Test Questions Flashcards

Question 1

Q

A governmental agency is storing information for a new project on a fileshare. The system has been classified as critical to the project. How should this project data be classified? (Select TWO)
� Private
� Confidential
� Public
� Unrestricted
� Restricted

Answer

A

Confidential
Restricted

Question 2

Q

A perimeter firewall is set up to block suspicious connections. The system administrator notices a suspicious connection between internal hosts. Which of the following should be used to prevent this communication?
� Host-based firewall
� Cloud Access Security Broker
� Access control list
� Application allow list

Answer

A

Host Based Firewall - installed on individual computers or hosts and can be used to control traffic between internal hosts

Question 3

Q

A technician has been tasked with applying a firmware update. Which of the following is being affected?
� Application
� BIOS
� Dump file
� Windows 10

Question 4

Q

Which of the following exercises should an organization use to thoroughly review a new incidence response procedure?
� Tabletop
� High availability
� Failover
� Simulation

Answer

A

Tabletop exercises involve discussing and analyzing hypothetical scenarios, allowing teams to walk through the incident response procedure step by step, identify gaps, and ensure that all stakeholders understand their roles and responsibilities

Question 5

Q

A system administrator is setting up authentication for a new SaaS application and would like to reduce the overhead burden for authentication of each user between Active Directory and the cloud application. The company has decided to use Active Directory credentials for the application. Which of the following methods would meet this requirement?
� SSO
� 802.1x
� EAP-TTLS
� EAP-FAST

Answer

A

SSO allows users to log in once and access multiple applications without re-entering credentials, meeting the requirement of reducing authentication overhead between Active Directory and the SaaS application.

Question 6

Q

A company is planning a disaster recovery site and needs to ensure any environmental disaster does not result in complete loss of data. Which of the following should be implemented?
� Warm site
� Clustering
� Hot site
� Geographic dispersion

Answer

A

Geographic dispersion involves the set up of data centers or disaster recovery sites in different geographical regions, thereby reducing the risk of data loss due to environmental disasters in any single location.

Question 7

Q

A network technician is going to upgrade the mail server to a newer version of software. Which of the following steps should be completed first?
� Perform a firmware upgrade.
� Submit a change control request.
� Remove the mail server from the network.
� Ensure the current mail server is fully patched.

Answer

A

Submitting a change control request is an important step in a controlled IT environment. The change control request outlines the changes being made.

Question 8

Q

A suspicious caller rang the Human Resources Manager and requested her credit card information to pay a bill. This is MOST LIKELY an example of which of the following attacks?
� Phishing
� Social engineering
� Impersonation
� Whaling

Answer

A

Social engineering

Question 9

Q

A network engineer placed a firewall in front of a legacy critical system. Which of the following best describes the action that the engineer carried out?
� Compensating controls
� Segmentation
� Risk transfer
� Risk tolerance

Answer

A

Compensating controls are security measures put in place to mitigate risks when the primary control is not feasible or effective.

Question 10

Q

A military unit is leaving a location in the middle east and has hired a Department of Defense contractor to dispose of the data on classified systems and paper classified waste. Which of the following will the contractor provide to the military unit?
� Asset Register
� Certificate
� Inventory List
� Method of destruction

Answer

A

When sensitive or classified data and materials are disposed of, a Certificate of Destruction is often issued as proof that the data or materials have been properly and securely destroyed.

Question 11

Q

Which of the following automation use cases would benefit the company’s security posture by updating security permissions immediately after an employee leaves the organization?
� Disabling access.
� Implementing least privilege.
� Change Advisory Board
� Escalating permission requests

Answer

A

Disabling access promptly upon an employee’s departure enhances security by helping to prevent unauthorized access to company resources and data.

Question 12

Q

Which of the following is a vulnerability that could affect a router or a printer?
� Firmware version
� Buffer overflow
� SQL injection
� Integer overflow

Answer

A

The firmware version of a device can contain security vulnerabilities. Manufacturers often release updates to patch these vulnerabilities and improve device security.

Question 13

Q

A security administrator finds files with a file extension of .ryk on three of their systems during an attack. Which of the following types of malware has infected the systems?
� Polymorphic Virus
� Backdoor
� Ransomware
� Remote Access Trojan (RAT)

Answer

A

Ransomware is when malware is used to encrypt files and then a ransom is demanded for decryption. The presence of a .ryk extension is an application called RYUK ransomware

Question 14

Q

A Cloud Service Provider based in Texas is considering expanding its operations internationally to include major European businesses. Which of the following should the hosting provider consider first prior to this expansion? (Choose TWO)
� General Data Protection Regulations
� Threats from Nation States
� Local data protection regulations
� CCPA

Answer

A

Local Data Protection Regulations
GDPR - General Data Protection Requlations

Question 15

Q

During a security inspection, an employee was found to have installed a computer game on his company desktop. This could have been more serious had it been malware. What can the security team do to stop incidents like this?
� Windows defender firewall
� Least privilege
� Application block list
� Application allow list

Answer

A

Application Allow List - Ensures that only approved and trusted software can run on company desktops, thereby effectively preventing the installation and execution of unauthorized software or malware.

Question 16

Q

Which of the following topics should the cybersecurity administrator include in their upcoming presentation in the annual security awareness program? (Choose TWO)
� How to recognize and report a phishing attack
� Detecting insider threats using anomalous behavior recognition.
� Confirming information on a word document.
� Reporting suspicious activities

Answer

A

How to recognize and report a phishing attack
Reporting suspicious activities

Question 17

Q

A cybersecurity administrator is creating a way to present a monthly report of data collected in the IT infrastructure to the board of directors. Which of the following should the systems administrator use?
� Excel spreadsheet
� Dashboard
� Metadata
� PowerPoint presentation

Answer

A

Dashboards

Question 18

Q

A user attended a presentation based on how to identify and report a phishing attack. To which of the following categories does this presentation belong?
� Annual risk training
� Security awareness training
� Compliance training
� Communication skills training

Answer

A

Security Awareness Training

Question 19

Q

The chief executive officer of an organization has decided to use a third party to complete a penetration test to measure the organization�s security. Which of the following needs to be carried out before the penetration tester can begin their work?
� Sign a contract
� Right to audit clause
� Rules of engagement
� Obtain a network diagram

Answer

A

Rules of Engagement - This document outlines the scope of the test, what systems can be tested, the testing methodologies, the schedule, and any limitations or restrictions imposed by the organization

Question 20

Q

You are a change manager overseeing a critical system upgrade. What key component of change management provides comprehensive and detailed instructions for routine operations, contributing to consistent and secure execution during the change process?
� Operational guidelines
� A procedural framework
� A standard operating procedure
� An operational manual

Answer

A

A standard operating procedure is an essential element of change management that comprises comprehensive and detailed instructions for routine operations, ensuring consistent and secure execution during the change process.

Question 21

Q

The cybersecurity team has been tasked with finding the root cause of a recent security incident. Why is this important?
� To see how the incident was dealt with.
� To prevent it from happening again.
� To gather Indicators of Compromise
� To update threat feeds.

Answer

A

To prevent it from happening again.

Question 22

Q

A cybersecurity administrator found a honey file on the corporate database server. To determine who created the honeyfile, the last access date, and any changes made to the honey file which of the following actions should be carried out?
� Check the files hash.
� Use hexdump on the file’s contents.
� Check endpoint logs.
� Check the metadata.

Answer

A

Check the metadata. Examining the metadata associated with the file can provide information about its creation, last access, and changes made

Question 23

Q

After a test showed that a form on a website can be overwhelmed and possibly hacked due to too much data, which security method should an analyst suggest the coder use to stop this from happening?
� Secure cookies
� Input validation
� Stored procedure
� Code signing

Answer

A

Input Validation - Ensures that data entered into form fields adheres to specified criteria, preventing malicious input that could lead to buffer overflow vulnerabilities.

Question 24

Q

Which of the following are you protecting using a L2TP/IPSec VPN?
� Data at rest
� Data in transit
� Data in use
� Data sovereignty

Answer

A

Data in Transit

Question 25

Q

An employee has been asked to sign an Acceptable Use Policy (AUP) for a new CAD system. Which of the following controls does this fulfil?
� Corrective
� Compensating
� Preventive
� Deterrent

Answer

A

Preventative Controls - Measures put in place to proactively prevent or deter undesirable events or actions. In this context, by signing the AUP, employees agree to adhere to the established rules and guidelines for using the CAD system.

Question 26

Q

Which of the following is used to add extra complexity to a credential before applying a one-way data transformation algorithm?
� Steganography
� Data masking
� Salting
� Hashing

Answer

A

Salting - involves adding a random value (the “salt”) to the plaintext password before hashing it. This adds complexity and uniqueness to each hashed value, making it more resistant to attacks like rainbow tables.

Question 27

Q

A company employee has been allowed to bring his personal smartphone and tablet into the workplace to use when carrying out his job. Which of the following would be the GREATEST security risk? (Select TWO)
� End of life
� Data exfiltration
� Lack of updates.
� Jailbreaking

Answer

A

Jailbreaking (Rooting if android)
Data Exfiltration

Question 28

Q

A security administrator has set up alerts on a new device. After the first day of monitoring, it was determined that about 40% of the alerts received were false positives. What can be done to reduce this figure?
� Correlating events
� Adjust the tuning
� Quarantining
� Archiving

Answer

A

Adjusting the Tuning

Question 29

Q

A covert spy plans to conceal information inside the graphical image of a company�s business notepaper. What technique are they using?
� Tokenization
� Hashing
� Steganography
� Data masking

Answer

A

Steganography

Question 30

Q

A junior technician was tasked with patching a file server. They download the patch onto the server, but it fails to install. What is the most likely reason for this?
� Role based access control.
� Rule based access control.
� Least privilege
� Privilege access management

Answer

A

Least Privilege

Question 31

Q

A small company needs to build a backup site but cannot afford to install equipment at that site or replicate the data. Which of the following sites meets their needs?
� Hot Site
� Warm Site
� Cold Site
� Disaster Recovery Site

Answer

A

Cold site - Most cost-effective option for a small company with budget constraints. While it doesn’t have the equipment or data readily available, it still provides the basic infrastructure (space and power) needed for setting up equipment and restoring data in case of a disaster.

Question 32

Q

As a cybersecurity analyst, you are tasked with enhancing an organization’s defenses against malware and unauthorized applications. What primary objective does the implementation of an application allow list strategy serve within cybersecurity measures?
� Simplifying network architecture
� Expediting software deployment
� Enhancing user authentication.
� Mitigating malware and unauthorized applications

Answer

A

Mitigating malware and unauthorized applications - by permitting only approved software to run, thereby enhancing security.

Question 33

Q

You are the IT director responsible for managing a complex enterprise environment with numerous interconnected services. What critical strategic aspect should be carefully evaluated before executing a service restart, ensuring optimal system availability while mitigating potential security vulnerabilities?
� Hardware compatibility
� Staff training
� Network latency
� The potential impact on interconnected services

Answer

A

Potential Impact on interconnected Services

Question 34

Q

A contractor has been hired by a hospital to sanitize data held in an archive. However, the contractor states that he cannot sanitize 20% of the archive data. What would be the reason for this?
� Encryption
� Least Privilege
� Classification
� Retention

Answer

A

Retention - Retention policies dictate how long certain types of data should be kept before it can be deleted or destroyed. Medical data needs to be retained for 6 years.

Question 35

Q

A research and development department works on new inventions, designs, and patents. How would you categorize this data?
� Sensitive
� Intellectual property
� Public
� Regulated data

Answer

A

Intellectual property - The data produced by the research and development department, including inventions, designs, and patents, represents intellectual property that needs to be protected and managed to maintain its value and exclusivity.

Question 36

Q

Which of the following is the BEST method to protect data at rest on the laptops of sales personnel?
� Full Disk Encryption (FDE)
� Tokenization
� Hashing
� Normalization

Answer

A

FDE - Full Disk Encryption

Question 37

Q

Which of the following refers to the maximum risk a company can bear and accept? (Choose TWO)
� Risk transference
� Risk threshold
� Risk tolerance
� Quantitative risk

Answer

A

Risk Threshold
Risk Tolerance

Question 38

Q

A hacker gained access to a system using a hyperlink in a phishing attack and ransomware was deployed across the network. Which of the following would have prevented the spread?
� NIPS
� NIDS
� HIDS
� HIPS

Answer

A

NIPS - Monitors network traffic and can detect and block known malware or suspicious activity in real-time, which can help prevent the spread of ransomware across a network.

Question 39

Q

A client asked a security company to provide a document outlining the project as well as its cost and completion time frame. Which of the following documents should the company provide to the client?
� Master Service Agreement (MSA)
� Business Partnership Agreement (BPA)
� Statement of Work (SOW)
� Memorandum of Understanding (MOU)

Answer

A

SOW - Statement Of Work

Question 40

Q

A network engineer has ensured that a host-based firewall on a legacy system allows connections from only specific internal IP addresses. Which of the following does this describe?
� Compensating control
� Segmentation
� Geographic dispersal
� Risk Transference

Answer

A

Compensating control - By implementing this firewall rule, the engineer has put in place a compensating control to mitigate security risks and enhance the system’s security posture.

Question 41

Q

A company employs researchers to security test their internet-based applications. If vulnerabilities are found, then the researchers who find them will be rewarded. In which of the following categories do these researchers belong?
� Known environment penetration tester
� Blue team
� Bug bounty
� Unknown environment penetration tester

Answer

A

Bug Bounty

Question 42

Q

Which of the following agreement types defines the metrics by which the vendor must respond?
� BPA
� SLA
� MOA
� SOW

Answer

A

SLA - Service License Agreement - Specify the agreed-upon service levels, including metrics, response times, and performance targets that a vendor must meet

Question 43

Q

When a criminal has been apprehended by law enforcement agents, which of the following should be implemented to show that the evidence is handled properly?
� Legal hold
� Record the time offset
� Chain of custody
� Right to audit clause

Answer

A

Chain of custody refers to the documentation and procedures used to chronologically track the handling, transfer, and storage of evidence.

Question 44

Q

Following an instance of financial fraud, an auditor is sifting through all of the financial transactions. What control type is the auditor adopting?
� Deterrent
� Compensating
� Corrective
� Detective

Answer

A

Detective controls are focused on identifying and detecting security incidents or unauthorized activities after they have occurred.

Question 45

Q

A security engineer is placing a legacy device in its own subnet. Which of the following control types are they implementing?
� Compensating
� Deterrent
� Access Control
� Detective

Answer

A

Compensating controls are put in place to reduce the risk of a vulnerability or a weakness that cannot be resolved by a primary control.

Question 46

Q

Security controls in a data center are being audited to ensure that both the data and human life are properly protected. How should the security controls be set up? Select the BEST option.
� Security control logging with fail open.
� Safety controls with fail closed.
� Safety controls with fail open.
� Logical security controls with fail closed.

Answer

A

Safety controls (Fail Open), especially those related to physical safety, should be configured to “fail open” in case of system failures. This means that if a safety control or mechanism malfunctions, the system should allow unrestricted access to ensure people’s safety, particularly in emergency situations like fires.

Question 47

Q

Which is the BEST way for a cybersecurity administrator to monitor for unauthorized software installation and settings changes?
� EDR software on all workstations and servers
� Collect network data using Wireshark
� Deploy a SIEM system
� Credentialed vulnerability scan

Answer

A

EDR software is designed to monitor and respond to security threats on individual endpoints (workstations and servers). It can detect unauthorized software installations and changes to settings.

Question 48

Q

Which of the following is an example of active reconnaissance?
� Patching Software
� Running a port scan
� Restoring a backup
� Filtering firewall traffic

Answer

A

Running a port scan is an example of active reconnaissance. In active reconnaissance, an attacker actively probes and interacts with the target system to gather information.

Question 49

Q

A security consultant needs a secure connection to the company for remote users. Which of the following should the security consultant implement?
� IPsec
� Jump Server
� Network Address Translator
� Proxy Server

Answer

A

Internet Protocol Security (IPsec) is a suite of protocols used to secure communications over IP networks using a VPN. It provides a secure tunnel for remote users to connect to the company’s network securely.

Question 50

Q

Which of the following can be used to validate a user�s certificate that is installed on his smart card? (Select two).
� Key Escrow
� CRL
� CSR
� OCSP

Answer

A

A Certificate Revocation List (CRL) is a list of certificates that have been revoked by the Certificate Authority (CA) before their expiration date. It

The Online Certificate Status Protocol (OCSP) is another method for checking the validity of a certificate.

Question 51

Q

A small organization has just hired a third party to remediate several vulnerabilities that were found on their network. Which of the following tasks should be done last?
� Audit
� Penetration Test
� Written Report
� Run another vulnerability scan

Answer

A

Run another vulnerability scan to ensure that the remediation efforts have been successful.

Question 52

Q

A cybersecurity administrator needs to oversee the accurate deployment of cloud resources using the least amount of administrative access. Which of the following should be implemented?
� Software as a service
� Infrastructure as code
� Infrastructure as a service.
� Platform as a service

Answer

A

Infrastructure as Code (IaC) - allows you to define and manage cloud resources using code and automation, reducing the need for manual administrative access and minimizing human error.

Question 53

Q

A forensic investigator is trying to determine which employee emailed PII data to an external customer. Which of the following tools will help the forensic investigator?
� EDR
� Proxy Server
� Net Flow
� DLP

Answer

A

Data Loss Prevention (DLP) solutions are specifically designed to monitor, detect, and prevent the unauthorized transfer of sensitive data such as PII and can help identify who sent the data and where it was sent.

Question 54

Q

A cybersecurity analyst previously set up a honeypot and has since successfully gathered information about a new attack method. Which of the following should the cybersecurity analyst do prior to setting up the SIEM and SOAR servers to identify this new attack method?
� Threat hunting
� E-discovery
� Incident response plan
� Disaster recovery plan

Answer

A

Threat Hunting - involves actively searching for signs of malicious activity and potential threats within the network. This is done to create the data on the threat needed to effectively implement SIEM and SOAR. It is a proactive approach to identifying and mitigating new attack methods

Question 55

Q

A company is going to roll out FDE to all of the company laptops and desktops. Which of the following are critical to this implementation? (Select TWO).
� Key escrow
� PGP
� TPM
� CRL

Answer

A

TPM - A hardware-based security feature that can securely store encryption keys and help protect against unauthorized access to encrypted data. It is crucial for secure FDE implementations.

Question 56

Q

A company suffered a buffer overflow on one of its internet web servers. Which of the following should be installed to mitigate the risk of buffer overflow on internet web servers?
� IP Sec
� WAF
� CASB
� SD-WAN

Answer

A

A Web Application Firewall (WAF) is designed to protect web applications from various attacks, including buffer overflows. It can help filter and block malicious traffic before it reaches the web server.

Question 57

Q

Which of the following threat actors is the MOST LIKELY to be able to fund criminal organizations in neighboring countries to launch influence campaigns?
� Unskilled attacker
� Hacktivist
� Competitor
� Nation state threat actor
� Advanced persistent threat

Answer

A

Nation State Threat Actor - most likely to have the financial means and resources to fund criminal organizations in neighboring countries for large-scale influencing campaigns.

Question 58

Q

Following a third-party audit, the auditor noticed that some of the security settings on a server were incorrect. Which of the following should the company use to continuously verify security settings?
� CIS Benchmarks
� Attestation
� Morning inspection
� Automation

Answer

A

Automation - Involves using software or scripts to regularly check and enforce security settings on a server automatically. With automation, you can set up continuous monitoring and remediation processes to ensure that security settings remain correct over time.

Question 59

Q

A network administrator is having problems with users being unable to access the internet. During their investigation, they discover that network logs show only a small number of DNS queries and that the server resources are using minimal CPU and memory; however, there is a huge amount of inbound traffic. Which of the following types of attacks does this describe?
� Reflected denial of service
� Botnet
� On-path resource consumption
� Login Bomb

Answer

A

Reflected denial of service attacks involve attackers sending requests to a large number of intermediary servers, which then reflect and amplify the attack traffic towards the target server, causing network congestion.

Question 60

Q

A financial administrator receives a text message from an unknown number claiming to be the Human Resources Manager and asking the employee to purchase several gift cards for the Christmas raffle. Which of the following types of attacks is this?
� Impersonation
� Smishing
� Vishing
� Phishing

Question 61

Q

A security manager has recently created new policies to deal with security incidents. Which of the following should be their next step?
� Set the data retention policy.
� Encrypt of policies.
� Classify each of the policies.
� Organize a tabletop exercise.

Answer

A

Organize a tabletop Exercise - Helps test the effectiveness of the newly created policies and ensure that employees understand how to respond to security incidents.

Question 62

Q

A company based in Florida suffered 20 storms this year, resulting in environmental damage that led to data loss. Which of the following solutions would be the most effective?
� Load balancers
� Geographic dispersion
� Cluster servers
� Off-site backups

Answer

A

Geographic dispersion - Involves the setting up of data centers or resources in different geographical regions to enhance disaster recovery and availability. This can help mitigate the impact of storms and environmental disasters.

Question 63

Q

A legacy IoT device used for testing has a new security vulnerability. Which of the following tasks should a security administrator perform FIRST to mitigate risk of new vulnerabilities in a legacy IoT device?
� Insurance
� Patching
� Upgrade
� Segmentation

Answer

A

Segmentation - Involves the isolation of vulnerable devices from the rest of the network to limit their ability to communicate with other devices and reduce the potential impact of the security vulnerability.

Question 64

Q

An organization wants to monitor the latest attack methods without impacting the company�s servers. Which of the following would be the best choice for this?
� Honeyfile
� Honeypot
� SIEM monitoring
� SOAR monitoring

Answer

A

Honeypot - Decoy system or network that is set up to attract attackers and capture their activities. Honeypots can mimic real systems and services, making them attractive targets for attackers. They are designed to be isolated from production servers, so any attacks or suspicious activities do not impact the company’s actual servers. Honeypots are an effective way to monitor the latest attack methods without exposing your servers to risk.

Answer 63

A

DLP - Data Loss Prevention
Classifing the Data - IOT apply appropriate DLP rules to the data

Answer 64

A

Buffer Overflow - Attack occurs when an attacker inputs more data into a buffer (memory storage) than it can hold, causing the excess data to overwrite adjacent memory locations, including CPU registers. This can be used to inject and execute malicious code that is written with shellcode.

Answer 65

A

Client - In a shared responsibility model, the client (that is, the company) is responsible for securing the servers and the data they store or process within the IaaS environment. This includes configuring and managing security settings, access controls, and the operating system.

Answer 66

A

Decommission and replace the device - eplacing outdated hardware with devices that comply with current encryption standards ensures that the organization’s network security posture remains strong and aligned with best practices and regulatory requirements.

Answer 67

A

Web-based Adminstration - Disabling it helps prevent remote access to the router through a web interface, thereby enhancing security.

Answer 68

A

Brute Force
MFA

Answer 69

A

Organized Crime

Answer 70

A

Serverless Architecture

Answer 71

A

Captruing all traffic entering and leaving the servers - (especially after SSL/TLS decryption provided by the reverse proxy) allows for comprehensive monitoring and analysis of attacks on the servers.

Answer 72

A

multifactor authentication adds an extra layer of security by requiring users to provide more than one form of verification before gaining access. This can mitigate brute force attacks by making it significantly harder for attackers to successfully authenticate even if they manage to guess passwords.

Answer 73

A

EDR - Endpoint Detection and Response - A cybersecurity solution that continuously monitors and analyzes endpoint activities to detect and respond to suspicious behavior, (including malware and rootkit attacks) on desktop computers.

HIPS - is not specific to malware and rootkits and focuses on prevening unauthorized access to a system.

Answer 74

A

SOW - Statement Of Work - outlines the specific details of a project, including the scope, deliverables, timeline, and duration of the penetration test.

Answer 75

A

Non-repudiation is a key feature of digital signatures, ensuring that a person or entity cannot deny the validity of their electronic signature or sending a message. It provides proof of the origin and integrity of the data, making it possible to verify who signed the document and ensuring that the document has not been altered after signing.

Answer 76

A

FIM - File Integrity Monitoring - Continuously monitors and detects changes to files, including modifications, deletions, or additions, and alerts the analyst if any unauthorized changes occur. It can detect any changes to system files by a rootkit.

Answer 77

A

Application Allow List (aka Whitelisting) - Ensures that only approved and trusted software can run on company desktops, thereby effectively preventing the installation and execution of unauthorized software or malware.

Answer 78

A

Federation services provide authentication for joint venture and cloud authentication. This would allow employees from both car manufacturers to access the resources and systems needed for the project using their own organization’s credentials. This ensures SSO, seamless authentication, and collaboration between the two companies.

Answer 79

A

Masking - A data protection feature that obscures specific data within a database so that sensitive information is hidden from those without the need to know the full details

Answer 80

A

Opening ports on the firewall introduces a supply chain risk. These are potential vulnerabilities and threats that arise from third-party vendors, services, or processes involved in the supply chain.

Answer 81

A

Payment Card Industry Data Security Standard (PCD DSS) Compliance is a regulatory requirement for companies that handle credit card transactions. These companies are therefore, subject to an annual audit to ensure ongoing compliance with this regulatory standard.

Answer 82

A

The content filter on the proxy server is responsible for categorizing and blocking access to certain websites based on predefined criteria. In this scenario, the network administrator should modify the content filter to allow access to the cybersecurity conference website while still blocking access to gambling websites.

There is no need to modify the URL as the users got to the website before being blocked.

Answer 83

A

Sanitization - Does not physically destroy them.

Answer 84

A

A social engineering attack relies on manipulating individuals to gain sensitive information or access.

Answer 85

A

Zero Trust within the data plane ensures that no entity is inherently trusted within the network and that all communication and access attempts are thoroughly verified and authenticated to mitigate potential security risks and threats.

Answer 86

A

Gait, Retina and Username - Includes a mix of authentication factors: something you are (retina), something you have (username), and something you do (gait).

Answer 87

A

Automation
Orchestration

Answer 88

A

Input validation is a technique used to ensure that data entered into a system is valid and safe by sanitizing or rejecting malicious input, thereby preventing common vulnerabilities like cross-site scripting.

Answer 89

A

The first phase of the Software Development Life Cycle (SDLC) is the Development stage. This phase involves writing, testing, and integrating (merging) code from multiple developers to develop the software product.

Answer 90

A

Role-Based Access Control (RBAC) is a method of restricting network access based on the roles of individual users within an organization. Permissions are assigned to roles, and users are then assigned to appropriate roles based on their job functions. This allows for granting permissions based on job function rather than individual usernames.

Answer 91

A

Group Policy Object (GPO) are used in Windows environments to enforce security settings and configurations, including password policies. Deploying the password policy update via GPO would be the fastest and most efficient way to ensure all relevant systems and users are compliant with the new policy.

Answer 92

A

Checking the metadata of the documents can provide valuable information (such as authorship, creation date, and any revisions made) and help the security team trace the origin and potential source of the birthday attacks.

Answer 93

A

DLP - Data Loss Prevention

Answer 94

A

Destruction Certificate - A document issued to confirm that certain materials or items have been destroyed according to specified procedures.

Answer 95

A

Insider Threat

Answer 96

A

Geolocation Policies

Answer 97

A

Risk Threshold

Answer 98

A

Organized Crime

Answer 99

A

Prove the Authenticity and integrity of the code by digitally signing it with a certificate. This helps users verify that the code comes from a trusted source and has not been altered or tampered with since it was signed.

Answer 100

A

The Common Vulnerability Scoring System (CVSS) is used to assess and determine the severity of vulnerabilities based on various factors. 9 and 10 indicate critical vulnerability, while scores between 0.1 and 3.9 indicate low vulnerabilities.

Answer 101

A

Mantrap
Access Control Vestibule
Visitor Control Badges

Answer 102

A

Tabletop Exercise - A paper based, hypothetical exercise that is used to test response procedures, including incident reporting. This type of exercise is particularly useful for testing incident response plans, including reporting procedures, as it allows team members to verbally go through the process, identify any gaps or issues, and make improvements in a low-stress, non-disruptive environment.

Answer 103

A

The audit is conducting a root cause analysis, which involves investigating an incident to identify the underlying cause or causes. By understanding what caused the incident, preventive measures can be implemented to avoid similar incidents in the future.

Answer 104

A

Test the implementation in a non-production environment - testing only allow or deny rules will not provide comprehensive coverage.

Answer 105

A

Insurance, Moving email to the cloud, and Outsourcing your IT. Any form of insurance, outsourcing, or migration of data to the cloud are forms of risk transference as they make someone else responsible for the security of that data.

Answer 106

A

Supply Chain - Since the HVAC system is part of the supply chain for the company, this type of attack is categorized as a supply chain attack

Answer 107

A

Risk Register - A risk register is a tool used in risk management and project management to identify potential risks in a project or organization. It serves as a central repository where all identified risks are recorded and includes details about each risk, such as its nature, the likelihood of its occurrence, the impact it would have, mitigation strategies, the person responsible for managing the risk, and any relevant treatment plans to address or mitigate the risk.

Answer 108

A

Implement Change Management - This includes documenting and assessing the changes, obtaining necessary approvals, and communicating the changes to relevant stakeholders. Implementing change management helps ensure that the changes are implemented in a controlled and organized manner, reducing the risk of disruption to the network and systems.

Answer 109

A

SQL Injection is a technique whereby attackers inject SQL commands into input fields of a web application to manipulate the database and access sensitive information such as credit card details stored on the company server.

Answer 110

A

Compensating controls are alternative measures put in place to address a security requirement when the primary control is not feasible or effective. In this case, the IPS serves as a compensating control to protect the legacy system.

Answer 111

A

Access Control Lists (ACLs) specify which users or groups are granted access to specific objects, such as files or folders, and what actions they are allowed to perform on those objects. By properly configuring ACLs, unauthorized access to sensitive data can be restricted

Answer 112

A

Infrastructure Capacity Planning - The main reason for creating a Gantt chart is to plan and schedule tasks related to infrastructure capacity planning. A Gantt chart visually represents the timeline of tasks and their dependencies, helping the team leader coordinate the deployment of infrastructure resources required to onboard a new customer.

Answer 113

A

Annualized Rate of Occurrence (ARO) represents the estimated frequency at which a specific threat will exploit a vulnerability within a given timeframe. It directly impacts risk management decisions by helping to assess the likelihood of potential threats.

Answer 114

A

Endpoint Detection and Response (EDR) solutions can monitor and respond to suspicious activities on endpoints, including blocking the execution of potentially harmful downloaded applications.

Answer 115

A

IDS (Intrustion Detection System)
SIEM (Security Information and Event Management)

Answer 116

A

Access Control Vestibule
Mantrap

Answer 117

A

Access list inbound deny 140.107.20.1/32 0 0.0.0.0/0 port 22
This ACL denies all traffic coming from the IP address 140.107.20.1 on port 22, effectively blocking incoming Secure Shell (SSH) access attempts. Deniesall traffic from 140.107.20.1 to any destination - the 0.0.0.0 on port 22

Deny from xxx/0 to xxx/0

Answer 118

A

Shadow IT refers to the use of unauthorized or unapproved software or hardware within an organization.

Answer 119

A

Reporting Suspicious Events

Answer 120

A

A bastion host is a highly secured computer system located on a network that is designed to withstand attacks. It is typically placed on the network perimeter and acts as a gateway for access to the internal network.

Answer 121

A

Manpower Capacity

Answer 122

A

Watering Hole

Answer 123

A

Mandatory Access Control - MAC - enforces access controls set by a system administrator or security policy. Users do not have discretion over the access controls; instead, access is determined by the system according to the security labels assigned to files.

Answer 124

A

Data Custodian

Answer 125

A

Insider Threat
USB

Answer 126

A

Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed cybersecurity vulnerabilities and exposures that provides a unique identifier (CVE ID) for each vulnerability. It typically includes information about the affected platform or software.

Answer 127

A

Tokenization - Involves replacing sensitive data such as a credit card number with a unique identifier (token) that has no exploitable meaning or value.

Answer 128

A

Reflective Denial of Service

Answer 129

A

BIOS Update

Answer 130

A

Because this is unauthorized, this would be considered data exfiltration. Data exfiltration involves the unauthorized transfer of data from a system, which could manifest as DNS queries bypassing security measures.

Answer 131

A

Active reconnaissance involves directly interacting with the target system to gather information. Examples approaches to this include launching port and vulnerability scans.

Answer 132

A

Disaster Recovery Plan - Preparing for any type of disaster that could occur.

Answer 133

A

AUP - Acceptable Use Policy

Answer 134

A

Containers - Provide a lightweight and portable way to package, isolate, and run applications along with their dependencies. They allow application developers to use different versions of the operating system without impacting the application itself, as each container includes everything needed to run the application independently of the underlying host system.

Answer 135

A

Encryption is crucial for protecting data confidentiality, and if a device cannot meet the necessary encryption standards, it poses a significant security risk to the network. Removing such a device helps ensure that sensitive data remains adequately protected.

Answer 136

A

Geographic Dispersion
Cloud Infrastructure

Answer 137

A

Secure Access Service Edge (SASE) is a cloud-native security architecture that combines network security functions with WAN capabilities to provide improved performance and flexibility for remote users and branch offices, making it an ideal solution for the organization.

Answer 138

A

Threat Hunting - The CISO entering the server room could be interpreted as conducting a form of threat hunting, such as inspecting server configurations or checking for signs of compromise.

Answer 139

A

Threat Hunting - Involves proactively searching for and identifying potential security threats or vulnerabilities within an organization’s environment. The CISO entering the server room could be interpreted as conducting a form of threat hunting, such as
inspecting server configurations or checking for signs of compromise

Answer 140

A

Jump Server - A server that allows remote access to specific portions of a network while ensuring isolation of traffic for the user accessing it. RDP does not prevent other traffic on the connection.

Answer 141

A

Sideloading - .apk (android application packages)-

jailbreakikng - specific to IOS.

Answer 142

A

Geographic Dispersal

Answer 143

A

Access-list inbound deny ip source 131.107.2.1 /32 destination 0.0.0.0/0
This rule denies all traffic originating FROM the IP address 131.107.2.1 TO any destination, effectively preventing the attacker from accessing the internal network.

Answer 144

A

Scheduled downtime refers to a planned period during which a system or service is offline for maintenance or updates. It is communicated to users, as in the question and it does not count towards the uptime percentage guaranteed by the SLA. Option A is incorrect.

Answer 145

A

Hover the mouse over the Hyperlink - Hovering the mouse over the hyperlink lets you preview the destination URL without clicking on it. This can help determine whether the link is legitimate or malicious, providing valuable information for further action without risking attack activation.

this should be checked before verifing the ID of the sender.

Answer 146

A

Increased project efficiency and effectiveness

Answer 147

A

Implementing a technical control - the others are Risk Transferance, taking no action is Risk Acceptance.

Answer 148

A

DIAMTER
RADIUS -

TACACS+ is not a microsoft server, it’s a protocol primarily used for nework device authentication.

Answer 149

A

A Site Survey and Heat Map

Answer 150

A

To Change the default credentials.

Answer 151

A

OCSP provides real-time validation of a certificate’s status by querying a certificate authority’s server to determine whether the certificate is valid. CRL is used to verify but does not provide real-time validation.

Answer 152

A

Install a Hot Site.

Answer 153

A

Understanding the intricacies of foreign corporate tax laws.

Answer 154

A

Phishing and Smishing

Answer 155

A

Insider Threat

Answer 156

A

A Nation-State.

Answer 157

A

Risk Register

Answer 158

A

Organized Crime

Answer 159

A

Offensive and defensive

Answer 160

A

Jailbreaking (Rooting is only android)

Answer 161

A

Adopt change management procedures

Answer 162

A

Encryption

Answer 163

A

A SQL injection involves inserting malicious SQL code, or queries, into input fields of a web application, exploiting vulnerabilities to manipulate or retrieve data from a database. It is a common attack vector in web security and can lead to severe data breaches if not properly mitigated.

Answer 164

A

SLA - Service License Agreement - Typically involve measurable service levels, such as response times, uptime percentages, and resolution times, making them well-suited for measurement in metrics.

Answer 165

A

Deployment and Continuous Integration

Answer 166

A

Lessons Learned

Answer 167

A

Jump Server (aka Bastion Host)

Answer 168

A

Hardware and Software Lists

Answer 169

A

Regression testing involves retesting the code to ensure that changes or updates have not introduced new bugs or errors and that the software still meets its requirements

Answer 170

A

Writing incident response policies and procedures
Defining team members roles and responsibilities

Answer 171

A

The location - Different regions or countries may have varying laws and regulations regarding data privacy.

Answer 172

A

Availability

Answer 173

A

By comparing the hash before and after downloading, you can verify whether the file has been altered during transmission. If the hashes match, it is highly likely that the file has not been tampered with.

Answer 174

A

Endpoint logs, such as those generated by endpoint protection platforms (EPPs) or endpoint detection and response (EDR) solutions, are the most relevant for investigating suspicious activities on a compromised laptop.

Answer 175

A

Script for provisioning user accounts.

Answer 176

A

Making changes to the firewall configuration.

Answer 177

A

To thoroughly investigate and understand the security practices of a potential business partner before forming a contractual relationship. This process ensures that the partner adheres to acceptable security standards and practices and thereby reduces the risks associated with data breaches and compliance issues when entering into contractual relationships.

Answer 178

A

BPA - Business Partnership Agreement.
outlines the terms and conditions of a business relationship between parties, including their respective contributions and who makes each type of decision.

Answer 179

A

To increase website reliability and availability by distributing incoming traffic across multiple identical web servers

Answer 180

A

(SEIM) Security Information and Event Management is a centralized system that can correlate and track intrusions across network boundaries.

Answer 181

A

Segmentation - Involves the isolation of vulnerable devices from the rest of the network to limit their ability to communicate with other devices and reduce the potential impact of the security vulnerability.

Answer 182

A

MTTR - Mean Time To Repair

Answer 183

A

Root Cause Analysis
Involves investigating the underlying cause or causes of an incident to understand how it originated and identify measures to prevent similar incidents from occurring in the future.

Answer 184

A

Password Spraying
This log pattern, where multiple usernames are attempted with the same password, is an indication of password spraying

Answer 185

A

Code Signing

Answer 186

A

To ensure that if a device is involved in an incident, the owner can be contacted.
To retrieve company data from devices when an employee leaves the company.

Answer 187

A

Windows Defender Antivirus provides real-time monitoring and protection against potentially unwanted programs; it blocks them and prevents downloads of any such programs as well.

Answer 188

A

The severity of the reported vulnerabilities

Answer 189

A

Virtualization allows for the creation of virtual instances of servers, many of which can run on a single physical server. This consolidation reduces the overall number of physical servers required, making it the most suitable technology to optimize space in the smaller server room.

none of the other options reduce the number of phsyical servers.

Answer 190

A

CVSS provides a standardized method for assessing and prioritizing the severity of vulnerabilities, setting a score of 9 or 10 for critical and 0.1 to 3.9 for low.

Cve doesn’t prioritize them

Answer 191

A

Supply Chain Distruption

Answer 192

A

Retention

Answer 193

A

VLAN - Virtual Local Area Network can help segregate and secure the legacy payment system from other parts of the network and reduce the risk of attacks.

Answer 194

A

To simulate a cyberattack and ID and exploit vulnerabilities in the network’s defenses.

Answer 195

A

An R&D unit.

Answer 196

A

Sandboxing is a security mechanism that isolates applications from the rest of the system to prevent them from causing harm.

Answer 197

A

To collect data about the target through indirect methods without alerting the target.

Answer 198

A

Patch availability
No further updates or patches will be released for the legacy booths, meaning that these machines will remain vulnerable to security exploits and threats.

Answer 199

A

Receiving an email that has a free gift using an executive�s name in the From field

Answer 200

A

Detective and Preventative

Answer 201

A

A destruction Certificate

Answer 202

A

FDE - Full Disk Encryption

Answer 203

A

Dependency failure

Answer 204

A

Situational Awareness Training
Frequency and Duration

Answer 205

A

Least Privilege

Answer 206

A

Reporting Suspicious Activities and Potential Security Threats - MOST important

Answer 207

A

To verify the sender’s identity and integrity of email messages.

Answer 208

A

Staging phase in the SDLC is where software is tested in an environment that closely mimics the production environment but is not live. Creating customized reports at this stage allows the administrator to validate data and functionalities before they are moved to the production phase.

Answer 209

A

To allow individuals to request the deletion of their personal data from a company’s records when it is no longer necessary or relevant.

Answer 210

A

False Positive

Answer 211

A

A back-out plan outlines the steps to revert the changes and restore the system to its previous state if the changes do not produce the expected results.

Answer 212

A

Placing the doctor�s mailbox on legal hold preserves electronic evidence by ensuring that any emails or communications cannot be deleted during the investigation.

Answer 213

A

Run a vulnerability scan
Change the default password

Answer 214

A

To Identify potential vulnerabilites and weknesses in the system.

Answer 215

A

Identical Hosts

Brainscape's Knowledge GenomeTM

Test Questions Flashcards

Brainscape's Knowledge Genome^TM