SecurityX Practice Exam #6 (Dion) Flashcards

Question

NA

Answer 1

Improper key handling Explanation: OBJ 3.1: The CTO conducted improper key handling by not encrypting the key on the memory card and not storing the memory card in a locked drawer or safe. Improper key handling occurs when private keys and symmetric keys are improperly protected or stored. Improper key handling can lead to data breaches, so any keys identified as having been improperly handled should be revoked and replaced. Key rotation is the process of purposely changing keys periodically to mitigate against brute force attacks and key disclosure compromises. During key rotation, the previous key is also revoked and invalidated. Rekeying is the process of changing an individual key during a communication session. Most communication protocols use session key rekeying to protect the data being transmitted. A rekeying is normally triggered based on the volume of data communicated or the amount of time since the last rekeying. A mismatched key error occurs is the wrong public/private key pair is used to decrypt data. The most common forms of this error are displayed as “key mismatch” or “X509_check_private_key”. For support or reporting issues, include Question ID: 63fe07bd3b7322449ddbd1b0 in your ticket. Thank you.

Answer 2

XML Explanation: OBJ 2.4: Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). SAML transactions use Extensible Markup Language (XML) for standardized communication between the identity and service providers. SAML is the link between the authentication of a user’s identity and the authorization to use a service. For support or reporting issues, include Question ID: 63fe06da3b7322449ddbc69e in your ticket. Thank you.

Answer 3

Gap analysis Explanation: OBJ 1.2: A gap analysis measures the difference between the current state and desired state to assess the scope of work included in a project. By measuring ALE, MTTR, MTBF, TCO, and other factors, the organization can identify how closely it is performing to the desired outcomes or requirements. A tradeoff analysis compares potential benefits to potential risks and determines a course of action based on adjusting factors that contribute to each area. A business impact analysis describes the collaborative effort to identify those systems and software that perform essential functions, meaning the organization cannot run without them. A privacy impact assessment is conducted by an organization for it to determine where its privacy data is stored and how that privacy data moves throughout an information system. It evaluates the impacts that may be realized by a compromise to the confidentiality, integrity, and/or availability of the data. For support or reporting issues, include Question ID: 63fe07ed3b7322449ddbd405 in your ticket. Thank you.

Answer 4

System components are identified and segmented to restrict interactions based on requirements Explanation: OBJ 2.6 - Identifying and segmenting system components ensures that interactions are restricted based on defined roles and requirements, supporting a Zero Trust approach to network security. Grouping all components into a single perimeter or excluding them from segmentation undermines security. Centralization is not required for defining security boundaries but may be useful for other purposes like monitoring. For support or reporting issues, include Question ID: 674f7264be598e99e87d620f in your ticket. Thank you.

Answer 5

Service provider (SP) Explanation: OBJ 2.4: Security assertions markup language (SAML) is an XML-based framework for exchanging security-related information such as user authentication, entitlement, and attributes. SAML is often used in conjunction with SOAP. SAML is a solution for providing single sign-on (SSO) and federated identity management. It allows a service provider (SP) to establish a trust relationship with an identity provider (IdP) so that the SP can trust the identity of a user (the principal) without the user having to authenticate directly with the SP. The principal's User Agent (typically a browser) requests a resource from the service provider (SP). The resource host can also be referred to as the relying party (RP). If the user agent does not already have a valid session, the SP redirects the user agent to the identity provider (IdP). The IdP requests the principal's credentials if not already signed in and, if correct, provides a SAML response containing one or more assertions. The SP verifies the signature(s) and (if accepted) establishes a session and provides access to the resource. For support or reporting issues, include Question ID: 63fe06ea3b7322449ddbc761 in your ticket. Thank you.

Answer 6

Regularly updating build tools and integrating feedback from post-deployment reviews Explanation: OBJ 2.2: Continuous improvement involves iteratively enhancing processes, tools, and practices within the CI/CD pipeline. Regular updates to build tools ensure compatibility and security, while feedback from post-deployment reviews helps identify areas for optimization. Freezing the pipeline configuration may lead to stagnation and prevent addressing emerging challenges. Limiting automated testing reduces the pipeline's effectiveness in catching vulnerabilities early. Avoiding pipeline changes contradicts the principle of continuous improvement, which requires iterative updates. For support or reporting issues, include Question ID: 6750fd9823df37e1b5ec5f8c in your ticket. Thank you.

Answer 7

Returns only files hosted at diontraining.com Returns only Microsoft Excel spreadsheets Personalization is turned off Explanation: OBJ 1.4: The above example searches for files with the name "password" in them (q=password) and (+) have a filetype equal to xls (filetype%3Axls, %3A is the hex-code for ':') and (+) limits the results to files hosted on diontraining.com (site%3Adiontraining.com) and (&) disables personalization (pws=0) and (&) deactivates the directory filtering function (filter=p). If you wanted to exclude Microsoft Excel spreadsheets, this would be done by typing -filetype%3Axls as part of the search query. To find related websites or pages, you would include the "related:" term to the query. To deactivate all filters from the search, the "filter=0" should be used. To deactivate the directory filtering function, the "filter=p" is used. For support or reporting issues, include Question ID: 63fe07993b7322449ddbcfeb in your ticket. Thank you.

Answer 8

DLP Explanation: OBJ 4.1: Data loss prevention (DLP) systems are used to ensure that end-users do not send sensitive or critical information outside the corporate network. These DLP products help a network administrator control what data end users can transfer. While an Acceptable Use Policy (AUP), Non-Disclosure Agreement (NDA), or MOU (Memorandum of Understanding) might provide some administrative controls to help mitigate the threat of data loss or theft, a DLP is the BEST solution as it provides a technical way to enforce your policies. For support or reporting issues, include Question ID: 63fe06e03b7322449ddbc6e4 in your ticket. Thank you.

Answer 9

find /var/log/ -exec grep -H -e "[Tt]erri" {} \; 2> /dev/null Explanation: OBJ 4.1: The find command will by default look at every single file starting in a designated subdirectory (in this case /var/log) and will execute whatever command is specified between "-exec" and "\;" with the 'found' file being substituted for the "{}." Executing grep on every file with a parameter of -H will ensure the filename with the full path is displayed. The -e option in grep will use a REGEX expression. "[Tt]erri" is the correct REGEX expression to look for "Terri" or "terri." As many files in the /var/log directory do not end with the extension ".log," attempting to filter for just files with a .log extension will overly limit the results that are returned to you. "2> /dev/null" is needed to filter out any errors "find" might generate (such as attempting to open a directory). Now, let's talk about tackling this on test day because you don't need to have all of these things memorized to answer this question. Consider the four options presented to you and determine what is different in each one. You will notice every option starts with "fin /var/log" and ends with "{} \; 2>/dev/null", so you should mentally ignore that in each of the answers and focus on what is different. We also see that all the answers have "grep -H -e," so we aren't asked to be an expert on grep or its flags either, so mentally ignore that. This leaves us with two sets of differences. One set has "-name "*.log" versus "-exec." The second set of differences is "'Terri' OR 'terri'" or "[Tt]erri." From this, you can determine which regular express is correct ([Tt]erri) and eliminate 2 of the four choices. Now, you need to pick between the name and exec flags. If you know anything about Linux log files, you should remember that they usually don't end in .log as most Windows log files do, so we would pick exec if we had to guess. For support or reporting issues, include Question ID: 63fe07843b7322449ddbceda in your ticket. Thank you.

Answer 10

Use biometrics with strong passwords for recovery Explanation: OBJ 2.2: Using biometrics with strong passwords for recovery balances security and usability by allowing quick biometric access while maintaining strict password recovery for account security. Enforcing strict passwords for all users is secure but hurts usability. Allowing only biometric authentication is user-friendly but lacks a secure fallback. Letting users choose may reduce security, as users often choose convenience over protection. For support or reporting issues, include Question ID: 6750fb7b23df37e1b5ec5f77 in your ticket. Thank you.

Answer 11

Request a new digital certificate from the certificate authority Explanation: OBJ 3.1: This error indicates a validity date error. A validity date error occurs when a certificate is presented for use on a date that is already past the expiration date. To fix this issue, the owner of the website must request a new digital certificate to renew their identity and create a new digital certificate with an expiration date further in the future. There is no need to request a revocation in this case, since the digital certificate is already expired. Revoking a certificate can only be done on a non-expired digital certificate. For support or reporting issues, include Question ID: 63fe07a83b7322449ddbd0a7 in your ticket. Thank you.

Answer 12

SQL injection Explanation: OBJ 4.2: A SQL injection poses the most direct and more impactful threat to an organization's database. A SQL injection could allow the attacker to execute remote commands on the database server and lead to sensitive information disclosure. A buffer overflow attack attempts to overwrite the memory buffer to send additional data into adjacent memory locations. A buffer overflow attack might target a database server, but it isn't intended to disclose information directly. Instead, a buffer overflow attack may be used to gain initial access to a server and allow for other malicious code running. A denial of service targets the availability of the information by attempting to take the server offline. A cross-site scripting attack typically is focused on the user, not the server or database. For support or reporting issues, include Question ID: 63fe071d3b7322449ddbc9d4 in your ticket. Thank you.

Answer 13

Implementing DLP policies for AI interactions Explanation: OBJ 1.5 - Data Loss Prevention (DLP) policies are critical in controlling how AI assistants handle and share sensitive information, helping prevent unauthorized data disclosures. While encryption secures data in transit and task-limiting reduces operational risks, neither directly mitigates unintentional data sharing. Regular updates are important for overall security but do not specifically address data loss concerns. For support or reporting issues, include Question ID: 674f5f34be11e784309a2993 in your ticket. Thank you.

Answer 14

Implementing biometric authentication, such as fingerprint or facial recognition Explanation: OBJ 3.8 - Passwordless authentication eliminates the reliance on traditional passwords by using alternative methods such as biometrics, hardware tokens, or one-time passcodes. Biometric authentication is a common and effective approach that aligns with the goal of eliminating passwords while improving both security and user convenience. Strict password policies and using randomized passwords still depend on passwords. Security questions are less secure and do not support a passwordless approach. For support or reporting issues, include Question ID: 67508529f86f3d695e9ad0d7 in your ticket. Thank you.

Answer 15

Canary testing Explanation: OBJ 2.2: Canary testing involves deploying changes to a small subset of users or a production-like environment to evaluate their impact while minimizing risks. This allows the team to identify issues in a controlled manner before a full rollout. Static application security testing (SAST) analyzes source code and does not simulate real-world conditions. Unit testing focuses on individual components, not the application in production-like settings. Penetration testing assesses vulnerabilities but does not simulate gradual deployment scenarios. For support or reporting issues, include Question ID: 6750ff1652107569898127d4 in your ticket. Thank you.

Answer 16

Faulty input validation Explanation: OBJ 4.2: A primary vector for attacking applications is to exploit faulty input validation. The input could include user data entered into a form or URL, passed by another application or link. This is heavily exploited by cross-site scripting, SQL injection, and XML injection attacks. Directory traversal is the practice of accessing a file from a location that the user is unauthorized to access. The attacker does this by ordering an application to backtrack through the directory path to read or execute a file in a parent directory. In a file inclusion attack, the attacker adds a file to a web app or website's running process. The file is either constructed to be malicious or manipulated to serve the attacker's malicious purposes. Cross-site scripting (XSS) is one of the most powerful input validation exploits. XSS involves a trusted site, a client browsing the trusted site, and the attacker's site. For support or reporting issues, include Question ID: 63fe076d3b7322449ddbcdb8 in your ticket. Thank you.

Answer 17

Implement a jumpbox system Explanation: OBJ 2.6: A jumpbox is a system on a network used to access and manage devices in a separate security zone. This would create network segmentation between the supplier's laptops and the rest of the network to minimize the risk. A jump-box system is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. While the other options listed are all good security practices, they do not fully mitigate the risk that insecure systems pose since Victor cannot enforce these configurations on a supplier-provided laptop. Instead, he must find a method of segmenting the laptops from the rest of the network, either physically, logically, using an air gap, or using a jumpbox. For support or reporting issues, include Question ID: 63fe06e83b7322449ddbc74d in your ticket. Thank you.

Answer 18

Mandatory vacation policy Explanation: OBJ 1.2: A mandatory vacation policy requires that all users take time away from work to enjoy a break from their day to day routine of their jobs. But, there is a major side benefit to mandatory vacations regarding your company's security posture. It will require the company to have another employee fill in for the vacationing employee's normal roles and responsibilities by requiring mandatory vacations. The employee who is filling in might come across fraud, abuse, or theft that the vacationing employee is a part of. The concept of least privilege may not stop this theft from occurring since two employees could work together to steal information that they have access to as part of their job. Also, acceptable use outlines the types of activities allowed and not allowed; it won't prevent theft from occurring. A privacy policy discusses how information should be properly stored and secured, but this won't stop an employee from stealing information or detecting the stolen information. For support or reporting issues, include Question ID: 63fe07ea3b7322449ddbd3e1 in your ticket. Thank you.

Answer 19

Quantum computing Explanation: OBJ 3.7: Quantum computing combines physics, mathematics, and quantum mechanics to exploit the collective properties of quantum states. Quantum computing will render cryptography that relies on the difficulty of solving difficult math problems rapidly obsolete. Distributed consensus is used in a distributed or decentralized system to solve a particular computation to maintain the overall integrity of the distributed system or blockchain. Artificial Intelligence is the science of creating machines to develop problem-solving and analysis strategies without significant human direction or intervention. Homomorphic encryption is a method of encryption that allows the computation of certain fields in a dataset without first decrypting the dataset. For support or reporting issues, include Question ID: 63fe06ff3b7322449ddbc865 in your ticket. Thank you.

Answer 20

Hybrid Explanation: OBJ 2.5: A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and third-party public cloud services with orchestration between these platforms. This typically involves a connection from an on-premises data center to a public cloud. A community cloud is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally. A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume. A private cloud contains services offered either over the Internet or a private internal network and only to select users instead of the general public. For support or reporting issues, include Question ID: 63fe06c23b7322449ddbc574 in your ticket. Thank you.

Answer 21

SaaS in a private cloud Explanation: OBJ 2.5: A SaaS (Software as a Service) solution best describes an accounting system or software used as part of a cloud service. This meets the CIO's requirements. To mitigate the concerns of the Chief Risk Officer, you should use a private cloud solution. This type of solution ensures that the cloud provider does not comingle your data with other customers' data and providers dedicated servers and resources for your company's use only. For support or reporting issues, include Question ID: 63fe06d93b7322449ddbc68a in your ticket. Thank you.

Answer 22

Checklist Explanation: OBJ 1.1: Checklist test uses a copy of the business continuity/disaster recovery plan to review and provide comments, updates, or changes to the plan during a periodic update. A tabletop exercise will identify a specific objective or goal, provide injects or additional details, and then observe the actions that the participants would have taken to respond to a given incident or disaster scenario. A parallel test occurs when the alternative site is brought online as if a real disaster occurred, but the primary site is not taken offline or affected, thereby keeping both the primary and alternate sites operating in parallel. A full interruption test is used to take the primary site offline and shift operations to the alternate site. For support or reporting issues, include Question ID: 63fe07ef3b7322449ddbd428 in your ticket. Thank you.

Answer 23

Use web-based exploits against the devices web interfaces Explanation: OBJ 3.5: Most embedded operating systems use a web interface to access their configurations for setup and installation. Focusing on this web interface and using common web-based exploits is usually one of the best methods of exploiting a device with an embedded OS. Jailbroken devices refer to iPhones and iPads that have been configured to give the user root access to the underlying operating system. Spear phishing campaigns are not usually used against an embedded operating system since many of these devices are not used directly by an end-user. A malicious APK would be used to target an Android-based operating system and most embedded operating systems are based on Linux and not Android. For support or reporting issues, include Question ID: 63fe07b33b7322449ddbd138 in your ticket. Thank you.

Answer 24

Business impact analysis Explanation: OBJ 1.1: A business impact analysis describes the collaborative effort to identify those systems and software that perform essential functions, meaning the organization cannot run without them. A tradeoff analysis compares potential benefits to potential risks and determines a course of action based on adjusting factors that contribute to each area. A privacy impact assessment is conducted by an organization for it to determine where its privacy data is stored and how that privacy data moves throughout an information system. It evaluates the impacts that may be realized by a compromise to the confidentiality, integrity, and/or availability of the data. A gap analysis measures the difference between the current state and desired state to assess the scope of work included in a project. By measuring ALE, MTTR, MTBF, TCO, and other factors, the organization can identify how closely it is performing to the desired outcomes or requirements. For support or reporting issues, include Question ID: 63fe080a3b7322449ddbd577 in your ticket. Thank you.

Answer 25

The backup is a differential backup Explanation: OBJ 4.4: iPhone/iPad backups can be created as full or differential backups. In this scenario, the backup being analyzed is likely a differential backup containing the information that has changed since the last full backup. If the backup were encrypted, you would be unable to read any of the contents. If the backup were interrupted, the backup file would be in an unusable state. If the backup were stored in iCloud, you would need access to their iCloud account to retrieve and access the file. Normally, during an investigation, you will not have access to the user's iCloud account. For support or reporting issues, include Question ID: 63fe06eb3b7322449ddbc770 in your ticket. Thank you.

Answer 26

RADIUS server Explanation: OBJ 2.4: A Remote Authentication Dial-In User Service (RADIUS) server will enable the wireless clients to communicate with a central server to authenticate users and authorize their access to the requested service or system. None of the other options presented are designed to support centralized authentication services by themselves, but instead, use a protocol like RADIUS to perform those functions. For support or reporting issues, include Question ID: 63fe06f93b7322449ddbc81f in your ticket. Thank you.

Answer 27

Secure Boot Explanation: OBJ 3.4: The purpose of Secure Boot is to prevent malicious and unauthorized apps from loading into the operating system (OS) during the startup process. Secure Boot is enabled by default in Windows 10. When the PC starts, the firmware checks the signature of each piece of boot software, including UEFI firmware drivers (also known as Option ROMs), EFI applications, and the operating system. If the signatures are valid, the PC boots and the firmware gives control to the operating system. The OEM can use instructions from the firmware manufacturer to create Secure boot keys and to store them in the PC firmware. When you add UEFI drivers, you'll also need to make sure these are signed and included in the Secure Boot database. Full disk encryption is used to encrypt the user and system data stored in the device’s internal storage. RAM integrity checking is conducted by default on most systems during the initial boot process but it doesn't check the contents of the memory for malware. The BIOS password would prevent the system from booting up without the correct password being entered, but this would not prevent unauthorized applications from being installed during the bootup process. For support or reporting issues, include Question ID: 63fe07c73b7322449ddbd228 in your ticket. Thank you.

Answer 28

ECDSA Explanation: OBJ 3.7: Elliptic-Curve Digital Signature Algorithm (ECDSA) is an asymmetric algorithm that utilizes the properties of elliptic curves to provide comparable levels of protection as RSA with a much smaller key size. The digital signature algorithm (DSA) is a cryptographic algorithm that uses logarithmic and modulus math to generate and verify digital signatures. The DSA is faster than RSA at generating digital signatures, but it is slower than RSA when verifying them. Rivest, Shamir, and Adleman (RSA) is an asymmetric algorithm that uses the complexity of factoring large prime numbers to provide security. Password-Based Key Derivation Function 2 (PBKDF2) is a form of key stretching that utilizes a hash-based message authentication code (HMAC), the input password, and a salt value to create a more secure derived key. For support or reporting issues, include Question ID: 63fe07d03b7322449ddbd296 in your ticket. Thank you.

Answer 29

Implementing post-quantum cryptographic algorithms designed to resist quantum attacks Explanation: OBJ 3.7 - The best approach to ensure resistance to quantum computing decryption attacks is implementing post-quantum cryptographic algorithms, which are specifically designed to withstand quantum threats that could break current encryption methods like RSA and ECC. While transitioning to elliptic curve cryptography (ECC) improves security against classical attacks, it remains vulnerable to quantum decryption. Using symmetric encryption with larger key sizes like AES-256 increases resistance to quantum threats but does not address vulnerabilities in asymmetric encryption. Employing multiple layers of traditional encryption adds security but does not directly mitigate the risks posed by quantum computing. Therefore, adopting post-quantum cryptography is the most effective long-term solution. For support or reporting issues, include Question ID: 67508a20f86f3d695e9ad159 in your ticket. Thank you.

Answer 30

Anonymize sensitive data fields before combining datasets to prevent re-identification Explanation: OBJ 3.5 - When multiple datasets are aggregated, even seemingly non-sensitive information can be combined to re-identify individuals. Anonymizing sensitive fields before aggregation ensures that the resulting dataset cannot be used to link information back to individuals, addressing the privacy risk directly. Encrypting the data protects it from unauthorized access but does not prevent re-identification once decrypted. Role-based permissions control access but do not eliminate re-identification risks. Audits ensure compliance but do not proactively mitigate re-identification risks in the aggregated data. For support or reporting issues, include Question ID: 67508942f86f3d695e9ad154 in your ticket. Thank you.

Answer 31

Directing traffic to internal services if the contents of the traffic comply with the policy Explanation: OBJ 2.3: A reverse proxy is positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with the policy. This does not require the configuration of the users' devices. This approach is only possible if the cloud application has proxy support. You can deploy a reverse proxy and configure it to listen for client requests from a public network, like the internet. The proxy then creates the appropriate request to the internal server on the corporate network and passes the server's response back to the external client. They are not generally intended to obfuscate the source of communication, nor are they necessarily specific to the cloud. A cloud access security broker (CASB) can be used to prevent unauthorized use of cloud services from the local network. For support or reporting issues, include Question ID: 63fe06ee3b7322449ddbc798 in your ticket. Thank you.

Answer 32

Business continuity plan Explanation: OBJ 1.1: The business continuity plan (BCP) contains a collection of processes that enable an organization to maintain normal business operations in the face of some adverse event. This event could be natural or man-made; as long as it affects the business operations, then the BCP should be activated. The development of the BCP is often referred to as continuity of operations planning (COOP). A disaster recovery plan focuses on procedures and steps to follow to recover a system or site to a working state. For example, if a power failure or a fire occurred, the site would have to be recovered to a working state again. In the pandemic example, the facility did not have a disaster to recover from. Still, the business operations were affected and needed to be modified to continue operations under the BCP. For support or reporting issues, include Question ID: 63fe08053b7322449ddbd536 in your ticket. Thank you.

Answer 33

Forward secrecy Explanation: OBJ 3.7: Forward secrecy ensures that the compromise of long-term private keys does not affect the security of previously encrypted sessions. Key splitting divides a key into parts for security but does not secure past communications. Post-quantum cryptography focuses on quantum resistance, while homomorphic encryption allows computations on encrypted data but does not relate to session key management. For support or reporting issues, include Question ID: 6751b19241c57c5f41caed02 in your ticket. Thank you.

Answer 34

Open mail relay Explanation: OBJ 4.2: Port 25 is the default port for SMTP (Simple Message Transfer Protocol), which is used for sending an email. An active mail relay occurs when an SMTP server is configured in such a way that it allows anyone on the Internet to send email through it, not just mail originating from your known and trusted users. Spammers can exploit this type of vulnerability to use your email server for their benefit. File/print sharing usually operates over ports 135, 139, and 445 on a Windows server. Web portals run on ports 80 and 443. Clear text authentication could occur using an unencrypted service, such as telnet (23), FTP (20/21), or the web (80). For support or reporting issues, include Question ID: 63fe07083b7322449ddbc8d8 in your ticket. Thank you.

Answer 35

Utilizing an operating system SCAP plugin Explanation: OBJ 3.6: Security Content Automation Protocol (SCAP) is a multi-purpose framework of specifications supporting automated configuration, vulnerability and patch checking, technical control compliance activities, and security measurement. It is an industry standard and supports testing for compliance. The other options will not allow for a truly repeatable process since individual scans would occur each time instead of comparing against a known good baseline. For support or reporting issues, include Question ID: 63fe07193b7322449ddbc9a9 in your ticket. Thank you.

Answer 36

Data zone Explanation: OBJ 2.5: Data zones describe the state and location of data to help isolate and protect it from unauthorized/inappropriate use within a data lake. An availability zone is a physical or logical data center within a single region. A region describes a collection of data centers located within a geographic area and distributed across the globe. A Virtual Private Cloud (VPC) or a Virtual Network (VNet) allows for the creation of cloud resources within a private network that parallels the functionality of the same resources in a traditional, privately operated data center. For support or reporting issues, include Question ID: 63fe06fe3b7322449ddbc85b in your ticket. Thank you.

Answer 37

access_log Explanation: OBJ 3.6: On Apache web servers, the logs are stored in a file named access_log. By default, the file can be located at /var/log/httpd/access_log. This file records all requests processed by the Apache server. The WebSphere Application Server uses the httpd_log file for z/OS, which is a very outdated server from the early 2000s. The http_log file is a header class file in C used by the Apache web server's pre-compiled code that provides the logging library but does not contain any actual logs itself. The file called apache_log is an executable program that parses Apache log files within in Postgres database. For support or reporting issues, include Question ID: 63fe07623b7322449ddbcd2c in your ticket. Thank you.

Answer 38

Install a security patch on the server Explanation: OBJ 3.1: Vulnerability patching is the process of checking your operating systems, software, applications, and network components for vulnerabilities that could allow a malicious user to access your system and cause damage, and then applying a security patch or reconfiguring the device to mitigate the vulnerabilities found. If there is a working exploit against the server's encryption protocols, a technician must install a security patch to mitigate or correct this vulnerability. Both FTP and SMTP are considered insecure protocols and transmit data in plain text, therefore they would make the log files even more insecure by using these protocols. Port 22 is used by secure shell (SSH), which is encrypted by default. Blocking port 22 would prevent SSH from being used in the network and would not mitigate the vulnerability identified in this question. For support or reporting issues, include Question ID: 63fe07b13b7322449ddbd11f in your ticket. Thank you.

Answer 39

File Integrity Monitoring (FIM) Explanation: OBJ 3.2: File integrity monitoring (FIM) is a type of software that reviews system files to ensure that they have not been tampered with. Security information and event management system (SIEM) is a solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications. Data Loss Prevention (DLP) is a software solution designed to detect and prevent sensitive information from being used, transmitted, or stored inappropriately. Simple network management protocol (SNMP) traps are used to send monitoring and management information from networked devices back to a centralized monitoring station. For support or reporting issues, include Question ID: 63fe06cc3b7322449ddbc5f3 in your ticket. Thank you.

Answer 40

Deploy the patch in a sandbox environment to test it before patching the production system Explanation: OBJ 4.4: While patching a system is necessary to remediate a vulnerability, you should always test the patch before implementation. It is considered a best practice to create a staging or sandbox environment to test the patches' installation before installing them into the production environment. This reduces the risks of the patch breaking something in the production system. Unless you are dealing with a very critical vulnerability and the risk of not patching is worse than the risk of patching the production system directly, you should not immediately patch the production systems without testing the patch first. You should not wait 60 days to deploy the patch. Waiting this long provides attackers an opportunity to reverse engineer the patch and create a working exploit against the vulnerability. Finally, asking the vendor for a safe time frame is not helpful since the vendor does not know the specifics of your environment or your business operations. For support or reporting issues, include Question ID: 63fe07c23b7322449ddbd1e7 in your ticket. Thank you.

Answer 41

if (shippingAddress <= 75) {update field} else exit Explanation: OBJ 2.2: To ensure that the field is not overrun by an input that is too long, input validation must occur. Checking if the shipping address is less than or equal to 75 characters before updating the field will prevent a buffer overflow from occurring in this program. If the input is 76 characters or more, then the field will not be updated, and the algorithm will exit the function. For support or reporting issues, include Question ID: 63fe07093b7322449ddbc8dd in your ticket. Thank you.

Answer 42

Schedule non-critical TPM operations to occur after the system is fully booted Explanation: OBJ 3.4 - Scheduling non-critical TPM operations after boot reduces the resource burden during startup, ensuring essential operations like integrity checks can be completed efficiently. Disabling integrity checks compromises system security. Replacing TPM hardware is costly and not always feasible. Reducing the number of applications relying on the TPM is impractical, as it could negatively impact functionality and security. For support or reporting issues, include Question ID: 675074523af44d9e9e56c810 in your ticket. Thank you.

Answer 43

Host-based intrusion detection system (HIDS) Explanation: OBJ 3.2: A host-based intrusion detection system (HIDS) is a type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system's state. Host-based intrusion detection systems normally rely on signature rules to identify potentially malicious activity on the endpoint and then create alerts based on the rule that was matched. A host-based firewall is a firewall implemented as application software running on the host that provides sophisticated filtering of network traffic as well as block processes at the application level. Endpoint detection and response (EDR) is a software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats. User and entity behavior analytics (UEBA) is a type of cybersecurity application or appliance that identifies anomalous or malicious behavior by using machine learning and statistical analysis to identify deviations from normally established baselines and patterns of activity. For support or reporting issues, include Question ID: 63fe07a33b7322449ddbd065 in your ticket. Thank you.

Answer 44

An uncredentialed scan of the network was performed Explanation: OBJ 2.3: Uncredentialed scans are generally unable to detect many vulnerabilities on a device. When conducting an internal assessment, you should perform an authenticated (credentialed) scan of the environment to most accurately determine the network's vulnerability posture. In most enterprise networks, if a vulnerability exists on one machine, it also exists on most other workstations since they use a common baseline or image. If the scanner failed to connect to the workstations, an error would have been generated in the report. For support or reporting issues, include Question ID: 63fe07153b7322449ddbc979 in your ticket. Thank you.

Answer 45

MSA Explanation: OBJ 1.1: A master service agreement (MSA) is an agreement that establishes precedence and guidelines for any business documents that are executed between two parties. If a company is hiring a penetration testing firm to conduct multiple engagements, they may use a master service agreement to cover each assessment's commonalities and scope. Then, there would be a scope of work (SOW) for each assessment completed under the MSA. A service level agreement (SLA) is a contract that outlines the detailed terms under which a service is provided, including reasons the contract may be terminated. A non-disclosure agreement (NDA) is a legal document that stipulates the parties will not share confidential information, knowledge, or materials with unauthorized third parties. For support or reporting issues, include Question ID: 63fe07f93b7322449ddbd4a0 in your ticket. Thank you.

Answer 46

NAC Explanation: OBJ 3.2: Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology (such as anti-virus, host intrusion prevention, and vulnerability assessment), user or system authentication, and network security enforcement. When a remote workstation connects to the network, NAC will place it into a segmented portion of the network (sandbox), scan it for malware and validate its security controls, and then based on the results of those scans, either connect it to the company’s networks or place the workstation into a separate quarantined portion of the network for further remediation. An access control list (ACL) is a network traffic filter that can control incoming or outgoing traffic. An ACL alone would not have prevented this issue. MAC Filtering refers to a security access control method whereby the MAC address assigned to each network card is used to determine access to the network. MAC filtering operates at layer 2 and is easy to bypass. Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during email delivery. For support or reporting issues, include Question ID: 63fe06cf3b7322449ddbc611 in your ticket. Thank you.

Answer 47

journalctl _UID=1003 | grep sudo Explanation: OBJ 4.1: journalctl is a command for viewing logs collected by systemd. The systemd-journald service is responsible for systemd’s log collection, and it retrieves messages from the kernel, systemd services, and other sources. These logs are gathered in a central location, which makes them easy to review. If you specify the parameter of _UID=1003, you will only receive entries made under the authorities of the user with ID (UID) 1003. In this case, that is Terri. Using the piping function, we can send that list of entries into the grep command as an input and then filter the results before returning them to the screen. This command will be sufficient to see all the times that Terri has executed something as the superuser using privilege escalation. If there are too many results, we could further filter the results using regular expressions with grep using the -e flag. Since the UID of 1003 is only used by Terri, it is unnecessary to add [Tt]erri to your grep filter as the only results for UID 1003 (terri) will already be shown. So, while all four of these would produce the same results, the most efficient option to accomplish this is by entering “journalctl _UID=1003 | grep sudo” in the terminal. Don’t get afraid when you see questions like this; walk through each part of the command step by step and determine the differences. In this question, you may not have known what journalctl is, but you didn’t need to. You needed to identify which grep expression was the shortest that would still get the job done. By comparing the differences between the options presented, you could likely take your best guess and identify the right one. For support or reporting issues, include Question ID: 63fe07253b7322449ddbca39 in your ticket. Thank you.

Answer 48

The application does not trust the identity provider’s assertion Explanation: OBJ 3.1: In single sign-on (SSO) systems, the application relies on assertions (e.g., SAML or OpenID Connect tokens) from the identity provider to grant access. If the application does not trust the IdP’s assertion, due to misconfigured trust settings or missing certificates, the user will receive an "unauthorized" error despite successful authentication. Session expiration or missing local user entries are less likely in this scenario as modern SSO systems manage user identities centrally, and MFA settings do not affect assertion trust. For support or reporting issues, include Question ID: 67513edd6a9dc9d16f2d0308 in your ticket. Thank you.

Answer 49

Configuration drift Explanation: OBJ 3.3: Configuration drift occurs when changes are applied inconsistently across network devices, leading to performance issues. Insecure routing protocols compromise security, not performance. VLAN segmentation errors and ACL misalignment are unrelated to inconsistent updates as they primarily affect security and data segmentation. For support or reporting issues, include Question ID: 6751a827ccca116cc0eb3b57 in your ticket. Thank you.

Answer 50

Configure a UTM device Explanation: OBJ 2.3: Since this is a branch office and you want to protect it from as many threats as possible, using a Unified Threat Management (UTM) device would be best. A UTM will protect you from most things using a single device. A network-based firewall would provide basic protection, but a UTM will include anti-virus and other protections beyond just a firewall's capabilities. Host-based firewalls are great, but the network-based firewall or UTM device is configured to protect all devices on a network whereas a host-based firewall only protects the single host device. A network-based intrusion detection system (NIDS) can detect threats, but it cannot stop or prevent them. For support or reporting issues, include Question ID: 63fe06e13b7322449ddbc6ee in your ticket. Thank you.

Answer 51

$6,875,000 Explanation: OBJ 1.2: The asset value of the data center would be $6,875,000. The asset value (AV) is the value of a piece of hardware, software, or other asset has to the organization. The asset value does not account for the incident’s frequency of occurrence or the percent of the value that would be left over if an incident occurs. In this scenario, the total asset value would be the cost to rebuild and equip the facility, as well as the net present value of the data center's revenue stream since it would be lost if the data center was impacted by a hurricane. Therefore, the asset value is calculated by adding the build and equip costs ($3,125,000) and the net present value of the revenue stream ($3,750,000) which equals a total asset value of $6,875,000. For support or reporting issues, include Question ID: 63fe07ee3b7322449ddbd419 in your ticket. Thank you.

Answer 52

secpol.msc Explanation: OBJ 4.1: The security policy auditor (secpol.msc) will allow an authorized administrator the option to change a great deal about an operating system, but it cannot explicitly stop a process or service that is already running. The sc.exe command allows an analyst to control services, including terminating them. The Windows Management Instrumentation (wmic) can terminate a service using the following: wmic service call StopService. The services.msc tool can also enable, start, or terminate a running service. For support or reporting issues, include Question ID: 63fe07593b7322449ddbccc3 in your ticket. Thank you.

Answer 53

MOU Explanation: OBJ 1.1: MOU is a memorandum of understanding. This is the most accurate description based on the choices given. A memorandum of understanding is a document that describes the broad outlines of an agreement that two or more parties have reached. MOUs communicate the mutually accepted expectations of all of the parties involved in a negotiation. While not legally binding, the MOU signals that a binding contract is imminent. A service level agreement (SLA) is a commitment between a service provider and a client for particular aspects of the service, such as quality, availability, or responsibilities. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used. A master service agreement (MSA) is a contract reached between parties, in which the parties agree to most of the terms that will govern future transactions or future agreements. For support or reporting issues, include Question ID: 63fe08083b7322449ddbd559 in your ticket. Thank you.

Answer 54

MAC Explanation: OBJ 2.4: Mandatory Access Control (MAC) requires all access to be predefined based on system classification, configuration, and authentication. MAC is commonly used in highly centralized environments and usually relies on a series of labels, such as classification levels of the data. For support or reporting issues, include Question ID: 63fe06d93b7322449ddbc68f in your ticket. Thank you.

Answer 55

SSO Explanation: OBJ 2.4: Single Sign-on (SSO) is an authentication technology that allows users to authenticate once and receive authorizations for multiple services. The advantage of single sign-on is that each user does not have to manage multiple user accounts and passwords. The disadvantage is that compromising the account also compromises multiple services. Multifactor authentication is an authentication scheme that relies on at least two of the five factors: something you know, something you have, something you are, something you do, and somewhere you are. Since only a username and password are used in this scenario, it is not considered multi-factor authentication. Face ID is an Apple device feature that uses a face lock to grant access to the device. Face ID is considered a form of biometric authentication. Touch ID is an Apple device feature that uses fingerprint biometric information to grant access to the device. For support or reporting issues, include Question ID: 63fe06de3b7322449ddbc6cb in your ticket. Thank you.

Answer 56

Configure the firmware to use TPM-based attestation for verification during secure boot Explanation: OBJ 3.4 - TPM-based attestation ensures that firmware integrity is verified against known good measurements during secure boot, preventing unauthorized modifications from executing. Reinitializing TPMs does not address the lack of firmware validation. Restricting physical access is important but does not prevent remote attacks on firmware. Transitioning to software-only cryptographic measures reduces security compared to TPM-backed solutions. For support or reporting issues, include Question ID: 6750841f267e7f17527dbcb8 in your ticket. Thank you.

Answer 57

ASIC Explanation: OBJ 3.5: An application-specific integrated circuit (ASIC) is a type of processor designed to perform a specific function. ASICs are expensive to design and only work for a single application or function, such as the ASICs used to conduct switching in an Ethernet switch. ASICs cannot be rewritten, flashed, or updated once they are created and installed. If a flaw or defect is discovered in the ASIC, it must be replaced to patch the vulnerability. A field programmable gate array (FPGA) is a type of processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture. A FPGA can be configured by the end customer to run programming logic on the device for their specific use case or application. A System on a Chip (SoC) integrates practically all the components of a traditional chipset (which is comprised of as many as four chips that control communication between the CPU, RAM, storage, and peripherals) into a single chip. SoC includes the processor as well as a GPU (graphics processor), memory, USB controller, power management circuits, and wireless radios. Internet of Things (IoT) is a term used to describe a global network of appliances and personal devices that have been equipped with sensors, software, and network connectivity. The Internet of Things includes hub/control systems, smart devices, wearables, and sensors. For support or reporting issues, include Question ID: 63fe07a53b7322449ddbd083 in your ticket. Thank you.

Answer 58

Device policy enforcement to apply security settings remotely Explanation: OBJ 3.2: MDM solutions enable administrators to enforce security policies, such as restricting Wi-Fi access and mandating device encryption, remotely across all managed devices. Application allowlisting and network monitoring provide additional layers of security but do not address policy enforcement directly. Geofencing is not relevant to enforcing these specific security settings. For support or reporting issues, include Question ID: 6751467bd79f13209663ff48 in your ticket. Thank you.