Security X Practice Test 1 Hardcover Flashcards
A financial services company is facing inconsistent security incident reporting across its global branches. Compliance teams struggle with log analysis, incident classification and regulator reporting timelines. Executive leadership mandates standardized security incident documentation with automated compliance tracking. The security team must align with regulatory bodies like PCI DSS and GDPR. What documentation strategy should they implement?
A. Use an automated SOAR platform to standardize security incident documentation and tracking
B. Develop ad-hoc incident response logs to give flexibility to local teams
C. Reduce regulatory reporting requirements for smaller branch locations
D. Limit security reporting documentation to critical incidents only
E. Allow business units to define their own security incident documentation
A. Use an automated SOAR platform to standardize security incident documentation and tracking
Explanation:
Security Orchestration, Automation and Response tools ensure standardized incident response documentation and automated tracking for compliance frameworks
Make sure you understand that SOAR solutions automate security incident documentation and ensure compliance tracking.
The CISO of an multinational corporation is implementing a situational awareness program to improve their threat intelligence visibility. The security operations team faces challenges in detecting APTs across cloud and on premise environments. They need a solution that automates security even correlation and enhance real time threat detection. To ensure proactive security monitoring, what should the organization implement?
A. A security information and event management (SIEM) system with real time event correlation
B. Manual security incident analysis based on daily logs
C. Restrict access to threat intelligence data for select security analysts
D. Ad hoc monitoring of security incidents without automation
E. Rely solely on third party intelligence reports without internal correlation
A. A security information and event management (SIEM) system with real time event correlation
Explanation:
SIEM systems correlate security events for real time threat intelligence
Make sure that security monitoring is automated to detect APTs across cloud and on prem environments. Manual analysis alone is ineffective against sophisticated attacks
An enterprise is deploying a GRC solution tool to improve risk tracking, audit management and compliance reporting. Which of the following is not a benefit of GRC automation?
A. Enhancing risk visibility through automated reporting dashboards
B. Reducing manual compliance effort by mapping controls to regulations
C. Enabling real time alerts for compliance violations
D. Increasing security complexity by requiring more manual interventions
E. Automating audit trails for regulatory compliance
D. Increasing security complexity by requiring more manual interventions
Explanation:
Automation reduces manual efforts, not increases it
You need to recognize that GRC automation streamlines compliance management. Always remember that automation enhances audit readiness, reduces manual errors and improves security visibility . Eliminate choices that suggested increase manual intervention. Avoid assuming automation increases complexity - it reduces operational burden. Stay alert to answers suggesting GRC tools require more manual effort. Dont confuse automated compliance tracking with manual control reviews.
NO
Match the following cyber risk quantification models with their primary characteristics
A. FAIR Model
B. OCTAVE
C. NIST RMF
D. COSO ERM
E. Bowtie Risk Analysis
- Use Monte Carlo simulations to model financial risk impact of cybersecurity threats
- Focuses on qualitative self directed risk assessment and operational risks
- Provide a structured approach for risk management and continuous monitoring
- Used for enterprise wide governance, risk and compliance (GRC) integration
- Geographically models preventive and reactive security controls
A - 1
B - 2
C - 3
D - 4
E - 5
A. FAIR - Factor Analysis of Information Risk models financial risk impact using Monte Carlo simulations
B. OCTAVE - Operationally Critical Threat, Asset and Vulnerability Evaluation is a qualitative risk framework
C. NIST RMF provides structured cybersecurity risk management guidelines
D. COSO ERM aligns risk with enterprise governance strategies
E. Bowtie Analysis visually model risk controls, linking threats to impacts
Your company is deploying secure backup solutions for disaster recovery in a hybrid environment. To prevent ransomware attacks, the security team is implementing a backup segmentation. Based on best practices, which backup strategy is most effective?
A. Use an online, continuously synchronized backup in the same data center
B. Implement an offline, air-gapped solution with strict access controls
C. Store backups in the same cloud storage as production data
D. Use RAID mirroring as the sole backup mechanism
E. Enable versioning in cloud backups, without additional security layers
B. Implement an offline, air-gapped solution with strict access controls
Explanation:
Air gapped backups prevent direct access, reducing ransomware risks
Your organization is required to encrypt sensitive financial transactions in compliance with PCI DSS regulations. The security team must choose an encryption standard that ensures data confidentiality while maintaining performance efficiency. Based on best practices, which encryption method should be implemented?
A. AES-256 in GCM mode for confidentiality and integrity
B. SHA-256 hashing to protect data at rest
C. RC4 stream cipher for fast encryption
D. MD5 hashing with salt for added security
E. DES encryption for backward compatibility
A. AES-256 in GCM mode for confidentiality and integrity
Explanation:
AES-256 GCM provides strong encryption and authentication
You should implement AES-256 in GCM mode for PCI DSS compliance. Always remember that encryption must ensure both confidentiality and integrity. Make sure encryption keys are properly managed to avoid exposure risks
Avoid using outdated encryption methods like DES and RC4 - they are vulnerable. Stay alert - SHA-256 and MD5 are hashing algorithms, not encryption methods. Do not confuse encryption with hashing- encryption is reversible, hashing is not
Which of the following is not a best practice for breach notification and communication strategies?
A. Aligning notifications with legal and regulatory compliance mandates
B. Establishing clear communication channels for internal and external stakeholder
C. Providing misleading info to avoid reputational damage
D. Engaging legal, compliance and security trams to coordinate an accurate disclosure strategy
E. Documenting and maintaining a breach notification plan as part of the incident response policy
C. Providing misleading info to avoid reputational damage
Explanation:
Providing misleading information is unethical and can lead to legal consequences
You should align breach notification processes with legal requirements. Always remember that accurate, timely disclosure is critical for compliance and trust. Make sure to involve legal, compliance and security teams in crafting breach communications.
Your company is deploying bio-metric authentication for high security access controls. The security team needs to ensure that bio-metric data is stored and transmitted securely to prevent unauthorized access or misuse. Which security configuration should be implemented?
A. Store bio-metric data in plaintext for quick retrieval
B. Encrypt biometric data using AES-256 with a hardware security module
C. Store biometric templates alongside user credentials in the authentication database
D. Transmit biometric data over unencrypted channels for faster authentication
E. Use weak hashing algorithms to store biometric fingerprints
B. Encrypt biometric data using AES-256 with a hardware security module
Explanation:
AES-256 encryption ensures biometric data remains secure and tamper proof.
You need to encrypt biometric data using AES-256 and store it securely in a hardware security module. Always remember that biometric authentication must protect data confidentiality. make sure that biometric data is never stored in plaintext.
Avoid storing biometric data alongside user credentials - it increases attack risks. Stay clear of unencrypted biometric transmission - it exposes data to interception. Do not confuse weak hashing with proper biometric encryption
Your SIEM alerts indicate a potential credential stuffing attack targeting the organizations VPN infrastructure. The attack pattern includes multiple failed authentication attmpts, followed by a successful login from an unsuaul geographic location. Below is the relevant SIEM log extract. What is the most likely attack vector?
2024-02-01 10:02:10 - Failed Logon - user: admin - IP 192.168.100.2
2024-02-01 10:03:15 - Failed Logon - user: admin - 192.168.100.3
2024-02-01 10:04:30 - Successful Login - user: admin - IP 203.0.113.99
A. User mistyped credentials before successfully logging in
B. Brute force attack was used to crack the VPN login
C. Compromised credential was used for unauthorized access
D. The SIEM system generated a false positive
E. The VPN client reauthenticated automatically
C. Compromised credential was used for unauthorized access
Explanation:
A compromised credential enabled unauthorized access after multiple failed logins.
You should identify credential stuffing attacks based on failed logins from different IPs followed by a successful login. Make sure to enforce MFA and monitor abnormal access patterns. Always remember that credential stuffing relies on breached passwords unlike brute force.
Avoid assuming failed logons alone indicate a brute force attack - credential stuffing uses valid creds from leaks. Stay clear of dismissing successful logins from new locations without verification
Your organization is conducting a threat modeling exercise for its cloud based application. The security team must assess potential threats using a structured methodology. The team is considering different frameworks to systematically analyze attacker objectives, attack techniques and security countermeasures. Which methodology best supports a structured breakdown of attack techniques, categorizing them by tactics and procedures?
A. A classification model focused on software development lifecycle risks
B. A framework designed to map adversary objectives across multiple stages of attack
C. A generic risk assessment tool used for regulatory compliance
D. A proprietary risk assessment checklist developed by a security vendor
E. A heuristic approach that prioritizes impact assessment over structured categorization
B. A framework designed to map adversary objectives across multiple stages of attack
Explanation:
A structured framework that maps adversary objectives and attack patterns effectively supports threat modeling
You should use structured frameworks like MITRE ATT&CK to categorize attack techniques systematically
Make sure to differentiate threat modeling from generic risk assessments. Always remember that structured frameworks help in tracking adversary behavior across multiple attack stages
Avoid using compliance checklists as threat modeling methodologies - compliance does not equal security
A financial services company has discovered that employees are using unauthorized cloud storage applications for document sharing. Security policies require strict data protection, but blocking all external storage could hinder productivity. What is the best approach to balance security and usability?
A. Completely block all external cloud storage services without exceptions
B. Allow only approved cloud storage solutions with enforced DLP policies
C. Implement a blanket ban on all cloud applications regardless of business impact
D. Monitor user activity but take no action unless data breaches are detected
E. Require manual approval for each individual cloud storage request
B. Allow only approved cloud storage solutions with enforced DLP policies
Explanation:
Enforcing DLP policies on approved cloud solutions ensures security while maintaining usability
You need to balance security and usability in cloud storage policies. Make sure only approved services are allowed with DLP enforcement. Always remember that restricting cloud access completely can harm productivity.
Your company is deploying an AI powered security monitoring system that automates threat detection. Ethical concerns have arisen regarding AI bias, decision transparency, and accountability in security enforcement. Compliance teams are also assessing the governance framework to ensure responsible AI deployment. Which AI governance principle best mitigates these concerns?
A. Implementing explainable AI (XAI) for transparent decision making
B. Disabling all automated responses to prevent biased enforcement
C. Limiting AI training datasets to avoid complex decision making
D. Allowing AI to operate without human oversight for efficiency
E. Enforcing a black box model to protect proprietary algorithms
A. Implementing explainable AI (XAI) for transparent decision making
Explanation:
Explainable AI (XAI) improves transparency and accountability in AI driven security models.
You need to ensure AI security models are explainable and transparent., Make sure AI driven threat detection is audible and accountable. Always remember that ethical AI deployment reduces risk of false positives and biased security decisions.
A multinational company integrates AI into its cybersecurity tool to enhance threat detection and response. During a security audit, analysts discover that the AI model is overly permissive, flagging legitimate user activities as attacks while missing actual exploits. The issue stems from AI training biases and insufficient model explainable. What security control should be prioritized to improve AI driven security accuracy?
A. Implement explainable AI (XAI) techniques to increase model transparency
B. Reduce AI training data to minimize complexity
C. Disable AI driven threat detection to prevent false positives
D. Allow AI models to operate without human intervention
E. Use black box AI models to increase security automation
A. Implement explainable AI (XAI) techniques to increase model transparency
Explanation:
Explainable AI (XAI) enhances model transparency and decision making
You need to implement explainable AI (XAI) to increase security model transparency. Make sure AI driven threat detection can justify its decisions. Always remember poorly trained AI can misclassify threats leading to security gaps
A. Unrestricted AI access to sensitive data
B. AI Based phishing and impersonation risks
C. Lack of transparency in AI decision making
D. Uncontrolled AI automation in security
E. Weak AI logging and auditing
- Enable AI explain-ability and decision logs
- Apply role based AI access control policies
- Implement AI specific DLP rules
- Enforce human oversight for AI based automation
- Enable AI behavior tracking and monitoring
A-2
B-3
C-1
D-4
E-5
A. AI RBAC policies ensure that AI does not have unrestricted access to sensitive data reducing the risk of unauthorized access data processing
B. AI based phishing and impersonation attacks can be mitigated by DLP mechanisms, which detection suspicious AI generated communications
C, Enabling explain-ability and decision logs improves AI transparency, allowing security teams to understand and validated AI actions
D. Enforcing human oversight ensures AI does not make unauthorized security decisions autonomously
E. AI behavior tracking allows monitoring of AI models, helping detect deviation from expected behavior
A threat intelligence report has identified a new access control exploit targeting organization using discretionary access control (DAC). The exploit allows attackers to modify access permissions to gain persistent access. Below is a redacted threat intelligence report:
Threat Report Snippet:
- Attack Vector: DAC Privilege Abuse
- TTPs used: Permission Modification, Privilege Persistence
- Impact: Attackers retain unauthorized access by changing ACL entries
- Mitigation Required: Shift to a more restrictive access model
What security model transition would best mitigate this attack?
A. Enforce Mandatory Access Control (MAC) to restrict access decisions
B. Keep DAC but implement additional auditing
C. Maintain flexibility by allowing user managed permissions
D. Increase logging of permission changes but do not change access models
E. Use manual security reviews to track unauthorized DAC modifications
A. Enforce Mandatory Access Control (MAC) to restrict access decisions
Explanation:
Mandatory Access Control (MAC) ensures that permissions are centrally enforced and cannot be modified by end users, preventing DAC privilege abuse
You should transition from DAC to MAC to prevent privilege persistence attacks. Make sure access permissions are centrally enforced, not modifiable by end users. DAC allows attackers to alter ACLs, making MAC a stronger alternative
NO
Your SOC team is responding to a security incident where a threat actor has compromised an endpoint and is exfiltrating sensitive data. The incident response plan follows the NIST 800-61 framework. which includes Preparation, Detection & Analysis, Containment, Eradication and Recovery, and Post Incident Activity. The team has successfully contained the breach and is now focused on restoring systems. What is the next step in the incident response?
A. Conduct post incident analysis to improve future response efforts
B. Ensure systems are fully restored and operational
C. Collect forensic evidence for investigation
D. Eradicate malware remnants from affected endpoints
E. Notify executive leadership about the incident resolution
D. Eradicate malware remnants from affected endpoints
Explanation:
Eradication ensures all threats are removed before system recovery
You need to follow NIST 800-61 incident response framework - after containing a breach, focus on eradication before recovery. Make sure all malware remnants, persistence mechanisms and backdoors are removed before restoring systems. Always remember that skipping eradication leads to reinfections.
Avoid proceeding with system restoration before ensuring full malware removal
Your security team is monitoring a cloud native CI/CD pipeline and detects anomalous activity, linked to a known threat actor. The threat intelligence platform provides the following indicators of compromise (IoCs):
- IP Address 45.12.100.55
- Malicious API Token: XJDUE983JJSS
- Repository: malware-injected-repo-git
What is the best security response based on these IoCs?
A,. Revoke the compromised API token immediately
B. Quarantine all developers using the same repo
C. Ignore the alert if no production services were affected
D. Reimage all developer workstations without investigation
E. Disable the entire CI/CD pipeline for manual review
A,. Revoke the compromised API token immediately
Explanation:
Revoking compromised API tokens prevent further attacks.
You need to act immediately when a compromised API token is detected. Make sure all compromised credentials are revoked and rotated to prevent further damage Always remember that attackers often use stolen API tokens for continuous unauthorized access.
Your company is deploying a load balancing strategy to ensure high availability for a web application. The security team is evaluating active active vs active passive configurations for the load balancer. Below is the current configuration:
yaml
mode: active-passive
primary_ln: lb1
backup_lb: lb2
failover: automatic
What security enhancement should be made to maximize availability while maintaining security?
A. Implement an active active load balancing configuration
B. Disable fail over to prevent unexpected disruptions
C. Allow all incoming traffic to bypass the load balancer
D. Remove the secondary load balancer to simplify management
E. Use a round robin method with a single load balancer
A. Implement an active active load balancing configuration
Explanation:
Active active load balancing ensures continuous availability and fault tolerance
An enterprise wants to integrate Runtime Application Self protection (RASP) to enhance real time attack detection and mitigation for its Java based web applications. Below is the current security configuration:
SecurityConfig )
enableWAF: true
enableRASP: false,
loggingLevel: “INFO”
csrfProtection:”strict”
Which two modifications should be made to implement RASP effectively?
A. Set enableRASP to true to activate runtime protection
B. Increase logging level to DEBUG for deeper security insights
C. Modify CSRF protection to disabled for performance
D. Configure RASP to terminate malicious requests in real time
E. Disable WAF since RASP will handle all security protections
A. Set enableRASP to true to activate runtime protection
D. Configure RASP to terminate malicious requests in real time
Explanation:
A. Enabling RASP activates real time attack detection and response
D. RASP should be configured to detect and block malicious activity automatically
Your CI/CD pipeline integrates third party libraries and security teams have identified a dependeancy with a known vulnerability. Below is the security advisory:
CVE-2025-0987 - High Risk RCE Vulnerability in libcrypto.so
Impact: Allows remote code execution on affected systems
Recommended Action: Upgrade to version 2.3.1 or later
How should your team handle this security threat?
A. Immediately upgrade the affected library to the latest version
B. Monitor for exploit activity but delay upgrading to prevent disruptions
C. Remove the library and deploy without encryption dependencies
D. Ignore the advisory since there are are no known exploits
E. Downgrade to a stable version without documented vulnerabilities
A. Immediately upgrade the affected library to the latest version
Explanation:
Upgrading to a patched version mtigates the risk of remote code execution
You need to immediately update vulnerable third party libraries when CVEs are identified . Make sure software dependency management is proactive. Always remember that even if an exploit is not yet reported, attackers may still develop one
Your organization is undergoing a compliance audit to assess the risk of using EOL systems. Which of the following does NOT contribute to compliance violations when using EOL software?
A. Lack of security updates for known vulnerabilities
B. Increased risk of non compliance with industry regulations
C. Use of vendor approved security patches
D. Failure to implement compensating controls
E. Inability to meet data protection requirements
C. Use of vendor approved security patches
Explanation:
Using vendor approved patches does not contribute to compliance risks
You need to ensure compliance with industry regulations when using EOL systems.
Make sure compensating security controls are implemented if an EOL system must remain in use.
Your organization is undergoing a compliance audit to assess the risk of using EOL systems. Which of the following does NOT contribute to compliance violations when using EOL software?
A. Lack of security updates for known vulnerabilities
B. Increased risk of non compliance with industry standards
C. Use of vendor approved security patches
D. Increased attack surface due to unsupported software
E. Failure to implement compensating security controls
C. Use of vendor approved security patches
