SecurityX Practice Exam #1 (Dion) Flashcards
Judith is conducting a vulnerability scan of her data center. She notices that a management interface for a virtualization platform is exposed to her vulnerability scanner. Which of the following networks should the hypervisor’s management interface be exposed to ensure the best security of the virtualization platform?
Screened subnet
Internal zone
Management network
External zone
Management network
Explanation:
OBJ 2.3: The management interface should only be exposed to an isolated or dedicated network used for the management and configuration of the network device and platforms only. This would also help reduce the likelihood of an attack against the virtualization platform or the hypervisor itself. The external zone (internet), internal zone (LAN), or screened subnet (formerly called a DMZ) should not have the management interface exposed to them. For support or reporting issues, include Question ID: 63fe07043b7322449ddbc8a6 in your ticket. Thank you.
Which of the following is an example of a legal and privacy risk associated with the potential misuse of artificial intelligence (AI)?
Over-reliance on manual auditing processes
Unauthorized access to AI training datasets
Incomplete encryption key rotation
Inefficient data storage solutions
Unauthorized access to AI training datasets
Explanation:
OBJ 1.5: One legal and privacy implication of AI misuse involves unauthorized access to training datasets. These datasets often contain sensitive or personal information, and misuse can result in data breaches or violations of privacy laws such as GDPR or CCPA. Over-reliance on manual auditing processes is a general operational inefficiency, not a misuse risk related to AI. Inefficient data storage solutions pertain to resource management and are not specific to legal or privacy concerns of AI. Incomplete encryption key rotation is a security misconfiguration, not directly related to AI misuse. For support or reporting issues, include Question ID: 674febe7db3fddf57c662c2e in your ticket. Thank you.
Which of the following methods should a cybersecurity analyst use to locate any instances on the network where passwords are being sent in cleartext?
SIEM event log monitoring
Software design documentation review
Full packet capture
Net flow capture
Full packet capture
Explanation:
OBJ 4.1: Full packet capture records the complete payload of every packet crossing the network. The other methods will not provide sufficient information to detect a cleartext password being sent. A net flow analysis will determine where communications occurred, by what protocol, to which devices, and how much content was sent. Still, it will not reveal anything about the content itself since it only analyzes the metadata for each packet crossing the network. A SIEM event log being monitored might detect that an authentication event has occurred. Still, it will not necessarily reveal if the password was sent in cleartext, as a hash value, or in the ciphertext. A software design documentation may also reveal the designer’s intentions for authentication when they created the application, but this only provides an ‘as designed’ approach for a given software and does not provide whether the ‘as-built’ configuration was implemented securely. For support or reporting issues, include Question ID: 63fe07243b7322449ddbca34 in your ticket. Thank you.
Joseph is interpreting a vulnerability that has a CVSS (v3.1) base score of 8.3. In what risk category would this vulnerability fit?
High
Critical
Medium
Low
High
Explanation:
OBJ 3.6: CVSS metrics are categorized as critical, high, medium, low, or none based on their numerical score. Vulnerabilities with CVSS base scores rated 9.0 or above are classified as critical. CVSS scores between 7.0 and 8.9 are classified as high. CVSS scores between 4.0 and 6.9 are classified as medium. CVSS scores between 0.1 and 3.9 are classified as low. CVSS scores of 0.0 are classified as none. For support or reporting issues, include Question ID: 63fe07583b7322449ddbccb9 in your ticket. Thank you.
A security operations team integrates OSINT into its threat intelligence program. During an investigation, the team discovers chatter on a public forum about a potential exploit targeting the organization’s specific software stack. Which of the following actions demonstrates the most effective use of OSINT in this scenario?
Share the forum post with internal stakeholders and continue monitoring for updates
Cross-reference the exploit details with internal systems to identify potential vulnerabilities
Report the forum activity to law enforcement and wait for further developments
Block all inbound traffic associated with IP addresses mentioned in the forum post
Cross-reference the exploit details with internal systems to identify potential vulnerabilities
Explanation:
OBJ 4.3 - Effective use of open-source intelligence (OSINT) requires leveraging publicly available information to proactively identify and mitigate risks. By cross-referencing the exploit details with internal systems, the team can assess whether their environment is vulnerable and take preventive actions. Sharing the forum post is informative but does not mitigate risk. Blocking IPs may be overly broad and does not address the exploit itself. Reporting to law enforcement might be appropriate later but delays immediate action to secure internal systems. For support or reporting issues, include Question ID: 67508b14f86f3d695e9ad163 in your ticket. Thank you.
Which of the following elements is LEAST likely to be included in an organization’s data retention policy?
Description of information that needs to be retained
Maximum retention period
Minimum retention period
Classification of information
Classification of information
Explanation:
OBJ 1.1: Data retention policies highlight what types of information an organization will maintain and the length of time they will maintain it. Data classification would not be covered in the retention policy but would be a key part of your organization’s data classification policy. For support or reporting issues, include Question ID: 63fe08123b7322449ddbd5d6 in your ticket. Thank you.
A competitor recently bought Dion Training’s ITIL 4 Foundation training course, transcribed the video captions into a document, re-recorded the course exactly word for word as an audiobook, then published this newly recorded audiobook for sale on Audible. From Dion Training’s perspective, how would you BEST classify this situation?
Identity theft
Mission essential function
Data breach
IP theft
IP theft
Explanation:
OBJ 1.1: This is an example of intellectual property (IP) theft and it happened in 2019 to our company. The competitor wasn’t even smart enough to change the examples we used throughout our course from our website (diontraining.com) to their website and re-recorded our entire 8-hour course word-for-word to sell as an audiobook. This is not identity theft because they didn’t pretend to be Jason Dion or Dion Training. This is not a data breach because they did not compromise our systems to steal the course. Instead, they went to our website and purchased it. The risk is not a mission-essential function. A mission essential function is something that your organization must do to maintain its operations. For example, at Dion Training, our mission essential functions are (1) recording and editing training videos and (2) writing and publishing practice exams. For support or reporting issues, include Question ID: 63fe07f73b7322449ddbd487 in your ticket. Thank you.
A third-party vendor has just released patches to resolve a major vulnerability. There are over 100 critical devices that need to be updated. What action should be taken to ensure the patch is installed with minimal downtime?
Deploy the patch in a lab environment to quickly conduct testing, get approval for an emergency change, and then immediately install it in the production environment
Configure endpoints to automatically download and install the patches
Download and install all patches in the production network during the next scheduled maintenance period
Test the patch in a lab environment and then install it in the production network during the next scheduled maintenance
Deploy the patch in a lab environment to quickly conduct testing, get approval for an emergency change, and then immediately install it in the production environment
Explanation:
OBJ 3.6: Patches should always be tested first. Once successfully tested, deployment to the production environment can then be accomplished. For support or reporting issues, include Question ID: 63fe07753b7322449ddbce1c in your ticket. Thank you.
Due to numerous network misconfiguration issues in the past, Dion Training adopted a policy that requires a second technician to verify any configuration changes before they are applied to a network device. When the technician inspects a newly proposed configuration change from a coworker, she determines that it would improperly configure the AS number on the device. Which of the following issues could have resulted from this configuration change if it was applied?
Wireless coverage area would be decreased
BGP routing issues would have occurred
Spanning tree ports would have entered flooding mode
A frequency mismatch would have occurred
BGP routing issues would have occurred
Explanation:
OBJ 3.3: BGP (Border Gateway Protocol) is used to route data between autonomous systems (AS). A collection of networks within the same administrative domain is called an autonomous system (AS). The routers within an AS to use an interior gateway protocol, such as the Routing Information Protocol (RIP) or the Open Shortest Path First (OSPF) protocol, exchange routing information among themselves. Autonomous systems operate at layer 3 and are focused on wired networks. Therefore, the frequency mismatch, decreased wireless coverage areas, and spanning tree ports would not be affected by the improper configuration of an AS number on a device. For support or reporting issues, include Question ID: 63fe070d3b7322449ddbc90f in your ticket. Thank you.
Dion Training is concerned with the possibility of a data breach causing a financial loss to the company. After performing a risk analysis, the COO decides to purchase data breach insurance to protect the company from an incident. Which of the following best describes the company’s risk response?
Avoidance
Mitigation
Transference
Acceptance
Transference
Explanation:
OBJ 1.2: Transference (or sharing) means assigning risk to a third party (such as an insurance company or a contract with a supplier that defines liabilities). Avoidance means that the company stops doing an activity that is risk-bearing. Risk mitigation is the overall process of reducing exposure to or the effects of risk factors, such as patching a vulnerable system. Acceptance means that no countermeasures are put in place either because the risk level does not justify the cost or because there will be an unavoidable delay before the countermeasures are deployed. For support or reporting issues, include Question ID: 63fe07f73b7322449ddbd482 in your ticket. Thank you.
What phase of the software development lifecycle is sometimes known as the acceptance, installation, and deployment phase?
Disposition
Operations and maintenance
Training and transition
Development
Training and transition
Explanation:
OBJ 2.2: The training and transition phase ensures that end users are trained on the software and entered general use. Because of these activities, this phase is sometimes called the acceptance, installation, and deployment phase. Disposition is focused on the retirement of an application or system. Operations and maintenance are focused on the portion of the lifecycle where the application or system goes into use to provide value to the end-users. Development is the portion of the lifecycle focused on designing and coding the application or system. For support or reporting issues, include Question ID: 63fe06d23b7322449ddbc63a in your ticket. Thank you.
Dion Training has just installed a new hub/control system to control the lights, HVAC, and power to the devices in their studio. The new hub/control system relies on Zigbee for wireless communication and networking between the different devices. Which of the following types of operational technology best describes the network and devices they installed?
ASIC
IoT
SoC
FPGA
IoT
Explanation:
OBJ 3.5: Internet of Things (IoT) is a term used to describe a global network of appliances and personal devices that have been equipped with sensors, software, and network connectivity. IoT normally relies on Zigbee or Z-wave to facilitate the networking of the devices, including hub/control systems, smart devices, wearables, and sensors. A System on a Chip (SoC) integrates practically all the components of a traditional chipset (which is comprised of as many as four chips that control communication between the CPU, RAM, storage, and peripherals) into a single chip. SoC includes the processor as well as a GPU (graphics processor), memory, USB controller, power management circuits, and wireless radios. A field programmable gate array (FPGA) is a type of processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture. A FPGA can be configured by the end customer to run programming logic on the device for their specific use case or application. An application-specific integrated circuit (ASIC) is a type of processor designed to perform a specific function. ASICs are expensive to design and only work for a single application or function, such as the ASICs used to conduct switching in an Ethernet switch. For support or reporting issues, include Question ID: 63fe07dc3b7322449ddbd331 in your ticket. Thank you.
During a vulnerability scan of its hybrid infrastructure, an organization discovers a high number of false positives in its scan results. Which action should the organization take to improve the accuracy of future scans?
Exclude all previously identified vulnerabilities from future scans
Increase the scan frequency to validate findings more often
Use vulnerability signatures tailored to the organization’s assets
Switch to an uncredentialed scan mode for reduced complexity
Use vulnerability signatures tailored to the organization’s assets
Explanation:
OBJ 2.1: Tailoring vulnerability signatures to the organization’s specific assets improves scan accuracy by reducing false positives. This ensures that the scanner focuses on relevant vulnerabilities for the environment. Increasing scan frequency does not address the root cause of false positives. Switching to uncredentialed scans reduces the level of detail in the results and does not improve accuracy. Excluding all previously identified vulnerabilities risks missing critical findings in future scans and is not a best practice. For support or reporting issues, include Question ID: 6750f2d6ec280b7d2c7fa243 in your ticket. Thank you.
You have been hired as a cybersecurity analyst for a privately-owned bank. Which of the following regulations would have the greatest impact on your bank’s cybersecurity program?
GLBA
SOX
HIPAA
FERPA
GLBA
Explanation:
OBJ 1.3: The Gramm-Leach-Bliley Act (GLBA) is a United States federal law that requires financial institutions to explain how they share and protect their customers’ private information. The Health Insurance Portability and Accountability Act (HIPAA) is a US law designed to provide privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers. Sarbanes-Oxley (SOX) is a United States federal law that sets new or expanded requirements for all US public company boards, management, and public accounting firms. The Family Educational Rights and Privacy Act (FERPA) of 1974 is a United States federal law that governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments. For support or reporting issues, include Question ID: 63fe07f23b7322449ddbd44b in your ticket. Thank you.
You identified a critical vulnerability in one of your organization’s databases. You researched a solution, but it will require the server to be taken offline during the patch installation. You have received permission from the Change Advisory Board to implement this emergency change at 11 pm once everyone has left the office. It is now 3 pm; what action(s) should you take now to best prepare for implementing this evening’s change? (SELECT ALL THAT APPLY)
Document the change in the change management system
Ensure all stakeholders are informed of the planned outage
Identify any potential risks associated with installing the patch
Take the opportunity to install a new feature pack that has been requested
Validate the installation of the patch in a staging environment
Take the server offline at 10 pm in preparation for the change
Document the change in the change management system
Ensure all stakeholders are informed of the planned outage
Identify any potential risks associated with installing the patch
Validate the installation of the patch in a staging environment
Explanation:
OBJ 1.1: You should send out a notification to the key stakeholders to ensure they are notified of the planned outage this evening. You should test and validate the patch in a staging environment before installing it on the production server. You should identify any potential risks associated with installing this patch. You should also document the change in the change management system. You should not take the server offline before your change window begins at 11 pm, which could affect users who are relying on the system. You should not take this opportunity to install any additional software, features, or patches unless you have received approval from the Change Advisory Board (CAB). For support or reporting issues, include Question ID: 63fe07933b7322449ddbcf99 in your ticket. Thank you.
Jason has installed multiple virtual machines on a single physical server. He needs to ensure that the traffic is logically separated between each virtual machine. How can Jason best implement this requirement?
Configure a virtual switch on the physical server and create VLANs
Conduct system partitioning on the physical server to ensure the virtual disk images are on different partitions
Create a virtual router and disable the spanning tree protocol
Install a virtual firewall and establish an access control list
Configure a virtual switch on the physical server and create VLANs
Explanation:
OBJ 1.2: A virtual switch is a software application that allows communication between virtual machines. A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. This solution provides a logical separation of each virtual machine through the use of VLANs on the virtual switch. For support or reporting issues, include Question ID: 63fe06c33b7322449ddbc584 in your ticket. Thank you.
Which of the following is a best practice that should be followed when scheduling vulnerability scans of an organization’s data center?
Schedule scans to run during peak times to simulate performance under load
Schedule scans to begin at the same time every day
Schedule scans to be conducted evenly throughout the day
Schedule scans to run during periods of low activity
Schedule scans to run during periods of low activity
Explanation:
OBJ 3.6: For the best results, the scans should be scheduled during periods of low activity. This will help to reduce the negative impact of scanning on business operations. The other three options all carry a higher risk of causing disruptions to the network or its business operations. For support or reporting issues, include Question ID: 63fe07333b7322449ddbcaed in your ticket. Thank you.
During a vulnerability scan of your network, you identified a vulnerability on an appliance installed by a vendor on your network under an ongoing service contract. You do not have access to the appliance’s operating system as the device was installed under a support agreement with the vendor. What is your best course of action to remediate or mitigate this vulnerability?
Wait 30 days, run the scan again, and determine if the vendor corrected the vulnerability
Contact the vendor to provide an update or to remediate the vulnerability
Mark the identified vulnerability as a false positive
Try to gain access to the underlying operating system and install the patch
Contact the vendor to provide an update or to remediate the vulnerability
Explanation:
OBJ 1.2: You should contact the vendor to determine if a patch is available for installation. Since this is a vendor-supported appliance installed under a service contract, the vendor is responsible for the appliance’s management and security. You should not attempt to gain access to the underlying operating system to patch the vulnerability yourself, as this could void your warranty and void your service contract. Based on the information provided, there is no reason to believe that this is a false positive, either. You should not simply wait 30 days and rerun the scan, as this is a non-action. Instead, you should contact the vendor to fix this vulnerability. Then, you could rerun the scan to validate they have completed the mitigations and remediations. For support or reporting issues, include Question ID: 63fe07e83b7322449ddbd3c7 in your ticket. Thank you.
A cybersecurity analyst is preparing to run a vulnerability scan on a dedicated Apache server that will be moved into a DMZ. Which of the following vulnerability scans is most likely to provide valuable information to the analyst?
Database vulnerability scan
Network vulnerability scan
Web application vulnerability scan
Port scan
Web application vulnerability scan
Explanation:
OBJ 4.2: Since Apache is being run on the scanned server, this indicates a web server. Therefore, a web application vulnerability scan would be the most likely to provide valuable information. A network vulnerability scan or port scan can provide valuable information against any network-enabled server. Since an Apache server doesn’t contain a database by default, running a database vulnerability scan is not likely to provide any valuable information to the analyst. For support or reporting issues, include Question ID: 63fe07143b7322449ddbc969 in your ticket. Thank you.
An organization is deploying a critical software application and wants to ensure the integrity and authenticity of its code. Which of the following practices best supports the verification of software provenance?
Requiring developers to sign software packages with digital certificates
Monitoring application performance post-deployment for anomalies
Using sandbox environments to test the software before deployment
Scanning the software for vulnerabilities with automated company-approved tools
Requiring developers to sign software packages with digital certificates
Explanation:
OBJ 3.8 - Software provenance refers to verifying the origin, authenticity, and integrity of software. Requiring developers to sign software packages with digital certificates ensures that the software comes from a trusted source and has not been tampered with. Testing in sandbox environments and scanning for vulnerabilities are important practices but do not verify software provenance. Monitoring performance post-deployment helps detect issues but does not establish the software’s integrity or authenticity. For support or reporting issues, include Question ID: 67508577f86f3d695e9ad0dc in your ticket. Thank you.
BigBuxxNow is an e-commerce company that is planning to deploy a WAF to protect its customer-facing web applications. The WAF must meet the following requirements:
- Detect and block common web application attacks such as SQL injection and cross-site scripting (XSS)
- Allow legitimate traffic with minimal false positives
- Adapt dynamically to changes in application behavior
Which WAF feature is most critical to achieving these requirements?
Allowlisting specific IP ranges
Integration with a Content Delivery Network
Predefined signature-based rules
Machine learning-based behavior analysis
Machine learning-based behavior analysis
Explanation:
OBJ 2.1: A machine learning-based Web Application Firewall (WAF) dynamically analyzes application behavior and adapts to detect novel threats while minimizing false positives. This capability is essential for handling sophisticated and evolving attack vectors in modern web applications. Predefined signature-based rules help block known threats but cannot adapt to new or evolving attacks. Integration with a Content Delivery Network (CDN) improves performance and scalability but is not directly tied to attack detection. Allowlisting specific IP ranges provides limited access control and does not address dynamic threat detection. For support or reporting issues, include Question ID: 6750f599ec280b7d2c7fa25c in your ticket. Thank you.
Dion Training wants to purchase an email marketing solution to better communicate with their students. A promising new startup has a new offering to provide access to their product from a central location rather than requiring Dion Training to host the product on their internal network. Dion Training wants to ensure that their sensitive corporate information is not accessible by any startup’s other clients. Which type of cloud server should Dion Training look to purchase to meet these needs?
Hybrid IaaS
Private SaaS
Community IaaS
Public SaaS
Private SaaS
Explanation:
OBJ 2.5: SaaS (Software as a Service) is a cloud model whereby a service provider provides a software service and makes the service available to customers over the Internet. Examples of SaaS solutions include Microsoft Office 365, Microsoft Exchange Online, and Google Docs. Because of the concerns with sensitive corporate information being processed by the SaaS, Dion Training should ensure a Private SaaS is chosen. A private cloud is a particular model of cloud computing that involves a distinct and secure cloud-based environment in which only the specified client (Dion Training in this case) can operate. A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume. A community cloud is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally. A hybrid cloud uses a mix of on-premises, private cloud, and third-party, public cloud services with orchestration between these platforms. This typically involves a connection from an on-premises data center to a public cloud. For support or reporting issues, include Question ID: 63fe06e03b7322449ddbc6e9 in your ticket. Thank you.
A healthcare facility uses embedded systems in its medical devices, many of which have limited processing power and cannot run modern security software. To mitigate risks, the IT team ensures that all devices are operating on private networks and uses strict access control policies. What key risk mitigation technique is being employed?
Deperimeterization
Software updates
Segmentation and monitoring
Environmental hardening
Segmentation and monitoring
Explanation:
OBJ 3.5: Segmentation and monitoring limit the attack surface of embedded systems by placing them on private network segments with strict access controls. Software updates may not be feasible for systems with limited capabilities. Deperimeterization reduces reliance on network boundaries but does not directly secure devices. Environmental hardening addresses physical protection, not network security. For support or reporting issues, include Question ID: 6751b03d2f8fe131b6ff6d18 in your ticket. Thank you.
NA