SecurityPlus Flashcards
In a high-security facility, guards are stationed at every entrance, and all visitors are logged and surveilled. Which type of control is primarily being utilized here?
Physical control
Physical control involves securing physical access to facilities, like guard stations and visitor logs, and is the primary control being utilized here.
A security manager at a software company is revising the SDLC process to include risk management strategies and compliance with legal requirements. Which category of controls is the manager focusing on?
Managerial controls
Managerial controls is the correct category because it encompasses decisions and management of risk, focusing on procedures, legal policies, and regulatory policies relevant to the software development lifecycle.
Following a data breach, your company revises its network security protocols and enhances its incident response procedures. Which type of control does this revision represent?
Corrective control
Corrective controls include actions taken to repair damage and enhance procedures post-incident, like the network security protocol revision and incident response enhancements in this scenario.
A retail company implements a new policy requiring all employees to undergo security awareness training annually. What type of control does this new policy exemplify?
Directive control
Directive controls involve guiding the operation and use of systems, like the mandatory security training policy.
Your company sets up a network of simulated vulnerable systems in an effort to trap and study potential attackers. What type of setup does this best describe?
Honeynet
A honeynet is a network or system with intentional vulnerabilities to divert attackers from real systems and analyze their behavior.
A global corporation with employees working remotely across different time zones decides to implement a policy where access to sensitive systems is granted based on the user’s role, time of access, and location. Which aspect of security does this approach primarily enhance?
Policy-driven access control
Policy-driven access control involves granting access based on predefined policies and information such as the user’s role, time, and location, which aligns with the corporation’s new policy.
You work in the IT department of a large international organization and are tasked with upgrading the authentication system to secure employee access to the company’s internal network better. Considering the increasing number of remote workers using various devices, which authentication model should you prioritize to enhance security without significantly impacting user convenience?
Utilizing multifactor authentication (MFA) for all employee access
Multifactor authentication (MFA) is the most suitable choice in this scenario, primarily because it significantly increases security by requiring users to provide two or more verification factors to gain access. This is particularly important given the diversity of devices and locations from which remote workers are accessing the internal network. MFA mitigates risks associated with compromised credentials, a common threat in remote work scenarios.
You were at a small regional bank that recently began receiving fraudulent claims that money was not correctly transferred to a designated bank account. Your institution implements a system ensuring that the authorship of a transaction cannot be denied or disputed once made. This measure primarily addresses which fundamental security concept?
Non-repudiation
Non-repudiation ensures that the authorship of a transaction cannot be denied, providing assurance of the origin and integrity of the data.
A tech company regularly updates just its network diagrams to reflect recent changes in its IT infrastructure, which is crucial for maintaining an accurate understanding of the network’s current state. What is this practice known as?
Updating diagrams
Updating diagrams specifically refers to revising network diagrams to include recent changes in IT infrastructure.
In a financial organization, the IT team is assigned specific computers, servers, and network equipment to manage. They are responsible for defining the security requirements and managing the risk profile of this equipment. Which of the following best describes this scenario?
Ownership
Ownership involves responsibility for specific assets, ensuring security, and managing risk profiles.
A company is creating a security policy for corporate mobile devices:
* All mobile devices must be automatically locked after a predefined time period.
* The location of each device needs to be traceable.
* All of the user’s information should be completely separate from company data.
Which of the following would be the BEST way to establish these security policy rules?
MDM
An MDM (Mobile Device Manager) provides a centralized management system for all mobile devices. From this central console, security administrators can set policies for many different types of mobile devices.
A company has placed a SCADA system on a segmented network with limited access from the rest of the corporate network. Which of the following would describe this process?
Hardening
The hardening process for an industrial SCADA (Supervisory Control and Data Acquisition) system might include network segmentation, additional firewall controls, and the implementation of access control lists.
A receptionist at a manufacturing company recently received an email from the CEO asking for a copy of the internal corporate employee directory. It was later determined that the email address was not sent from the CEO and the domain associated with the email address was not a corporate domain name. What type of training could help identify this type of attack in the future?
Recognizing social engineering
Impersonating the CEO is a common social engineering technique. There are many ways to recognize a social engineering attack, and it’s important to train everyone to spot these situations when they are occurring.
A company has hired a third-party to gather information about the company’s servers and data. This third-party will not have direct access to the company’s internal network, but they can gather information from any other source.
Which of the following would BEST describe this approach?
Passive reconnaissance.
A company’s email server has received an email from a third-party, but the origination server does not match the list of authorized devices. Which of the following would determine the disposition of this message?
DMARC
Which of these threat actors would be MOST likely to attack systems for direct financial gain?
Organized crime.
A security administrator has examined a server recently compromised by an attacker, and has determined the system was exploited due to a known operating system vulnerability. Which of the following would BEST describe this finding?
Root cause analysis.
A city is building an ambulance service network for emergency medical dispatching. Which of the following should have the highest priority?
System availability.
A system administrator receives a text alert when access rights are changed on a database containing private customer information. Which of the following would describe this alert?
Automation.
A security administrator is concerned about the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this method of data exfiltration?
Create an operating system security policy Quick to block the use of removable media.
A company creates a standard set of government reports each calendar quarter. Which of the following would describe this type of data?
Regulated.
An insurance company has created a set of policies to handle data breaches. The security team has been given this set of requirements based on these policies: Access records from all devices must be saved and archived Any data access outside of normal working hours must be immediately reported Data access must only occur inside of the country Access logs and audit reports must be created from a single database Which of the following should be implemented by the security team to meet these requirements? (Select THREE)
Restrict login access by IP address and Quick GPS location
Consolidate all logs on a SIEM
Enable time-of-day restrictions on the authentication server
Rodney, a security engineer, is viewing this record from the firewall logs: UTC 04/05/2023 03:09:15809 AV Gateway Alert 136.127.92.171 80 -> 10.16.10.14 60818 Gateway Anti-Virus Alert: XPACK.A_7854 (Trojan) blocked. Which of the following can be observed from this log information?
A download was blocked from a web server.
A user connects to a third-party website and receives this message: Your connection is not private. NET::ERR_CERT_INVALID Which of the following attacks would be the MOST likely reason for this message?
On-path.
