Security+ Practice Flashcards

Question

An organization is planning to open other data centers to sustain operations in the event of a natural disaster. Which of the following considerations would BEST support the organization's resiliency?

Answer 1

Geographical dispersal - placing physical distances between duplicate systems so the organization can avoid damages to both the primary and alternate resources from the same disaster.

Answer 2

AES - Advanced Encryption Standard - an algorithm that uses the same key to encrypt and decrypt protected data.

Answer 3

Ensuring no new hires have worked at other banks that may be trying to steal customer information.

Answer 4

Host-based firewall - firewall software that is installed directly on a computer (rather than a network)

Answer 5

Implement access control vestibules - hall or lobby next to the outer door of a building.

Answer 6

Domain services - Active Directory Domain Services (AD DS) is a server role in Active Directory that allows admins to manage and store information about resources from a network, as well as application data, in a distributed database.

Answer 7

Motion sensors

Answer 8

Update the base container image and redeploy the environment

Answer 9

transference - a contractual shifting of a pure risk from one party to another.

Answer 10

False positive - a test result which incorrectly indicates that a particular condition or attribute is present

Answer 11

ISO 31000 - Risk management – Guidelines, provide principles, a framework and a process for managing risk.

Answer 12

Root cause analysis - is the process of discovering the root causes of problems in order to identify appropriate solutions.

Answer 13

Hoaxes - believable stories or malicious deception

Answer 14

DDoS attack - an overload of traffic from a # of sources that makes resources unavailable for legitimate users.

Answer 15

High data entropy - a higher level of disorder or uncertainty in the data.

Answer 16

zero-day exploit is initially undetectable, and no patch for it exists.

Answer 17

Classification - is the process of identifying and and grouping objects or ideas into predetermined categories

Answer 18

DNS poisoning - hacker poisoning the DNS site. happens when fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website.

Answer 19

Agile - having a comprehensive approach to identifying any gaps or concerns.

Answer 20

Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced.

Answer 21

Enforce MFA when an account request reaches a risk threshold.

Answer 22

Subscribe to threat intelligence feeds

Answer 23

Patch management - the process of applying updates to software, drivers, and firmware to protect against vulnerabilities.

Answer 24

Unknown backdoor - an undocumented way to bypass existing cybersecurity measures and gain access to the computer system or device.

Answer 25

Activate runbooks for incident response. IoC - potential indicators of compromise

Answer 26

Low FRR - False Reject Rate (FRR) When you have a low FRR, it means that your biometric system is rejecting fewer people than it should be. Calculated by dividing the number of false rejects by the total number of transactions.

Answer 27

NIST - National Institute of Standards and Technology

Answer 28

Logic bomb - a set of instructions secretly incorporated into a program so that if a particular condition is satisfied they will be carried out, usually with harmful effects.

Answer 29

Attempt to quarantine all infected hosts to limit further spread. CSIRT - Computer Security Incident Response Team

Answer 30

Command and control - attack refers to methods and tools used to communicate with and control an infected machine or network.

Answer 31

Firewall syslog events logs

Answer 32

Development

Answer 33

Production

Answer 34

Implementing a robust patch management solution

Answer 35

User behavior analysis - provides you with the data to identify trends and easily spot outliers, so you can more easily and quickly identify and investigate potential threats and break the attack chain.

Answer 36

Directory traversal - also known as path traversal or directory climbing, is a vulnerability in a web application server caused by a HTTP exploit. The exploit allows an attacker to access restricted directories, execute commands, and view data outside of the web root folder where application content is stored. SQL injection - also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.

Answer 37

Privilege escalation - is a cyberattack designed to gain unauthorized privileged access into a system.

Answer 38

Phishing - the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Answer 39

Train the team to identify the difference between events and incidents.

Answer 40

WAF - Web Application Firewall NAC - Network Access Control - ensures that only users who are authenticated and devices that are authorized and compliant with security policies can enter the network.

Answer 41

Perform a physical-to-virtual migration

Answer 42

Block port 3389 inbound from untrusted networks

Answer 43

Federation - Identity Federation - resources that will trust a single authentication source

Answer 44

Implement a SOAR with customizable playbooks. SOAR - Security, Orchestration, Automation, and Response. SOAR seeks to alleviate the strain on IT teams by incorporating automated responses to a variety of events. A SOAR system can also be programmed to custom-fit an organization's needs. managed security service provider (MSSP)

Answer 45

PKI - Public key infrastructure the set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public-keys.

Answer 46

VDI - Virtual desktop infrastructure

Answer 47

Proprietary - is often transferred between companies after both sign a secrecy or confidentiality agreement.

Answer 48

An NG-SWG - Next Generation Secure Web Gateway (SWG) is a new cloud-native solution for protecting enterprises from the growing volume of sophisticated cloud enabled threats and data risks. It is the logical evolution of the traditional secure web gateway, also known as a web proxy or web filter. Segmentation - is a network security technique that divides a network into smaller, distinct sub-networks that enable network teams to compartmentalize the sub-networks and deliver unique security controls and services to each sub-network.

Answer 49

COPE - Corporate-Owned Personally-Enabled (COPE) architectures provide the flexibility of allowing both enterprises and employees to install applications onto organization-owned mobile devices. VDI

Answer 50

Brute-force - a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizations' systems and networks.

Answer 51

Supply chain - The practice of identifying, assessing and managing cyber security risks in the supply chain, encompassing technological and human risk factors.

Answer 52

SSH - also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network. SSH also refers to the suite of utilities that implement the SSH protocol.

Answer 53

CVSS - Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

Answer 54

Calculate the checksum using a hashing algorithm

Answer 55

complexity requirements

Answer 56

nmap - p1-65535 192.168.0.10 - Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Answer 57

nmap - p1-65535 192.168.0.10 - Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Answer 58

Mobile device management

Answer 59

Preventive

Answer 60

Memory leak - a common software issue that can lead to serious security vulnerabilities and performance issues.

Answer 61

Content Filter is a process that manages or screens access to specific emails or webpages. The goal is to block content that contains harmful information. Content filtering programs are commonly used by organizations to control content access through their firewalls. They can also be used by home computer users.

Answer 62

Mitigation - Mitigation, or Attack Mitigation, is the reduction in severity or seriousness of an event. In cybersecurity, mitigation is centered around strategies to limit the impact of a threat against data in custody. Threats against data can come from outside attackers motivated by profit, activism, retribution, or mischief.

Answer 63

Publish the document in a central repository that is easily accessible to the organization

Answer 64

Perform containment on the critical servers and resources.

Answer 65

Preventive controls - security mechanisms, tools, or practices that can deter or mitigate undesired actions or events.

Answer 66

IaaS - infrastructure as a Service (IaaS) is a cloud computing model in which a third-party cloud service provider (CSP) offers virtualized compute resources such as servers, data storage and network equipment on demand over the internet to clients.

Answer 67

DPO - The primary role of the data protection officer (DPO) is to ensure that her organisation processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.

Answer 68

Salting - With password salting, a random piece of data is added to the password before it runs through the hashing algorithm, making it unique and harder to crack. When using both hashing and salting, even if two users choose the same password, salting adds random characters to each password when the users enter them.

Answer 69

Pivoting - The act of an attacker moving from one compromised system to one or more other systems within the same or other organizations. Pivoting is fundamental to the success of advanced persistent threat (APT) attacks.

Answer 70

SIEM - Security information and event management (SIEM) is a security solution that helps organizations detect threats before they disrupt business.

Answer 71

SQLi - SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.

Answer 72

Transit gateway - A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks. As your cloud infrastructure expands globally, inter-Region peering connects transit gateways together using the AWS Global Infrastructure.

Answer 73

Logic bomb - A logic bomb is a set of instructions in a program carrying a malicious payload that can attack an operating system, program, or network. It only goes off after certain conditions are met. A simple example of these conditions is a specific date or time.

Answer 74

the sender's private key and decrypted with the recipient's public key

Answer 75

MFA - Multi Factor Authentication

Answer 76

SOC 2 Type 2 report - SOC 2, aka Service Organization Control Type 2, is a cybersecurity compliance framework developed by the American Institute of Certified Public Accountants (AICPA). The primary purpose of SOC 2 is to ensure that third-party service providers store and process client data in a secure manner.

Answer 77

Authentication

Answer 78

netstat - NetSTAT is a tool aimed at real-time network-based in-trusion detection. The NetSTAT approach extends the state transition analysis technique (STAT) [3] to network-based intrusion detection in order to represent attack scenarios in a networked environment.

Answer 79

Implement proper network access restrictions

Answer 80

The business continuity plan - A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue operating during an unplanned event. The BCP states the essential functions of the business, identifies which systems and processes must be sustained, and details how to maintain them.

Answer 81

Utilizing SIEM correlation engines - SIEM Security information and event management system - event correlation is an essential part of any SIEM solution. It aggregates and analyzes log data from across your network applications, systems, and devices, making it possible to discover security threats and malicious patterns of behaviors that otherwise go unnoticed and can lead to compromise or data loss.

Answer 82

USB data blocker - also known as a USB Condom, is a small device that you plug in between your device and a charging port to prevent data from being transferred from your device while still allowing it to charge.

Answer 83

Transference - Risk transference in information security is the act of shifting risks from one area (or organization) to another. This is typically done because the original company lacks expertise in a particular area, and finds it more effective to outsource the work to another company that understands it better.

Answer 84

Shared tenancy - A multi-tenant cloud is a cloud computing architecture that allows customers to share computing resources in a public or private cloud. Each tenant's data is isolated and remains invisible to other tenants.

Answer 85

An orchestration solution that can adjust scalability of cloud assets.

Answer 86

Purchasing insurance

Answer 87

Macro-enabled file - is a file extension used by Excel which allows you to save Excel documents with macros and Visual Basic for Applications (VBA) code.

Answer 88

Context-aware authentication - is the use of supplemental information to improve security decisions at the time they are made, resulting in more accurate security decisions capable of supporting dynamic business and IT environments

Answer 89

Obfuscation - Obfuscation means to make something difficult to understand. Programming code is often obfuscated to protect intellectual property or trade secrets, and to prevent an attacker from reverse engineering a proprietary software program. Encrypting some or all of a program's code is one obfuscation method.

Answer 90

Log analysis

Answer 91

Wireshark - is a network protocol analyzer, or an application that captures packets from a network connection, such as from your computer to your home office or the internet. Packet is the name given to a discrete unit of data in a typical Ethernet network. Wireshark is the most often-used packet sniffer in the world.

Answer 92

Revoke the code-signing certificate

Answer 93

CASB - Cloud access security brokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed.

Answer 94

Data at rest - is data that has reached a destination and is not being accessed or used. It typically refers to stored data and excludes data that is moving across a network or is temporarily in computer memory waiting to be read or updated.

Answer 95

Check the hash of the installation file

Answer 96

Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.

Answer 97

An HVAC system - In computing and especially in enterprise data centers, HVAC systems control the ambient environment (temperature, humidity, air flow and air filtering) and must be planned for and operated along with other data center components such as computing hardware, cabling, data storage, fire protection, physical security

Answer 98

It incorporates control, development, policy, and management activities into IT operations.

Answer 99

Production

Answer 100

The hard drive was not properly kept in an antistatic bag when it was moved.

Answer 101

FAR - False Acceptance Rate (FAR): the percentage of identification instances in which unauthorised persons are incorrectly accepted. False Rejection Rate (FRR): the percentage of identification instances in which authorised persons are incorrectly rejected.

Answer 102

DLP - DLP, or Data Loss Prevention, is a cybersecurity solution that detects and prevents data breaches. Since it blocks extraction of sensitive data, organizations use it for internal security and regulatory compliance.

Answer 103

Domain hijacking - Domain Hijacking or Domain Spoofing is an attack where an organization's web address is stolen by another party. The other party changes the enrollment of another's domain name without the consent of its legitimate owner. This denies true owner administrative access.

Answer 104

Hybrid environment

Answer 105

CASB - Cloud access security brokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed.

Answer 106

Generate a list of domains similar to the company's own and implement a DNS sinkhole for each. DNS Sinkholing is a mechanism aimed at protecting users by intercepting DNS request attempting to connect to known malicious or unwanted domains and returning a false, or rather controlled IP address. The controlled IP address points to a sinkhole server defined by the DNS sinkhole administrator.

Answer 107

Password spraying - is a type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to another one and repeating the process. This is effective because many users use simple, predictable passwords, such as "password123." SOC - Security Operation Center

Answer 108

Root certificate - is the starting point of a chain of trust upon which an SSL certificate is issued. The root certificate belongs to the Certificate Authority. The root certificate is used to issue intermediate certificates, that in term make it possible to register SSL certificates for end users.

Answer 109

Insider threat

Answer 110

Use containerization to segment the application from other applications to eliminate the risk

Answer 111

SRTP - Secure Real-time Transport Protocol. An extension of Real-time Transport Protocol (RTP) that features enhanced security measures. The protocol provides encryption, confidentiality, message authentication, and replay protection to your transmitted audio and video traffic.

Answer 112

only the company's employees and those listed in the document

Answer 113

Assess existing vulnerabilities affecting the third-party code and the remediation efficiency of the libraries' developers.

Answer 114

Look at the metadata in the email header and verify the "From:? line matches the CIO's email address.

Answer 115

Tabletop exercise - (TTX): A security incident preparedness activity, taking participants through the process of dealing with a simulated incident scenario and providing hands-on training for participants that can then highlight flaws in incident response planning.

Answer 116

Password reuse - is a person's tendency to use the same password across different online services. People reuse passwords in response to the poor usability of passwords.

Answer 117

It examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future.

Answer 118

Block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm. The block cipher processes fixed-size blocks simultaneously, as opposed to a stream cipher, which encrypts data one bit at a time.

Answer 119

ARP poisoning - ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends Address Resolution Protocol messages onto a local area network.

Answer 120

Command injection and directory traversal attempts. Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Directory traversal (path traversal) happens when the attacker is able to read files on the web server outside of the directory of the website.

Answer 121

UPS - Uninterruptible Power Supply A UPS is, essentially, a battery backup that supplies power to your system in order to provide enough time to properly power down your equipment when there is a failure in utility power. You may have a facility that already has a UPS (Uninterruptible Power Supply) or even a generator.

Answer 122

Take a memory snapshot of the running system.

Answer 123

AUP - acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources.

Answer 124

DLP - Data Loss Prevention a cybersecurity solution that detects and prevents data breaches. Since it blocks extraction of sensitive data, organizations use it for internal security and regulatory compliance.

Answer 125

Tailgating - where an attacker follows an unaware user to gain access to an area without authorization.

Answer 126

PII - Personally identifiable information

Answer 127

Insider threat - rogue employees and contractors leaking confidential data or misusing their access to systems for personal gain and/or to inflict damage and disruption.

Answer 128

The scanner is incorrectly configured to not trust this certificate when detected on the server.

Answer 129

Federation - A process that allows for the conveyance of identity and authentication information across a set of networked systems. Sources: FIPS 201-3 under Federation.

Answer 130

Legal hold - A legal hold (also known as a litigation hold) is a notification sent from an organization's legal team to employees instructing them not to delete electronically stored information (ESI) or discard paper documents that may be relevant to a new or imminent legal case.

Answer 131

Geofencing - allow a user to set up triggers so that when a device such as an internet-connected smartphone enters a defined geographical boundary, the user gets an alert.

Answer 132

(APT) Advanced persistent threats - is a well-resourced adversary engaged in sophisticated malicious cyber activity that is targeted and aimed at prolonged network/system intrusion.

Answer 133

Lack of vendor support

Answer 134

Dynamic code analysis - Dynamic Application Security Testing (DAST) – is designed to test a running application for potentially exploitable vulnerabilities.

Answer 135

HMAC-based, one-time password - Hash-based message authentication code (or HMAC) is a cryptographic authentication technique that uses a hash function and a secret key

Answer 136

VLAN segmentation - Networks are typically segmented with VLANs or subnets. VLANs create smaller network segments that connect hosts virtually. Subnets use IP addresses to segment the network, connected by networking devices.

Answer 137

Access control - a data security process that enables organizations to manage who is authorized to access corporate data and resources.

Answer 138

RAID - (redundant array of independent disks) is a way of storing the same data in different places on multiple hard disks or solid-state drives (SSDs) to protect data in the case of a drive failure. UPS - Uninterruptible Power Supply - A device with an internal battery that allows connected devices to run for at least a short time when the primary power source is lost. Redundant power supplies - also known as dual power supplies, are essential for network infrastructure as they minimize the risk of power failure and help maintain uptime.

Answer 139

Write protect the aggregated log files and move them to an isolated server with limited access. SIEM - Security information and event management - is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations.

Answer 140

Increase in the attack surface

Answer 141

It informs the backup approach so that the organization can recover data to a known time. RTO - Recovery time objective - the maximum tolerable length of time that a computer, system, network or application can be down after a failure or disaster occurs. BIA - Business impact analysis - provides invaluable insight into which assets are critical for core operations and how disruptions can be avoided

Answer 142

The scan reported a false negative for the vulnerability. False neg - problems aren't picked up even though there are bugs or vulnerabilities in the application being tested. False pos - security alerts incorrectly categorized as suggesting a threat when there is none.

Answer 143

Data can become a liability if archived longer than required by regulatory guidance.

Answer 144

chain of custody - A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.

Answer 145

-IaaS - Infrastructure as a Service (IaaS) is a cloud computing model in which a third-party cloud service provider (CSP) offers virtualized compute resources such as servers, data storage and network equipment on demand over the internet to clients. -Fog computing - a decentralized computing infrastructure in which data, compute, storage and applications are located somewhere between the data source and the cloud

Answer 146

Job rotation policy

Answer 147

TLS - Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet.

Answer 148

(HOTP) HMAC-based, one-time password is an event-based OTP where the moving factor in each code is based on a counter.

Answer 149

Overwriting - a process where new data is written over the existing data in the same physical space, making the original data inaccessible.

Answer 150

The last incremental backup that was conducted 72 hours ago.

Answer 151

Jump servers - is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them.

Answer 152

General Data Protection Regulation (GDPR) - requires that personal data must be processed securely using appropriate technical and organisational measures.

Answer 153

VDI and thin clients - a computer that uses resources housed inside a central server as opposed to a hard drive.

Answer 154

DNSSEC - a suite of extensions that improve Domain Name System (DNS) security by verifying that DNS results have not been tampered with.

Answer 155

CIS benchmarks - Center for Internet Security (CIS) are a set of globally recognized and consensus-driven best practices to help security practitioners implement and manage their cybersecurity defenses.

Answer 156

Segmentation - to strengthen security, network segmentation is a physical or virtual architectural approach dividing a network into multiple segments, each acting as its own subnetwork providing additional security and control.

Answer 157

PCI DSS - The Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard developed to enhance cardholder data security for organizations that store, process or transmit credit card data.

Answer 158

Adjust the sensitivity levels of the SIEM correlation engine. SIEM correlation engine - compares sequences of activity based on a set of rules.

Answer 159

Implement a vulnerability scan to assess dependencies earlier on SDLC

Answer 160

AUP - acceptable use policy (AUP) is a business agreement between a computer resource user and the computer resource owner or administrator that addresses all of the rights, privileges, and rules that users must adhere to when using computer resources.

Answer 161

Authentication

Answer 162

Supply chain

Answer 163

Chain of custody - the sequential documentation or trail that accounts for the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence.

Answer 164

Tabletop walk-through - simulations of real-world attacks that are designed to test the organization's ability to respond to a cybersecurity incident. This exercise is a practice for responding to cyber incidents, with hypothetical cyber attacks launched at the organization.

Answer 165

Corrective - minimize damage, facilitate recovery, and repair weaknesses so a similar attack doesn't happen again.

Answer 166

Privilege escalation - a technique where a cyber attacker compromises a system to gain unauthorized access.

Answer 167

Reconnaissance - information-gathering stage of ethical hacking, where you collect data about the target system.

Answer 168

tcpdump - a packet analyzer that is launched from the command line. It can be used to analyze network traffic by intercepting and displaying packets that are being created or received by the computer it's running on.

Answer 169

HTTP, HTTPS, Telnet, SSH, TLS, SSL

Answer 170

Lesson learned

Answer 171

Deny: ANY ANY 67

Answer 172

netstat - a tool aimed at real-time network-based in- trusion detection.

Answer 173

Configure the MDM software to enforce the use of PINs to access the phone.

Answer 174

sing sign-on

Answer 175

Smishing - a combination of “SMS” and “phishing.” In a smishing attack, cybercriminals send deceptive text messages to lure victims into sharing personal or financial information, clicking on malicious links, or downloading harmful software or applications.

Answer 176

Update the BYOD policy

Answer 177

Applying MDM software MDM - Mobile device management generates a centralized plan for managing multiple device types with varying operating systems such as iOS, Windows, Android, tvOS, Chrome OS, and macOS. Centralized management makes it easier to deploy MDM solutions in the cloud.

Answer 178

Password history Geolocation - is actually the position of a user's device, whether that's a home computer, laptop, smartphone, or fitness tracker. There are multiple ways for a device to determine its own position in the world, ranging from the most precise (GPS) to the least precise (IP-based geolocation).

Answer 179

GDPR - General Data Protection Regulation - requires that personal data must be processed securely using appropriate technical and organisational measures. The Regulation does not mandate a specific set of cyber security measures but rather expects you to take 'appropriate' action.

Answer 180

A risk register - is a log that lists all the potential risks that could impact your organization and how you plan to respond.

Answer 181

Geofencing - creates virtual boundaries in real-world geographical areas and can be drawn in a wide variety of shapes and sizes.

Answer 182

port 135, 445 135 - RPC client-server communication 445 - are used for authentication and file sharing.

Answer 183

SOAR playbook - Security Orchestration, Automation, and Response. It is a collection of integrated tools that enable automation and orchestration of various cybersecurity tasks. A playbook, on the other hand, is a component of SOAR which automates specific workflows or tasks within the security operations framework.

Answer 184

RAID - a way of storing the same data in different places on multiple hard disks or solid-state drives (SSDs) to protect data in the case of a drive failure. UPS - Uninterruptible Power Supply - A device with an internal battery that allows connected devices to run for at least a short time when the primary power source is lost. Redundant power supplies - also known as dual power supplies, are essential for network infrastructure as they minimize the risk of power failure and help maintain uptime.

Answer 185

Right protect the aggregated log files and move them to an isolated server with limited access. SIEM - Security Information and event management.

Answer 186

Increase in the attack surface

Answer 187

It informs the backup approach so that the organization can recover data to a known time. RTO - recovery time objective (RTO) is the maximum tolerable length of time that a computer, system, network or application can be down after a failure or disaster occurs. BIA - Business Impact Analysis - process that assesses the security risks associated with potential system breakdowns and identifies resiliency strategies that ensure business continuity during an incident or natural disaster.

Answer 188

version control - keeps track of every modification to the code in a special kind of database.

Answer 189

Secure the access point and cabling inside the drop ceiling. WAP - Wireless Application Protocol - A standard that defines the way in which Internet communications and other advanced services are provided on wireless mobile devices.

Answer 190

Salting - a concept that typically pertains to password hashing. Essentially, it's a unique value that can be added to the end of the password to create a different hash value. This adds a layer of security to the hashing process, specifically against brute force attacks. Rainbow Table - a precomputed table that contains the password hash value for each plain text character used during the authentication process.

Answer 191

chmod - or change mode, command allows an administrator to set or modify a file's permissions.

Answer 192

The scam reported a false negative for the vulnerability. False Negative - false alarm.

Answer 193

Data can become a liability of archive longer than required by regulatory guidance. A false negative state is the most serious and dangerous state. This is when the IDS identifies an activity as acceptable when the activity is actually an attack.

Answer 194

Data can become a liability if archived longer than required by regulatory guidance.

Answer 195

Chain of custody - A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.

Answer 196

IaaS - Infrastructure-as-a-Service (IaaS) enables enterprises to lease or rent servers to use for storage and computation in the cloud. Fog computing - a form of distributed computing that brings computation and data storage closer to the network edge, where many IoT devices are located.

Answer 197

Job rotation policy - ob rotation serves two functions. First, it provides a type of knowledge redundancy. Second, moving personnel around reduces the risk of fraud, data modification, theft, sabotage, and misuse of information.

Answer 198

TLS - Transport Layer Security - a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet.

Answer 199

Retention - refers to the regular archiving of event logs, particularly those significant to cyber security.

Answer 200

TLS - Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website.

Answer 201

HMAC-based, one-time password Hash-based message authentication code (or HMAC) is a cryptographic authentication technique that uses a hash function and a secret key. MFA - Multi Factor Authentication -

Answer 202

Overwriting - a process where new data is written over the existing data in the same physical space, making the original data inaccessible. On the other hand, when data is deleted, it's removed from the file system, but the actual data may still exist on the storage device until it's overwritten by new data.

Answer 203

The last incremental backup that was conducted seventy two hours ago

Answer 204

Jump servers - refers to a secure computer that spans two or more networks, allowing users to connect to it from one network, and then “jump“ to another network. It's also known as a jump host or a jump box. NOT VLAN - Network segmentation with virtual local area networks (VLANs) creates a collection of isolated networks within the data center. Each network is a separate broadcast domain. When properly configured, VLAN segmentation severely hinders access to system attack surfaces.

Answer 205

DNSSEC - is a suite of extensions that improve Domain Name System (DNS) security by verifying that DNS results have not been tampered with. Enterprises can use DNSSEC to improve their DNS security. DNS technology wasn't designed with security in mind. One example of an attack on DNS infrastructure is DNS spoofing. DNS - Domain Name System

Answer 206

VDI and thin clients VDI - Virtual Desktop Infrastructure thin clients - is a computer that uses resources housed inside a central server as opposed to a hard drive. A thin client connects to a server-based environment that hosts the majority of applications, memory, and sensitive data the user needs.

Answer 207

Detective - A cybercrime investigator is responsible for investigating and analyzing cybercrime incidents, such as hacking, identity theft, fraud, and other types of cyber-related crimes. Their primary goal is to identify the culprits and gather evidence that can be used to prosecute them in court.

Answer 208

CIS benchmarks - The Center for Internet Security (CIS) publishes the CIS Critical Security Controls (CSC) to help organizations better defend against known attacks by distilling key security concepts into actionable controls to achieve greater overall cybersecurity defense. CIS - Center for Internet Security

Answer 209

Segmentation - Network segmentation is a network security technique that divides a network into smaller, distinct sub-networks that enable network teams to compartmentalize the sub-networks and deliver unique security controls and services to each sub-network.

Answer 210

PCI DSS - The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International and American Express.

Answer 211

Adjust the sensitivity levels of the SIEM correlation engine. SIEM - Security Information and event management - is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations.

Answer 212

Implement a vulnerability scan to assess dependencies earlier on SDLC.

Answer 213

AUP - acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources.

Answer 214

Authentication - records of system activity involving logging in and out. High-level security events are logged for auditing purposes.

Answer 215

Supply chain Supply Chain Cyber Security: The practice of identifying, assessing and managing cyber security risks in the supply chain, encompassing technological and human risk factors.

Answer 216

VDI - Virtual Desktop Infrastructure

Answer 217

Chain of custody - The chain of custody is the most critical process of evidence documentation. It is a must to assure the court of law that the evidence is authentic

Answer 218

Tabletop walk-through - Tabletop exercises are meant to help organizations consider different risk scenarios and prepare for potential cyber threats.

Answer 219

Corrective - Corrective controls are designed to correct errors or irregularities that have been detected. Preventive controls, on the other hand, are designed to keep errors and irregularities from occurring in the first place. Controls may be automated, manual or hybrid.

Answer 220

Privilege escalation - A privilege escalation attack is a cyberattack to gain illicit access of elevated rights, permissions, entitlements, or privileges beyond what is assigned for an identity, account, user, or machine. This attack can involve an external threat actor or an insider threat.

Answer 221

WPA2 - (Wi-Fi Protected Access 2) is an encrypted security protocol that protects internet traffic on wireless networks.

Answer 222

Reconnaissance - Reconnaissance, often referred to as 'cyber reconnaissance' or 'cyber intelligence gathering', is the process of collecting information about potential targets, vulnerabilities, and attack vectors.

Answer 223

tcpdump - is used to capture and analyze network traffic. Sysadmins can use it to view real-time traffic or save the output to a file and analyze it later.

Answer 224

HTTP, HTTPS Telnet, SSH TLS, SSL

Answer 225

Lessons learned - A Vital Component of Incident Response. Once a cybersecurity incident has been resolved, the incident response team convenes for a post-incident review. During this crucial stage, the team examines each aspect of the response process, leaving no stone unturned.

Answer 226

netstat - is a common command line TCP/IP networking utility available in most versions of Windows, Linux, UNIX and other operating systems. Netstat provides information and statistics about protocols in use and current TCP/IP network connections. (The name derives from the words network and statistics.)

Answer 227

Configure the MDM software to enforce the use of PINs to access the phone. MDM - Mobile Device Management is any software that allows IT to automate, control, and secure administrative policies on laptops, smartphones, tablets, or any other device connected to an organization's network.

Answer 228

Single sign-on (SSO) - is an authentication method that lets users access multiple applications and services using a single set of login credentials.

Answer 229

Smishing - The term is a combination of “SMS” and “phishing.” In a smishing attack, cybercriminals send deceptive text messages to lure victims into sharing personal or financial information, clicking on malicious links, or downloading harmful software or applications.

Answer 230

Update the BYOD policy - Bring your own device (BYOD) means that employees use personal devices to connect to an organization's network, accessing work-related systems and possibly, sensitive data. Personal devices may include smartphones, personal computers, tablets or USB drives.

Answer 231

Applying MDM software - Mobile Device Management is any software that allows IT to automate, control, and secure administrative policies on laptops, smartphones, tablets, or any other device connected to an organization's network.

Answer 232

Password history Geolocation - is the identification of the geographic location of a user or computing device via an array of data collection processes (Device/Server based and Combined data collection). The most commonly used Geo-location service is a GPS device to determine a precise location of a person.

Answer 233

GDPR - General Data Protection Regulation - The GDPR requires that personal data must be processed securely using appropriate technical and organisational measures. The Regulation does not mandate a specific set of cyber security measures but rather expects you to take 'appropriate' action.

Answer 234

A risk register - is a specialized tool used to identify and organize the risks unique to cybersecurity.

Answer 235

Geofencing - Geofencing technology creates virtual boundaries in real-world geographical areas and can be drawn in a wide variety of shapes and sizes. Users can fully customise them to suit specific needs, like monitoring select rooms in the home or the perimeter around an entire property.

Answer 236

135 - RPC client-server communication - allows remote connections 445 - 139 and 445 are used for authentication and file sharing UDP ports 137 and 138 are used for local NetBIOS browser, naming, and lookup functions.

Answer 237

SOAR playbook - stands for Security Orchestration, Automation, and Response. It is a collection of integrated tools that enable automation and orchestration of various cybersecurity tasks. A playbook, on the other hand, is a component of SOAR which automates specific workflows or tasks within the security operations framework.

Answer 238

Version control - keeps track of every modification to the code in a special kind of database. If a mistake is made, developers can turn back the clock and compare earlier versions of the code to help fix the mistake while minimizing disruption to all team members.

Answer 239

Secure the access point and cabling inside the drop ceiling. WAP - Wireless Application Protocol - A standard that defines the way in which Internet communications and other advanced services are provided on wireless mobile devices.

Answer 240

Salting - In cryptography, a salt is random data fed as an additional input to a one-way function that hashes data, a password or passphrase. Salting helps defend against attacks that use precomputed tables (e.g. rainbow tables), by vastly growing the size of table needed for a successful attack.

Answer 241

chmod or change mode, command allows an administrator to set or modify a file's permissions. Every UNIX/Linux file has an owner user and an owner group attached to it, and every file has permissions associated with it. The permissions are as follows: read, write, or execute.

Answer 242

Implement an SWG SWG - secure web gateway (SWG) - A secure web gateway protects an organization from online security threats and infections by enforcing company policy and filtering Internet-bound traffic. A secure web gateway is an on-premise or cloud-delivered network security service. AUP - acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources.

Answer 243

Tokenizing the credit cards in the database. Tokenization refers to a process by which a piece of sensitive data, such as a credit card number, is replaced by a surrogate value known as a token. The sensitive data still generally needs to be stored securely at one centralized location for subsequent reference and requires strong protections around it.

Answer 244

Using a SHA-2 signature of a drive image SHA-2 is a family of hashing algorithms to replace the SHA-1 algorithm. SHA-2 features a higher level of security than its predecessor. It was designed through The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). Nonrepudiation provides proof of the origin, authenticity and integrity of data. It provides assurance to the sender that its message was delivered, as well as proof of the sender's identity to the recipient. This way, neither party can deny that a message was sent, received and processed.

Answer 245

Marketing strategies What is proprietary in cyber security? Anything regarded as extremely valuable that an individual or a firm created and that is not permitted to be transmitted or exhibited publicly is termed proprietary knowledge. That information is regarded as a valuable asset. Companies must generally handle information as a secret to be considered proprietary.

Answer 246

Visitor logs The purpose of a visitor log book is to have a record of people's names, contact information, and reasons for visiting. With a guest registry, you can monitor people's safety as well as gather useful data.

Answer 247

A tabletop exercise - discussion-based sessions where team members meet in an informal, classroom setting to discuss their roles during an emergency and their responses to a particular emergency situation. A facilitator guides participants through a discussion of one or more scenarios.

Answer 248

Reference architecture - is a document or set of documents that provides recommended structures and integrations of IT products and services to form a solution. The reference architecture embodies accepted industry best practices, typically suggesting the optimal delivery method for specific technologies.

Answer 249

Zero day - signifies that from the moment the vulnerability is discovered, there are zero days of protection, making it ripe for exploitation. Hackers can exploit these vulnerabilities to compromise systems, steal data, launch attacks, or disrupt operations.

Answer 250

Watering hole - a targeted attack designed to compromise users within a specific industry or group of users by infecting websites they typically visit and luring them to a malicious site. The end goal is to infect the user's computer with malware and gain access to the organization's network.

Answer 251

SaaS - (Software as a Service) security refers to the measures and processes implemented to protect the data and applications hosted by a SaaS provider. This typically includes measures such as encryption, authentication, access controls, network security, and data backup and recovery.

Answer 252

HIPS - A host intrusion prevention system (HIPS) is an approach to security that relies on third-party software tools to identify and prevent malicious activities. Host-based intrusion prevention systems are typically used to protect endpoint devices.

Answer 253

block unneeded TCP 445 connections SMB - The SMB protocol enables applications and their users to access files on remote servers, as well as connect to other resources, including printers, mailslots and named pipes. SMB provides client applications with a secure and controlled method for opening, reading, moving, creating and updating files on remote servers. port 445 - Microsoft networking port which is also linked to the NetBIOS service present in earlier versions of Microsoft Operating Systems. It runs Server Message Block (SMB), which allows systems of the same network to share files and printers over TCP/IP. This port shouldn't be opened for external network.

Answer 254

Buffer overflow - A buffer overflow attack typically involves violating programming languages and overwriting the bounds of the buffers they exist on. Most buffer overflows are caused by the combination of manipulating memory and mistaken assumptions around the composition or size of data. Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer.

Answer 255

High availability - High availability means that an IT system, component, or application can operate at a high level, continuously, without intervention, for a given time period. High-availability infrastructure is configured to deliver quality performance and handle different loads and failures with minimal or zero downtime.

Answer 256

Logs from each device type and security layer to provide correlation of events. SOC - Security Operation Center (SOC) is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization's security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents. SIEM - Security information and event management (SIEM) technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources.

Answer 257

Motion sensors with signage signage - Digital signage is a centrally controlled content distribution platform to playback digital content to one or many displays or screens. Digital signage screens are used for the relaying of any number of types of information, such as text, video, images, live weather, news, TV, menus, flights, calendars, and adverts.

Answer 258

Provide a domain parameter to theHarvester tool. A domain parameter can be defined for a specific domain, or can be defined “system-wide,” which means defined for all current and future domains in the current namespace. Domain parameters are divided into two groups, Basic and Advanced. Basic parameters are useful for customizing NLP default behavior. theHarvester is a command-line tool included in Kali Linux that acts as a wrapper for a variety of search engines and is used to find email accounts, subdomain names, virtual hosts, open ports / banners, and employee names related to a domain from different public sources (such as search engines and PGP key servers). NLP - NLP is the ability of machines to understand human language, including speech and text. Natural Language Processing (NLP), a subfield of artificial intelligence (AI) that holds the promise of reshaping the landscape of cybersecurity.

Answer 259

Development

Answer 260

Locator (URL) redirection - is a vulnerability which allows an attacker to force users of your application to an untrusted external site. The attack is most often performed by delivering a link to the victim, who then clicks the link and is unknowingly redirected to the malicious website. Beaconing - beaconing is a term used to describe a continuous cadence of communication between two systems. In the context of malware, beaconing is when malware periodically calls out to the attacker's C2 server to get further instructions on tasks to perform on the victim machine.

Answer 261

Tune monitoring in order to reduce false positive rates. Tuning is a combination of reducing false positives, working with alerts, and correlating events and trends to ensure greater accuracy. False positive - a person or test result that is incorrectly classified as positive

Answer 262

Rogue access point - is an unauthorized Wi-Fi access point that is added to a network without the knowledge or permission of the network administrator. How can I detect rogue access points? Wi-Fi scanning tools and network monitoring tools can be used to detect rogue access points. ESSID - (Extended Service Set IDentifier) is a collection of Access Points (or Virtual Access Points) sharing the same SSID. BSSID - stands for Basic Service Set Identifier, and it's the MAC (Media Access Control) physical address of the access point or wireless router that is used to connect to the WiFi. Airodump-ng is a packet capture utility that captures and saves raw data packets for further analysis. If you have a GPS receiver connected to your computer, airodump-ng can fetch the coordinates of the access points as well. After enabling monitor mode using airmon-ng, you can start capturing packets using airodump.

Answer 263

Communication protocols - A communication protocol that provides the appropriate confidentiality, authentication, and content-integrity protection

Answer 264

nmap comptia.org -p 80 -sv nmap - ("Network Mapper") is a free and open source utility for network discovery and security auditing.

Answer 265

Weak credentials - The password contains fewer than eight characters. The password is a word found in a dictionary (English or foreign). Names of family, pets, friends, coworkers, fantasy characters, etc.

Answer 266

TLS - Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet.

Answer 267

ARO - is the estimated number of times a security incident is expected to occur in a year, and SLE is the estimated monetary value of a single incident. SLE - Single Loss Expectancy (SLE) tells us what kind of monetary loss we can expect if an asset is compromised because of a risk.

Answer 268

Corrective - Corrective controls are designed to correct errors or irregularities that have been detected. Preventive controls, on the other hand, are designed to keep errors and irregularities from occurring in the first place.

Answer 269

the dark web

Answer 270

SOAR - Security orchestration, automation, and response (SOAR) primarily focuses on threat management, security operations automation, and security incident responses. SOAR platforms can instantly assess, detect, intervene, or search through incidents and processes without the consistent need for human interaction.

Answer 271

WPA2-Enterprise RADIUS - Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that authorizes and authenticates users who access a remote network. A protocol is a collection of rules that control how something communicates or operates.

Answer 272

Load balancer - Load balancers improve application performance by increasing response time and reducing network latency. They perform several critical tasks such as the following: Distribute the load evenly between servers to improve application performance. Redirect client requests to a geographically closer server to reduce latency.

Answer 273

Communication plan

Answer 274

Enforcing S/MIME for email and automatically encrypting USB drives upon insertion. (Secure/Multipurpose internet Mail Extensions) is a widely accepted protocol for sending digitally signed and encrypted messages APTs - An advanced persistent threat (APT) is a well-resourced adversary engaged in sophisticated malicious cyber activity that is targeted and aimed at prolonged network/system intrusion. APT objectives could include espionage, data theft, and network/system disruption or destruction.

Answer 275

Saas - SaaS (Software as a Service) security refers to the measures and processes implemented to protect the data and applications hosted by a SaaS provider. This typically includes measures such as encryption, authentication, access controls, network security, and data backup and recovery.

Answer 276

Preparation Incident response is a structured process organizations use to identify and deal with cybersecurity incidents. The NIST framework for incident response includes four stages: preparation and prevention; detection and analysis; containment, eradication, and recovery; and post-incident activity.

Answer 277

Tokenization - Tokenization refers to a process by which a piece of sensitive data, such as a credit card number, is replaced by a surrogate value known as a token. The sensitive data still generally needs to be stored securely at one centralized location for subsequent reference and requires strong protections around it.

Answer 278

Preventive Incident response is a structured process organizations use to identify and deal with cybersecurity incidents. The NIST framework for incident response includes four stages: preparation and prevention; detection and analysis; containment, eradication, and recovery; and post-incident activity.

Answer 279

Log collector - A log collector is a tool that aggregates the logs from different sources across your system, normalizes them, and offers a way to view the logs more easily.

Answer 280

To ensure availability

Answer 281

configure the web content filter for the web address is a process that manages or screens access to specific emails or webpages. The goal is to block content that contains harmful information. Content filtering programs are commonly used by organizations to control content access through their firewalls. They can also be used by home computer users.

Answer 282

the provenance of the artifacts the date and time Provenance - The chronology of the origin, development, ownership, location, and changes to a system or system component and associated data. It may also include personnel and processes used to interact with or make modifications to the system, component, or associated data.

Answer 283

the identity of federation protocol the registration authority In a federation protocol, a three-party relationship is formed between the subscriber, the IdP, and the RP, as shown in Figure 1. Figure 1. Federation Overview. A federation relationship between an IdP and RP is established in a multi-stage process: First, the IdP and RP agree to enter into a trust agreement. registration authority - An entity authorized by the certification authority system (CAS) to collect, verify, and submit information provided by potential Subscribers which is to be entered into public key certificates. The term RA refers to hardware, software, and individuals that collectively perform this function. IdP - An identity provider (IdP) is a service that stores and verifies user identity. IdPs are typically cloud-hosted services, and they often work with single sign-on (SSO) providers to authenticate users. Authentication. RP - Relying Party (RP) is a server that processes requests for access into online resources. Web applications are one kind of RP. RPs are also called “claims-aware” or “claims-based” applications since they support a device or person's claim to be the legitimate party requesting access.

Answer 284

RPO - Recovery Point Objective (RPO) describes the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan's maximum allowable threshold or “tolerance.”

Answer 285

Submit the application to QA before releasing it

Answer 286

DNS Logs DNS refers to your domain name server, which ensures that users can connect to the right IP address when they type in a URL, such as Google.com. DNS security is different. Unlike DNSSEC, which involves a specific method, protocol, or extension, DNS security is a concept. SIEM - Security information and event management (SIEM) technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources.

Answer 287

VPC - Virtual Private Cloud Security between resources in shared VPCs is managed using security groups, network access control lists (NACLs), or through a firewall between the subnets. VPC sharing benefits: Simplified design — no complexity around inter-VPC connectivity. Fewer managed VPCs. Flat networks are designed to reduce the number of routers and switches on a computer network by connecting the devices to a single switch instead of separate switches. Unlike a hierarchical network design, the network is not physically separated using different switches.

Answer 288

Encrypt the disk on the storage device

Answer 289

mobile device management Mobile device management (MDM) is security software that enables IT departments to implement policies that secure, monitor, and manage end-user mobile devices.

Answer 290

Full backups followed by differential backups A differential backup strategy copies only newly added and changed data since the last full backup.

Answer 291

Account audits

Answer 292

A USB data blocker

Answer 293

Data processor - is a natural person, agency, public authority, or any other body that holds personal data on behalf of a controller. Your staff is processing the data according to your instructions.

Answer 294

SED - self-encrypting devices / self-encrypting drives

Answer 295

ACL - Network Access Control List Meaning. A network access control list (ACL) is made up of rules that either allow access to a computer environment or deny it. In a way, an ACL is like a guest list at an exclusive club. Only those on the list are allowed in the doors.

Answer 296

SaaS - SaaS (Software as a Service) security refers to the measures and processes implemented to protect the data and applications hosted by a SaaS provider. This typically includes measures such as encryption, authentication, access controls, network security, and data backup and recovery.

Answer 297

Hashing - Hashing is a technique or process of mapping keys, and values into the hash table by using a hash function. It is done for faster access to elements.

Answer 298

DNS sinkhole DNS Sinkholing is a mechanism aimed at protecting users by intercepting DNS request attempting to connect to known malicious or unwanted domains and returning a false, or rather controlled IP address. The controlled IP address points to a sinkhole server defined by the DNS sinkhole administrator.

Answer 299

Geolocation Time of day restrictions Geo-location is the identification of the geographic location of a user or computing device via an array of data collection processes (Device/Server based and Combined data collection). The most commonly used Geo-location service is a GPS device to determine a precise location of a person.

Answer 300

The workstations are beaconing to a command-and-control server MHT - Mht exploit is embedded to HTML web pages. It attempts to download and install a malicious program on your computer by using a security vulnerability in Internet Explorer.

Answer 301

IaaS - Infrastructure-as-a-service (IaaS) provides virtualized computing resources, virtual networking, virtual storage, and virtual machines accessible over the internet.

Answer 302

Place the machines with the unapproved software in containment

Answer 303

The MITRE ATT&CK framework - The MITRE ATTACK Framework is a curated knowledge base that tracks cyber adversary tactics and techniques used by threat actors across the entire attack lifecycle. The framework is meant to be more than a collection of data: it is intended to be used as a tool to strengthen an organization's security posture.

Answer 304

Configure NAT on the core router Enable TLSv2 encryption on the web server

Answer 305

Implement salting and hashing Salting - Salting is a concept that typically pertains to password hashing. Essentially, it's a unique value that can be added to the end of the password to create a different hash value. This adds a layer of security to the hashing process, specifically against brute force attacks. Hashing - Hashing is a data security technique used to convert data values into alternate, unique identifiers called hashes for quick and secure access. Hashing can be used for data security because the one-way process prevents access to or tampering with the source data.

Answer 306

WPS - WPS stands for WiFi Protected Setup. A router with a WPS button can allow any device to automatically connect to your router when the WPS button is pressed. When you press the WPS button, your router looks for compatible devices right away and allows those devices automatically connect.

Answer 307

OWASP - The Open Web Application Security Project (OWASP) is a nonprofit foundation that provides guidance on how to develop, purchase and maintain trustworthy and secure software applications. OWASP is noted for its popular Top 10 list of web application security vulnerabilities.

Answer 308

The signal on the WAP needs to be increased in that section of the building.

Answer 309

Nmap - Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Answer 310

Compensating - a compensating control would be required: A single employee has the duties of accepting cash payments, recording the deposit, and reconciling the monthly financial reports. To prevent errors and/or fraud, additional oversight is required.

Answer 311

A Telnet session Packet capture is a networking practice involving the interception of data packets travelling over a network.

Answer 312

Hash substitution - Hash substitution In a hash substitution attack, an attacker modifies the content of a file while keeping the same hash value (checksum). This allows them to replace a legitimate file with a malicious or modified version without changing the hash value, making it appear as if the file has not been tampered with.

Answer 313

Logic bomb - a type of malicious code embedded in software that remains dormant until specific conditions are met. When triggered, a logic bomb virus executes a destructive action, such as deleting files or disrupting critical systems.

Answer 314

Continuous integration - Continuous integration (CI) involves developers frequently merging code changes into. a central repository where automated builds and tests run. Build is the process of. converting the source code to executable code for the platform on which it is intended to.

Answer 315

Code obfuscation - Obfuscation in computer code uses complex roundabout phrases and redundant logic to make the code difficult for the reader to understand. The goal is to distract the reader with the complicated syntax of what they are reading and make it difficult for them to determine the true content of the message.

Answer 316

WAP placement - Wireless Access Point (WAP) placement is an important aspect of setting up and maintaining a wireless network. Proper placement of WAPs ensures good coverage, capacity, and performance.

Answer 317

Not installing new software to prevent compatibility errors

Answer 318

Drop DROP (aka DENY, BLACKHOLE) Prohibit a packet from passing. Send no response. In the rules there is a choice of whether to REJECT or to DROP unwanted packets.

Answer 319

AUP - acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources.

Answer 320

Threat feeds - Threat feeds are a mechanism for users to receive current data on cyber intrusions, phishing and other types of fresh information on malicious activity.

Answer 321

OWASP - The Open Web Application Security Project (OWASP) is a nonprofit foundation that provides guidance on how to develop, purchase and maintain trustworthy and secure software applications. OWASP is noted for its popular Top 10 list of web application security vulnerabilities.

Answer 322

an annual privacy notice

Answer 323

NIST Risk Management Framework - The NIST RMF links to a suite of NIST standards and guidelines to support implementation of risk management programs to meet the requirements of the Federal Information Security Modernization Act (FISMA), including control selection, implementation, assessment, and continuous monitoring.

Answer 324

Virtual machines

Answer 325

Boot attestation - a secure mechanism to verify the integrity of an IoT gateway during boot time. Boot attestation enables the detection of gateway file tampering every time the gateway boots.

Answer 326

Push notifications

Answer 327

The user's IP address is changing between logins, but the application is not invalidating the token. SAML - Security Assertion Markup Language (SAML) is an open federation standard that allows an identity provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider (SP).

Answer 328

TPM - A Trusted Platform Module (TPM) is a specialized chip on a laptop or desktop computer that is designed to secure hardware with integrated cryptographic keys. A TPM helps prove a user's identity and authenticates their device. A TPM also helps provide security against threats like firmware and ransomware attacks.

Answer 329

TACACAS+ - TACACS+ which stands for Terminal Access Controller Access Control Server is a security protocol used in the AAA framework to provide centralized authentication for users who want to gain access to the network.

Answer 330

The vulnerability scanner was not properly configured and generated a high number of false positives.

Answer 331

NDA - A non-disclosure agreement is a legal document which sets rules and principles for the confidentiality of the information to be exchanged.

Answer 332

remove the single point of failure

Answer 333

Unmodified default settings OAuth - OAuth2 allows authorization without the external application getting the user's email address or password. Instead, the external application gets a token that authorizes access to the user's account. The user can revoke the token for one application without affecting access by any other application.

Answer 334

Revoke the code signing certificate used by both programs.

Answer 335

A zero-day vulnerability was used to exploit the web server. A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. An exploit that attacks a zero-day vulnerability is called a zero-day exploit.

Answer 336

Initiate the organization's incident response plan.

Answer 337

A watering-hole attack - A watering hole attack works by identifying a website that's frequented by users within a targeted organisation, or even an entire sector, such as defence, government or healthcare. That website is then compromised to enable the distribution of malware.

Answer 338

EAP-FAST - Extensible Authentication protocol (EAP) EAP-FAST (Flexible Authentication via Secure Tunneling) was developed by Cisco*. Instead of using a certificate to achieve mutual authentication. EAP-FAST authenticates by means of a PAC (Protected Access Credential) which can be managed dynamically by the authentication server.

Answer 339

NDA - Non disclosure agreement

Answer 340

Change control procedures Change Control is the process that management uses to identify, document and authorize changes to an IT environment. It minimizes the likelihood of disruptions, unauthorized alterations and errors. The change control procedures should be designed with the size and complexity of the environment in mind.

Answer 341

Smishing - Smishing is a form of phishing that uses mobile phones as the attack platform. The criminal executes the attack with an intent to gather personal information, including social insurance and/or credit card numbers. Smishing is implemented through text messages or SMS, giving the attack the name “SMiShing.”

Answer 342

A SSL/TLS downgrade A downgrade attack is an attack in which the attacker tries to force two hosts on a network (for example, a client (browser) and a website server) to use an insecure or weakly protected data transmission protocol (such as HTTP instead of HTTPS, or SSL instead of TLS). It is a type of man-in-the-middle attack.

Answer 343

Something you know Something you have

Answer 344

A supply-chain attack - A supply chain attack, which is also known as a third-party attack, value-chain attack or backdoor breach, is when a cybercriminal accesses a business's network via third-party vendors or through the supply chain. A security operations center, or SOC, is a team of IT security professionals that protects the organization by monitoring, detecting, analyzing, and investigating cyber threats.

Answer 345

Brute-force A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizations' systems and networks.

Answer 346

Supply chain attack A supply chain attack, which is also known as a third-party attack, value-chain attack or backdoor breach, is when a cybercriminal accesses a business's network via third-party vendors or through the supply chain.

Answer 347

The organization is expecting to process credit card information. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International and American Express.

Answer 348

Preventive

Answer 349

SSH was turned off instead of modifying the configuration file SCP, or Secure Copy Protocol, is a method based on (Secure Shell) SSH for safely transferring computer files between a local host and a remote host, or between two remote hosts.

Answer 350

Gray-box Gray box refers to the testing of software where there is some limited knowledge of its internal workings. Gray box testing is an ethical hacking technique where the hacker has to use limited information to identify the strengths and weaknesses of a target's security network.

Answer 351

Utilize an agentless monitor Agentless monitoring allows you to seamlessly observe your infrastructure components' overall health and performance without installing the agent software. It helps you retrieve the performance metrics from various network components quickly.

Answer 352

CVSS The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

Answer 353

COPE - Corporate-Owned Personally-Enabled (COPE) architectures provide the flexibility of allowing both enterprises and employees to install applications onto organization-owned mobile devices.

Answer 354

Network DLP Solution Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data. Organizations use DLP to protect and secure their data and comply with regulations.

Answer 355

SSO - Single Sign ON SAML - Security Assertion Markup Language (SAML) is an open federation standard that allows an identity provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider (SP)

Answer 356

Password complexity Password history

Answer 357

Firewall allow list

Answer 358

Data loss prevention

Answer 359

HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

Answer 360

A business continuity plan In essence, business continuity planning (BCP) involves preparing for and avoiding potential disruptions to your business operations.

Answer 361

http://sample.url.com/someotherpageonsite/./././etc/shadow

Answer 362

Typosquatting Typosquatting, also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else's brand or copyright) that targets Internet users who incorrectly type a website address into their web browser (e.g., “Gooogle.com” instead of “Google.com”).

Answer 363

ACL Network Access Control List Meaning. A network access control list (ACL) is made up of rules that either allow access to a computer environment or deny it. In a way, an ACL is like a guest list at an exclusive club. Only those on the list are allowed in the doors.

Answer 364

Offboarding Offboarding is the process that leads to the formal separation between an employee and a company through resignation, termination, or retirement. It encompasses all the decisions and processes that take place when an employee leaves. This may include: Transferring that employee's job responsibilities.

Answer 365

The MRI vendor does not support new versions of the OS

Answer 366

GDPR The General Data Protection Regulation (GDPR), which came into effect on 25th May 2018, provides a legal framework for keeping everyone's personal data safe by requiring companies to have robust processes in place for handling and storing personal information.

Answer 367

Installing a managed PDU PDU - a protocol data unit (PDU) is the basic unit of exchange between entities that communicate using a specified networking protocol. When working with a multilayer protocol stack, like the TCP/IP networking suite, use of the correct PDU is important when discussing protocol interactions.

Answer 368

Load balancer - Load balancers improve application performance by increasing response time and reducing network latency. They perform several critical tasks such as the following: Distribute the load evenly between servers to improve application performance. Redirect client requests to a geographically closer server to reduce latency.

Answer 369

Containerization - Containerization is a type of virtualization in which all the components of an application are bundled into a single container image and can be run in isolated user space on the same shared operating system. Remote control MDM Solution - Mobile device management (MDM) is security software that lets your business implement policies to secure, monitor, and manage your end-user mobile devices.

Answer 370

IPSec - IPSec encryption is a software function that scrambles data to protect its content from unauthorized parties. Data is encrypted by an encryption key, and a decryption key is needed to unscramble the information. IPSec supports various types of encryptions, including AES, Blowfish, Triple DES, ChaCha, and DES-CBC. SSL VPN

Answer 371

Dump A copy or “snapshot” of data stored in memory at any given moment. A memory dump is often created when a program crashes in order to analyze the causes. A database dump is made to back up the information it contains.

Answer 372

SaaS SaaS (Software as a Service) security refers to the measures and processes implemented to protect the data and applications hosted by a SaaS provider. This typically includes measures such as encryption, authentication, access controls, network security, and data backup and recovery.

Answer 373

Time stamps Hash values The most common hash functions are MD5, SHA-1, SHA-256, and SHA-512. Their main purpose in cybersecurity is to generate unique identifiers for their inputs, such as malware files, that can be cataloged, shared or (re)searched with relative ease.

Answer 374

To only allow approved, organization-owned devices onto the business network

Answer 375

Role-based Role-based access control schemas are often similar to organizational hierarchies. Role-based access control (RBAC) uses roles and user groups to determine access privileges. With RBAC, system administrators assign roles to subjects and configure access permissions to apply at the role level.

Answer 376

Data controller The data controller determines the purposes for which and the means by which personal data is processed. So, if your company/organisation decides 'why' and 'how' the personal data should be processed it is the data controller.

Answer 377

SIEM - Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations.

Answer 378

tracert The TRACERT diagnostic utility determines the route to a destination by sending Internet Control Message Protocol (ICMP) echo packets to the destination. In these packets, TRACERT uses varying IP Time-To-Live (TTL) values.

Answer 379

Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team.

Answer 380

Asymmetric In cybersecurity, an asymmetric attack might involve a perpetrator attacking security measures that have been put in place, such as the firewall or intrusion detection system, by capitalizing on the weakest link (such as a user on the network who has not updated to the latest security patch or uses a low strength

Answer 381

a PUP - Potentially unwanted program

Answer 382

#iptables -F

Answer 383

Document the collection and require a sign-off when possession changes.

Answer 384

Third-party applications are not being patched.

Answer 385

Proximity card reader

Answer 386

Privilege escalation Privilege escalation refers to a network attack aiming to gain unauthorized higher-level access within a security system. It typically starts with attackers exploiting vulnerabilities to access a system with limited privileges.

Answer 387

Backup administrator

Answer 388

Purple team

Answer 389

Missing patches for third-party software on Windows workstations and servers.

Answer 390

The web server logs

Answer 391

Salting Salting is a concept that typically pertains to password hashing. Essentially, it's a unique value that can be added to the end of the password to create a different hash value. This adds a layer of security to the hashing process, specifically against brute force attacks.

Answer 392

Wildcard A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains. Wildcard notation consists of an asterisk and a period before the domain name. Secure Sockets Layer (SSL) certificates often use wildcards to extend SSL encryption to subdomains.

Answer 393

Tor Tor is a network of virtual tunnels that allows you to improve your privacy and security on the Internet. Tor works by sending your traffic through three random servers (also known as relays) in the Tor network. The last relay in the circuit (the "exit relay") then sends the traffic out onto the public Internet.

Answer 394

Data collector The data collector is the application that collects and delivers the metadata that is analyzed and presented in the GUI. The data collector is a light-weight application that is installed on a server in your data center.

Answer 395

Prevention of information exposure

Answer 396

Perfect forward secrecy Perfect Forward Secrecy (PFS), also called forward secrecy (FS), refers to an encryption system that changes the keys used to encrypt and decrypt information frequently and automatically. This ongoing process ensures that even if the most recent key is hacked, a minimal amount of sensitive data is exposed.

Answer 397

Site to Site A site-to-site virtual private network (VPN) refers to a connection set up between multiple networks. This could be a corporate network where multiple offices work in conjunction with each other or a branch office network with a central office and multiple branch locations.

Answer 398

A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.

Answer 399

Access control vestibules Fencing

Answer 400

MAC filtering - MAC address filtering allows you to block traffic coming from certain known machines or devices. The router uses the MAC address of a computer or device on the network to identify it and block or permit the access. Traffic coming in from a specified MAC address will be filtered depending upon the policy. Network access control - Network access control (NAC), also known as network admission control, is the process of restricting unauthorized users and devices from gaining access to a corporate or private network.

Answer 401

Bluejacking Bluejacking is a Bluetooth attack in which a hacker spams your device with unsolicited phishing messages. When it comes to wirelessly pairing two devices, it's tough to beat the convenience of Bluetooth.

Answer 402

Phishing campaign

Answer 403

Keylogger A keylogger or keystroke logger/keyboard capturing is a form of malware or hardware that keeps track of and records your keystrokes as you type. It takes the information and sends it to a hacker using a command-and-control (C&C) server.

Answer 404

Secure Enclave Secure Enclaves are sets of security-related instruction codes built into new CPUs. They protect data in use, because the enclave is decrypted on the fly only within the CPU, and then only for code and data running within the enclave itself.

Answer 405

The order of volatility - In digital forensics, the order of volatility categorizes data based on its volatility, moving from the most ephemeral to relatively stable forms. These categories encompass registers and cache, RAM, temporary file systems, disk storage, and archival media. The date and time

Answer 406

a biometric scanner

Answer 407

Deploying an appropriately sized, network-connected UPS device

Answer 408

standard naming convention policy

Answer 409

Memory contents, including fireless malware, are lost when the power is turned off

Answer 410

False rejection

Answer 411

Unsecure user accounts

Answer 412

RPO - Recovery point objective (RPO) describes a period of time in which an enterprise's operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster or communications failure.

Answer 413

SSL stripping SSL stripping is a technique by which a website is downgraded from https to http. In other words, the attack is used to circumvent the security which is enforced by SSL certificates on https sites. This is also known as SSL downgrading.

Answer 414

Uninterruptible power supplies with battery backup

Answer 415

SSH Key SSH or Secure Shell is a network communication protocol that enables two computers to communicate (c.f http or hypertext transfer protocol, which is the protocol used to transfer hypertext such as web pages) and share data.

Answer 416

Input validation Input validation is a crucial security measure to prevent a variety of common injection attacks, such as SQL Injection, Command Injection, and Cross-Site Scripting (XSS). Input validation verifies that values provided by a user match a programmer's expectations before allowing any further processing.

Answer 417

API integrations

Answer 418

cat /var/messages | grep 10.1.1.1

Answer 419

Simulation

Answer 420

Corrective

Answer 421

Reputation damage

Answer 422

Load balancing RAID RAID (/reɪd/; "redundant array of inexpensive disks" or "redundant array of independent disks") is a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both.

Answer 423

Packet capture Packet capturing helps to analyze networks, identify network performance issues and manage network traffic. It allows IT teams to detect intrusion attempts, security issues, network misuse, packet loss, and network congestion. It enables network managers to capture data packets directly from the computer network.

Answer 424

screen lock timer

Answer 425

Load current baselines into the existing vulnerability scanner

Answer 426

Modify the exception list on the DLP to allow the upload Data Loss prevention (DLP)

Answer 427

Key exchange Key exchange (also key establishment) is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.

Answer 428

Dump file A dump file is a snapshot that shows the process that was executing and modules that were loaded for an app at a point in time. A dump with heap information also includes a snapshot of the app's memory at that point.

Answer 429

PGP PGP stands for pretty good privacy, an encryption system used for sending and managing encrypted emails and files. Encrypting the data and content of emails makes this method of communication more private, which is why PGP is used by those dealing with sensitive information.

Answer 430

Trojan A Trojan Horse Virus is a type of malware that downloads onto a computer disguised as a legitimate program. The delivery method typically sees an attacker use social engineering to hide malicious code within legitimate software to try and gain users' system access with their software.

Answer 431

B - Time based one time password E - Hardware token

Answer 432

Bug bounty

Answer 433

B - Use the latest version of software E - Implement a screened subnet for the web server F - Install an endpoint security solution

Answer 434

B - A packet capture tool was used to steal the password

Answer 435

D - Data controller

Answer 436

A - Communication plan

Answer 437

B - Something you are

Answer 438

C - Access control vestibules

Answer 439

Access control vestibules

Answer 440

NAC Network access control (NAC), also known as network admission control, is the process of restricting unauthorized users and devices from gaining access to a corporate or private network.

Answer 441

SWG A secure web gateway (SWG) is a security solution that prevents unsecured internet traffic from entering an organization's internal network

Answer 442

A - theHarvester theHarvester is a command-line tool included in Kali Linux that acts as a wrapper for a variety of search engines and is used to find email accounts, subdomain names, virtual hosts, open ports / banners, and employee names related to a domain from different public sources (such as search engines and PGP key servers). Open Source Intelligence (OSINT) is a method of gathering information from public or other open sources, which can be used by security experts, national intelligence agencies, or cybercriminals.

Answer 443

Multipath Multipath routing is a routing technique simultaneously using multiple alternative paths through a network. This can yield a variety of benefits such as fault tolerance, increased bandwidth, and improved security.

Answer 444

B - Identification Indicators of compromise (IOCs) refer to data that indicates a system may have been infiltrated by a cyber threat. They provide cybersecurity teams with crucial knowledge after a data breach or another breach in security.

Answer 445

B - MTBF MTBF (mean time between failures) is the average time between repairable failures of a technology product. The metric is used to track both the availability and reliability of a product. The higher the time between failure, the more reliable the system.

Answer 446

Disaster Recovery Plan

Answer 447

Data owner

Answer 448

An authentication application

Answer 449

A - Devices with cellular communication capabilities bypass traditional network security controls

Answer 450

C - TLS inspection Why is TLS Inspection necessary for network security? TSL inspection decrypts and inspects the traffic that is encrypted between the user and the host to be able to identify malicious activity that uses encrypted communication routes. IDS - Intrusion Detection Systems - works by looking for the signature of known attack types or detecting activity that deviates from a prescribed normal. It then alerts or reports these anomalies and potentially malicious actions to administrators so they can be examined at the application and protocol layers. WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.

Answer 451

C - Configuring a server account to run the processes

Answer 452

OWASP The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation dedicated to improving software security. It operates under an “open community” model, which means that anyone can participate in and contribute to OWASP-related online chats, projects, and more.

Answer 453

Rogue access point What Are Rogue Access Points? A rogue access point — or rogue AP — is a wireless access point plugged into an organization's network that the security team does not know exists. While rogue access points can be used as part of a coordinated attack, employees unaware of proper cybersecurity protocol often install them.

Answer 454

Lessons learned

Answer 455

Jump Server Jump server refers to a secure computer that spans two or more networks, allowing users to connect to it from one network, and then “jump“ to another network. It's also known as a jump host or a jump box.

Answer 456

D - Threat feeds

Answer 457

C - Tabletop A tabletop exercise, or TTX, is a role-playing activity in which players respond to scenarios presented by one or more facilitators.

Answer 458

Cold site A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place.

Answer 459

C - Cuckoo Cuckoo is an open source automated malware analysis system. It's used to automatically run and analyze files and collect comprehensive analysis results that outline what the malware does while running inside an isolated operating system.

Answer 460

A - Provisioning Provisioning is the process of creating and setting up IT infrastructure, and includes the steps required to manage user and system access to various resources. Provisioning is an early stage in the deployment of servers, applications, network components, storage, edge devices, and more.

Answer 461

Load balancing

Answer 462

Bluesnarfing Bluesnarfing”, a portmanteau of the words “Bluetooth” and “snarf” (meaning "to steal"), is accessing data through an unauthorized wireless connection. Cyber criminals can hack into your mobile phone, tablet, smartwatch and other wearables to steal passwords, emails and photos without you even realizing.

Answer 463

B - Round-robin Round-robin (RR) is one of the algorithms employed by process and network schedulers in computing. As the term is generally used, time slices (also known as time quanta) are assigned to each process in equal portions and in circular order, handling all processes without priority (also known as cyclic executive).

Answer 464

Correlation dashboards The Correlation Dashboards display correlations between events and Recorded Future Risk Lists. The Risk List used for the correlation depend on which type of Correlation Dashboard is chosen. By default only the events of the last 24 hours are used.

Answer 465

D - Data processor

Answer 466

Watering-hole attack

Answer 467

image volatile memory

Answer 468

A - input validation

Answer 469

Ensuring that port 53 has been explicitly allowed in the rule set Port 53 is used by DNS (Domain Name System). DNS takes care of recolving human readable 'host names' into numeric IP addresses.

Answer 470

Patch availability

Answer 471

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

Answer 472

A - Preparation

Answer 473

A - internet proxy

Answer 474

DDoS A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. A DDoS attack uses more than one unique IP address or machines, often from thousands of hosts infected with malware.

Answer 475

Security information and event management

Answer 476

C - Data masking Data masking creates fake versions of an organization's data by changing confidential information. Various techniques are used to create realistic and structurally similar changes. Once data is masked, you can't reverse engineer or track back to the original data values without access to the original dataset.

Answer 477

C - Reputation damage

Answer 478

B - Tainted training data

Answer 479

A - Someone near the building is jamming the signal

Answer 480

Application allow list

Answer 481

B - PCIDSS - The PCI DSS (Payment Card Industry Data Security Standard) is an information security standard designed to reduce payment card fraud by increasing security controls around cardholder data. D - GDPR - General Data Protection Regulation - The GDPR requires that personal data must be processed securely using appropriate technical and organisational measures. The Regulation does not mandate a specific set of cyber security measures but rather expects you to take 'appropriate' action.

Answer 482

D - Credential stuffing Credential stuffing is a cyber attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service.

Answer 483

The business continuity plan

Answer 484

Mitre Attack MITRE ATT&CK® stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). The MITRE ATT&CK framework is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary's attack lifecycle and the platforms they are known to target.

Answer 485

A - Domain name, PKI, GeoIP lookup

Answer 486

A - A right to audit clause allowing for annual security audits

Answer 487

D - Acceptable use policy

Answer 488

C - Legal hold A legal hold, also known as a litigation hold, is the process by which organizations preserve potentially relevant information when litigation is pending or reasonably anticipated. By issuing a legal hold, organizations notify custodians about their duty not to delete ESI or physical documents relevant to a case.

Answer 489

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

Answer 490

Tailgtating

Answer 491

C - Encrypted VPN traffic will not be inspected when entering or leaving the network

Answer 492

Digital certificate

Answer 493

B - Using a scan-patch-scan process

Answer 494

A - Deploying a SASE solution to remote employees Secure access service edge (SASE) is an architecture that delivers converged network and security as a service capabilities including SD-WAN and cloud native security functions such as secure web gateways, cloud access security brokers, firewall as-a-service, and zero-trust network access.

Answer 495

A - Regulatory requirement

Answer 496

C- Create a change control request

Answer 497

A - Evil twin

Answer 498

D - FIM File Integrity Monitoring (FIM) is a security practice which consists of verifying the integrity of operating systems and application software files to determine if tampering or fraud has occurred by comparing them to a trusted "baseline."

Answer 499

A - Host-based firewalls A host-based firewall is a piece of firewall software that runs on an individual computer or device connected to a network. These types of firewalls are a granular way to protect the individual hosts from viruses and malware, and to control the spread of these harmful infections throughout the network.

Answer 500

B - A jump server

Answer 501

B - Removing unneeded applications reduces the system's attack surface

Answer 502

A - Enforce the use of a controlled trusted source of container images

Answer 503

C - Check the SIEM to review the correlated logs

Answer 504

D - Continuous integration

Answer 505

D - A RAT Remote access trojans (RATs) are malware designed to allow an attacker to remotely control an infected computer. Once the RAT is running on a compromised system, the attacker can send commands to it and receive data back in response. 2022 Security Report Demo Endpoint RAT Protection.

Answer 506

A - Facial recognition

Answer 507

RAID 6 RAID 6, also known as double-parity RAID, is one of several RAID schemes that work by placing data on multiple disks and enabling I/O operations to overlap in a balanced way, improving performance. Not all types of RAID, or redundant array of independent disks, offer redundancy, although RAID 6 does.

Answer 508

Encryption

Answer 509

Unavailable patch

Answer 510

D - Network E - Firewall

Answer 511

Bug bounty

Answer 512

C - Jailbreaking

Answer 513

B - Isolation

Answer 514

A - EDR Endpoint Detection and Response (EDR), also referred to as endpoint detection and threat response (EDTR), is an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware.Oct 26, 2023

Answer 515

A - Cross-site scripting Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it.

Answer 516

B - Performing code signing on company developed software

Answer 517

C - Utilize a SIEM to centralize logs and dashboards

Answer 518

D - Reflected denial of service

Answer 519

C - Data masking Deterministic data masking maps original values to masked values, ensuring that data is always replaced consistently in all tables. This can be important to retain data integrity. For example, if the data contains names, the name “John” will always be replaced with “Samuel” in all relevant tables.

Answer 520

C - tail-500 /logfiles/messages | grep www.comptia.com

Answer 521

A - scanning

Answer 522

Thin clients Thin clients and other lean devices rely on a constant network connection to a central server for full computing and don't do much processing on the hardware itself. The term is derived from the fact that small computers in networks tend to be clients and not servers.

Answer 523

D - A rootkit was deployed A common rootkit definition is a type of malware program that enables cyber criminals to gain access to and infiltrate data from machines without being detected. It covers software toolboxes designed to infect computers, give the attacker remote control, and remain hidden for a long period of time.

Answer 524

A - Hacktivists A hacktivist is a hacker activist, someone who attacks computer systems for political reasons. “Hacktivism” is hacking activism.

Answer 525

D - NIST 800-53The NIST 800-53 is a cybersecurity standard and compliance framework developed by the National Institute of Standards in Technology. It's a continuously updated framework that tries to flexibly define standards, controls, and assessments based on risk, cost-effectiveness, and capabilities.

Answer 526

CASB A Cloud Access Security Broker (CASB) implements zero-trust access control and policy enforcement for these cloud environments. Traffic to the cloud flows through the CASB solution, enabling it to enforce corporate security policies.

Answer 527

D - Migrate to the cloud backup solution

Answer 528

C - A next-generation firewall

Answer 529

C - Geolocation policy The geolocation of a user is actually the position of a user's device, whether that's a home computer, laptop, smartphone, or fitness tracker. There are multiple ways for a device to determine its own position in the world, ranging from the most precise (GPS) to the least precise (IP-based geolocation).

Answer 530

D - Cold Site Cold Site. Cold sites which are empty facilities, such as trailers, warehouses, open space in existing data centers specially equipped for emergency use; or simply empty buildings that are wired for power, communications and HVAC but are empty. The cost model for each is quite different. E - Cloud backups

Answer 531

D - WAF web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.

Answer 532

A - pass the hash Pass the hash (PtH) is a type of cybersecurity attack in which an adversary steals a “hashed” user credential and uses it to create a new user session on the same network.

Answer 533

D - A SIEM Security information and event management (SIEM) technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources.

Answer 534

A - Implement a S/MIME to encrypt the emails at rest S/MIME encryption muddles emails so that they can only be viewed by receivers who have a private key to decrypt them. It prevents others, particularly malicious actors, from intercepting and reading email messages as they are sent from senders to recipients.

Answer 535

A - Tabletop

Answer 536

C - Error Handling

Answer 537

D - compensating controls

Answer 538

B - VM escape Virtual machine escape is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor. Such an exploit could give the attacker access to the host operating system and all other virtual machines (VMs) running on that host.

Answer 539

D - A weekly, full backup with daily incremental backups

Answer 540

A - The GPS Location

Answer 541

A - The S/MIME plug-in is not enable S/MIME (Secure/Multipurpose internet Mail Extensions) is a widely accepted protocol for sending digitally signed and encrypted messages. S/MIME in Exchange Online provides the following services for email messages: Encryption: Protects the content of email messages.

Answer 542

C - Microservices A microservice-based architecture is a modern approach to software development that breaks down complex applications — sometimes called monolithic applications — into smaller components that are independent of each other and more manageable.

Answer 543

B - Application allow list

Answer 544

A - Configure the guest wireless network to be on a seperate VLAN from the company's internal wireless network.

Answer 545

B - Utilizing split tunneling, so only traffic for corporate resources is encrypted

Answer 546

B - Setting up a VPN and placing the jump server inside the firewall Jump server refers to a secure computer that spans two or more networks, allowing users to connect to it from one network, and then “jump“ to another network. It's also known as a jump host or a jump box.

Answer 547

B - Supply Chain

Answer 548

B - Hacktivist

Answer 549

C - Jailbreaking

Answer 550

E - It assures customers that the organization meets security standards

Answer 551

C - Directory traversal; implement a WAF

Answer 552

HSM Hardware security modules (HSMs) are hardened, tamper-resistant hardware devices that secure cryptographic processes by generating, protecting, and managing keys used for encrypting and decrypting data and creating digital signatures and certificates.

Answer 553

B - Cache memory, temporary filesystems, disk, archival media

Answer 554

D - Organized crim

Answer 555

A - Insider threat detection

Answer 556

A - Ease of recovery D - Responsiveness

Answer 557

A - Risk transference Risk transference in information security is the act of shifting risks from one area (or organization) to another. This is typically done because the original company lacks expertise in a particular area, and finds it more effective to outsource the work to another company that understands it better.

Answer 558

D - FIM File Integrity Monitoring (FIM) is a security practice which consists of verifying the integrity of operating systems and application software files to determine if tampering or fraud has occurred by comparing them to a trusted "baseline"

Answer 559

B - implement network segmentation An effective technique to strengthen security, network segmentation is a physical or virtual architectural approach dividing a network into multiple segments, each acting as its own subnetwork providing additional security and control.

Answer 560

C - Session initiation protocol traffic logs

Answer 561

D - SLE x ARO Annualized Rate of Occurrence, also known as ARO, refers to the expected frequency with which a risk or a threat is expected to occur.

Answer 562

A - Auto-update F - Sandboxing Sandboxing is a cybersecurity practice where you run code, observe and analyze and code in a safe, isolated environment on a network that mimics end-user operating environments. Sandboxing is designed to prevent threats from getting on the network and is frequently used to inspect untested or untrusted code.

Answer 563

B - intellectual property

Answer 564

A - intrusion prevention system

Answer 565

C - Site survey

Answer 566

B - Network segmentation Network segmentation is a network security technique that divides a network into smaller, distinct sub-networks that enable network teams to compartmentalize the sub-networks and deliver unique security controls and services to each sub-network.

Answer 567

B - Social engineering

Answer 568

B - Generator

Security+ Practice Flashcards

(634 cards)