Section 11-12 Flashcards
Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?
a.
SIEM.
b.
DLP.
c.
IDS.
d.
SNMP.
a.
SIEM.Correct
SIEM (Security Information and Event Management) systems collect and analyze security-related data from various sources to provide real-time monitoring, alerting, and analysis, helping to identify and respond to security incidents.
A systems administrator is working on a defense-in-depth strategy and needs to restrict activity from employees after hours. Which of the following should the systems administrator implement?
a.
Role-based restrictions.
b.
Attribute-based restrictions.
c.
Mandatory restrictions.
d.
Time-of-day restrictions.Correct
Time-of-day restrictions limit user access to systems and resources based on the time of day, ensuring that employees cannot access systems after hours, thereby enhancing security and reducing the risk of unauthorized activity.
d.
Time-of-day restrictions.Correct
Time-of-day restrictions limit user access to systems and resources based on the time of day, ensuring that employees cannot access systems after hours, thereby enhancing security and reducing the risk of unauthorized activity.
During a recent breach, employee credentials were compromised when a service desk employee issued an MFA bypass code to an attacker who called and posed as an employee. Which of the following should be used to prevent this type of incident in the future?
a.
Hardware token MFA.
b.
Biometrics.
c.
Identity proofing.
d.
Least privilege.
c.
Identity proofing.Correct Answer
Identity proofing involves verifying the identity of individuals before granting them access to systems or resources, ensuring that the person requesting an MFA bypass is who they claim to be, thereby preventing social engineering attacks.
A network manager wants to protect the company’s VPN by implementing multifactor authentication that uses Something you know - Something you have - Something you are - Which of the following would accomplish the manager’s goal?
a.
Domain name, PKI, GeoIP lookup.
b.
VPN IP address, company ID, facial structure.
c.
Password, authentication token, thumbprint.
d.
Company URL, TLS certificate, home address.
c.
Password, authentication token, thumbprint.Correct Answer
Multifactor authentication (MFA) increases security by requiring users to provide multiple forms of verification something they know (password), something they have (authentication token), and something they are (biometric verification like a thumbprint).
During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user’s intranet account? (Choose two.)
a. Federation.
b. Identity proofing.
c. Password complexity.
d. Default password changes.
e. Password manager.
f. Open authentication.
a. Federation.Your Answer: Correct
Federation allows for single sign-on (SSO) where a user’s credentials can be used across multiple systems and organizations.
c. Password complexity.
Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?
a.
Integrity.
b.
Availability.
c.
Confidentiality.
d.
Non-repudiation.
c.
Confidentiality.Correct Answer
Confidentiality ensures that sensitive information is only accessible to those who need it, protecting personal and sensitive HR data from unauthorized access.
Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Choose two.)
a. Fencing.
b. Video surveillance.
c. Badge access.
d. Access control vestibule.
e. Sign-in sheet.
f. Sensor.
c. Badge access.
d. Access control vestibule.
A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?
a.
Off-the-shelf software.
b.
Orchestration.
c.
Baseline.
d.
Policy enforcement.
b.
Orchestration.Correct Answer
Orchestration involves automating the deployment, management, and coordination of complex IT tasks, such as account creation, to save time and reduce human error.
The management team notices that new accounts that are set up manually do not always have correct access or permissions. Which of the following automation techniques should a systems administrator use to streamline account creation?
a.
Guard rail script.
b.
Ticketing workflow.
c.
Escalation script.
d.
User provisioning script.
d.
User provisioning script.Correct Answer
A user provisioning script automates the correct access and permissions setup, ensuring that new accounts are configured consistently and accurately.
A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?
a.
SSO.
b.
LEAP.
c.
MFA.
d.
PEAP.
a.
SSO.Correct
SSO (Single Sign-On) enables users to log in once with their domain credentials and gain access to multiple applications without needing separate logins, reducing the number of credentials employees need to maintain.
An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?
a.
Exception.
b.
Segmentation.
c.
Risk transfer.
d.
Compensating controls.
d.
Compensating controls.Correct Answer
Compensating controls are additional measures taken to enhance security for systems that cannot be fully secured due to limitations or constraints.
A bank set up a new server that contains customers’ PII. Which of the following should the bank use to make sure the sensitive data is not modified?
a.
Full disk encryption.
b.
Network access control.
c.
File integrity monitoring.
d.
User behavior analytics.c.
File integrity monitoring.Correct Answer
File integrity monitoring ensures that sensitive data is not modified by tracking changes to files and alerting administrators to unauthorized modifications.
c.
File integrity monitoring.Correct Answer
File integrity monitoring ensures that sensitive data is not modified by tracking changes to files and alerting administrators to unauthorized modifications.
A systems administrator would like to deploy a change to a production system. Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue?
a.
Backout plan.
b.
Impact analysis.
c.
Test procedure.
d.
Approval procedure.
a.
Backout plan.Your Answer: Correct
A backout plan outlines steps to revert the system to its previous state if the new change causes issues, ensuring system stability.
Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?
a.
Remote access points should fail closed.
b.
Logging controls should fail open.
c.
Safety controls should fail open.
d.
Logical security controls should fail closed.
c.
Safety controls should fail open.Correct Answer
Safety controls should fail open to ensure that safety mechanisms remain operational during failures, protecting human life.
A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?
a.
Clustering servers.
b.
Geographic dispersion.
c.
Load balancers.
d.
Off-site backups.
b.
Geographic dispersion.Correct Answer
Geographic dispersion minimizes the impact of localized disasters.
