about service levels, performance metrics, and remedies in case of service level breaches.
The other options are not directly related to the specific requirements and metrics for service availability:
BPA (Business Partnership Agreement): This term is not commonly used in the context of cloud service agreements.
NDA (Non-Disclosure Agreement): An NDA is a legal contract that outlines confidentiality terms between parties but does not typically provide details on service levels.
MOU (Memorandum of Understanding): An MOU is a non-binding agreement that outlines the terms and details of a collaboration or understanding between parties. It may not contain specific service level details.
An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing that is being used?
White-box
Black-box
Bug bounty
Gray-box
Red-leam
** Answer: Bug bounty. **
Bug Bounty: In a bug bounty program, an organization incentivizes security researchers to find and report vulnerabilities in their systems by offering a reward for each discovered flaw. This aligns perfectly with the given scenario where the enterprise is paying for each identified vulnerability.
A security technician observes that the data center’s server racks are accessible to all employees, posing a risk to critical infrastructure. What is the most appropriate physical control to mitigate this risk?
A. Implement a network intrusion detection system
B. Install locks on the server rack doors
C. Update the antivirus software on the servers
D. Conduct a risk assessment of the data center
** Answer:
B. Install locks on the server rack doors.
**
A security professional notices an unusual pattern of outgoing traffic from a server hosting sensitive data. The traffic suggests potential data exfiltration. What technical control should be implemented IMMEDIATELY to best address this issue?
A. Install a firewall to monitor and control incoming and outgoing network traffic
B. Conduct security awareness training for employees
C. Implement biometric access controls to the server room
D. Review and update the company’s security policies
** Answer:
A. Install a firewall to monitor and control incoming and outgoing network traffic.
**
Which of the following is a legal document describing a bilateral agreement between parties?
MVO
MOU
ATO
BCP
“MOU” is correct. A memorandum of understanding (MOU) is a legal document describing bilateral agreements between parties.
Which of the following protocols would you use to encrypt VPN traffic?
S/MIME
SSH
MD5
IPsec
“IPsec” is correct. IPsec provides encryption, integrity, and authentication for data tunneled over VPNs across public networks.
Which tool would you use to check the path packets take over a network?
ARP
Is
tracert
grep
“tracert” is correct. tracert is a Windows command for tracing the route that packets take over the network.
What is the term for the process of identifying critical assets and systems, interdependencies, and ensuring their availability during a disruption?
Disaster recovery
Incident response planning
Restoration of business planning
Continuity of operations
“Continuity of operations planning” is correct. Continuity of operations planning (COOP) involves developing a comprehensive plan to enact during a situation where normal operations are disrupted.
The value of a loss expected from a single event is the definition of what?
ARO
ALE
SLE
SLA
“SLE” is correct. Single loss expectancy (SLE) is the value of a loss from a single event.
Which of the following statements is false regarding BYOD?
It works well for temporary workers.
Users prefer a single device over multiple devices.
The learning curve is shorter on devices they own or prefer.
Employees are willing to limit the use of their devices as determined by corporate policies.
“Employees are willing to limit the use of their devices as determined by corporate policies” is correct.
In a bring-your-own-device (BYOD) environment, employees might not be eager to limit the use of their devices based on corporate
Which of the following can cause a successful attack on a system when a user enters malicious code or characters into a form field on a Web application?
Lack of restrictive permissions on the Web form
Lack of input validation
Lack of adequate memory in a buffer
Lack of properly formatted HTML
“Lack of input validation” is correct.
A lack of input validation in the Web form field may allow certain types of attacks to take place when a user enters malicious or incorrect characters in the form.
Fabian’s new load balancer has a number of scheduling options and he’s trying to decide the one to use. He wants to schedule load balancing such that the load balancer assigns to each server in order, and then returns to the first server. What is this form of scheduling?
Affinity
On-demand
First come
Round robin
** “Round robin” is correct. **
Round robin is a turn-based scheduling method where jobs are assigned to servers in sequential order.
Which tool would you use to output the first part of a file?
hping
head
tail
cd
“head” is correct.
head outputs the first part of a file.
What is the specific name given to sturdy posts, often made of concrete, galvanized steel, or stainless steel? They are used to protect entryways and prevent unauthorized entry and vehicle ramming attacks.
Access control vestibule
Barrier
Rampart
Bollard
** “Bollard” is correct. **
The simple post-type barricade that prevents a vehicle from passing but allows people to walk past is called a bollard.
Which of the following is the best description of impact?
The level of concern one places on the well-being of people
The chance of something not working as planned
Damage that is the result of unmitigated risk
The cost associated with a single loss
**
“Damage that is the result of unmitigated risk” is correct.
**
Impact is the result of a vulnerability being exploited by a threat, resulting in a loss.
What is a zero day vulnerability?
A vulnerability that is newly discovered and not yet addressed by a patch
A vulnerability that is only effective on new systems
A vulnerability that is only effective for a limited period of time, usually a few days
A vulnerability that only affects UNIX operating systems
** “A vulnerability that is newly discovered and not yet addressed by a patch” is correct. **
Zero day is a term used to define vulnerabilities that are newly discovered and not yet addressed by a patch.
What is a script kiddie?
A hacker under the legal age of 18
A person who writes scripts for others to use but does not use the scripts themselves
An individual who downloads and runs scripts/tools but lacks the ability to create their own
A person who hacks for a specific political or social cause
** “An individual who downloads and runs scripts/tools but lacks the ability to create their own” is correct. **
A script kiddie is an individual who does not have the technical expertise to develop scripts or discover new vulnerabilities in software but has just enough understanding of computer systems to be able to download and run scripts that others have developed.
Executives in the organization complain that an abnormally high number of scam email messages have been flooding their inboxes. Other users in the organization have not received any of the same messages. All user devices are configured with the same security software and settings. When reporting to your manager, which term best describes the situation?
Phishing
Advanced persistent threat
Spear phishing
Honeypot
** “Spear phishing” is correct. **
Spear phishing targets a select group of potential victims, such as company executives.
They are usually victims which could result in more valuable data being provided or a larger amount of financial rewards than a standard employee
Which of the following enables a user to provide one set of credentials to the system and use those credentials throughout other interconnected systems?
Single sign-on
Single-factor authentication
Pass-through authentication
Multifactor authentication
** “Single sign-on” is correct. **
Single sign-on is a method of authentication that enables a user to provide one set of credentials and use them throughout an interconnected network. Both Kerberos and Sesame protocols allow single sign-on.
Why are insider threats considered more dangerous than external threats? (Select all that apply)
Insiders may already have the access they need to commit fraud or steal data.
Insiders are easier to detect and stop than outsiders.
Most security measures are designed to protect against outsiders.
Insiders have the access and knowledge to cause immediate damage.
** “Insiders may already have the access they need to commit fraud or steal data” **, “Most security measures are designed to protect against outsiders”, and **“Insiders have the access and knowledge to cause immediate damage” ** are correct. Insiders are usually employees of the organization and may already have the access they need as part of their job duties to commit fraud or steal data. Also, most security measures are set up to protect the boundaries of the organization and to keep unauthorized personnel out. Finally, insiders are usually employees of the organization with access to the network and internal systems. As employees, they are likely to know where the sensitive data is stored, what systems are most critical to the organization, and how best to damage/cripple the organization.
Your company’s t-shirt printer went down, again! The tech whose job it is to keep the printer running tells you that it’s going to take her about 30 minutes to repair the printer.
This 30 minute period is best represented by -
MTBF
MTTF
MTTR
RPO
** “MTTR” is correct. **
Mean time to repair is the average amount of time it takes to get a device repaired.
You are browsing a social media platform and notice question-game posts asking which car you drove to pass a driver’s test. Which term best describes these types of posts?
Spear phishing
Phishing
Spam
Malware
** “Phishing” is correct. **
Phishing campaigns are a form of social engineering that can trick users into divulging sensitive information, such as details often used as password reminder hints.
Which of the following is not one of the Trust Services identified by SOC 2?
Trust
Privacy
Availability
Security
** “Trust” is correct. **
Trust is not one of the Trust Services identified by SOC 2.
The other answers are incorrect. ** Security, availability, and privacy are Trust Services identified by SOC. **
Which of the following is the name given to the connection of infrastructure and software elements to provide specific services to a business entity?
Software-defined visibility
Serverless architecture
Software-defined networking
Services integration
** “Services integration” is correct. **
This is a description of services integration, where you connect processing, storage, databases, web, communications, and other functions into an integrated comprehensive solution.
Which tool would you use to discover hosts and services on a network?
chmod
curl
SPAN
nmap
** “nmap” is correct.**
nmap is an open-source network scanner used to discover hosts and services on a network.
The X.509 standard outlines which of the following? (Select two choices)
Possible values of certificate fields
Location of the CRL
Necessary fields of a certificate
Usage types
** “Necessary fields of a certificate” ** and ** “Possible values of certificate fields” ** are correct.
The X.509 standard defines a certificate’s fields and the possible values those fields have.
You are conducting user security awareness training. An attendee asks how they can identify phishing email messages. What should you tell the attendee to look for? (Select two choices)
Bad grammar
Messages that are not encrypted
Email address inconsistencies
Messages that are not digitally signed
** “Bad grammar” ** and ** “Email address inconsistencies” ** are correct.
Bad grammar is common in phishing email messages. Most professional companies take the time to ensure that their correspondence is clear and adheres to proper grammar rules. If the sender email address ends in a standard free type of account domain name, such as outlook.com or gmail.com, instead of the company domain, such as fakecompany.com, users should be suspicious.
Which the following is a recognized way of restricting access to applications?
Graylisting
Whitelisting
Blacklisting
Filtering
** “Blacklisting” is correct. **
Blacklisting is a technique that involves an administrator adding undesirable or restricted software or applications to a list on content filtering devices, in group policy, or through some other type of mechanism.
This ensures that users are not allowed to download, install, or execute these particular applications.
What is the term used to describe the characteristic of a software system to process higher workloads on its current resources or additional resources without interruption?
Continuously Deliver
Continuously deployment
Scalability
Elasticity
** “Scalability” is correct. **
Scalability is the characteristic of a software system to process higher workloads on its current resources (scale up) or additional resources (scale out) without interruption.
What is RFID an acronym for?
Radial frequency identification
Radio frequency interference
Radio frequency identification (RFID)
Radical frequency interference
** “Radio frequency identification” is correct. **
RFID is an acronym for radio frequency identification.
Radio Frequency Identification (RFID) systems are generally secure, but, they do have some vulnerabilities.
Security strengths
– Encryption: Many modern RFID systems use encryption to protect data.
– One-time codes: Some RFID systems, like credit card chips, use unique codes for each transaction.
– System verification: RFID systems can verify that data matches expected parameters.
Radio Frequency Identification (RFID) technology uses radio waves to identify people or objects. There is a device that reads information contained in a wireless device or “tag” from a distance without making any physical contact or requiring a line of sight.
Which tool would you use to read and write TCP/UDP network connections?
SFC
netcat
AV
topdump
** “netcat” is correct. **
Netcat is used for reading from and writing to network connections using TCP or UDP.
Your organization has had problems with unauthorized individuals following behind authorized employees into restricted areas. What is one of the best ways to avoid this issue, commonly known as tailgating?
Install physical locks that require key access.
Install an access control vestibule.
Install biometric identification mechanisms.
Issue badges that are needed for card swipe access.
** “Install an access control vestibule” is correct. **
An access control vestibule is composed of two doors closely spaced that require the user to use a card to get through one and then
Data sovereignty is a relatively new type of legislation several countries have recently enacted. What do these laws generally require?
Data that originated from within one country must be maintained in systems in that country.
Data stored on systems within a country must be stored in the predominant language of that country.
Data stored within a country’s borders is subject to that country’s laws.
Data stored within a country’s borders is subject to their laws, and in some cases, data originating within their borders must be stored there as well.
** “Data stored within a country’s borders is subject to their laws, and in some cases, data originating within their borders must be stored there as well” is correct. **
It is now somewhat expected that data stored within a country’s borders is going to be subject to their laws.
Additionally, some countries have gone the extra step in requiring that the data (for example, information on their citizens) remain stored on systems in that country.
