Thor's 100 Questions Set 1 Flashcards
In our best practice password policy, which of these would be allowed?
Using a password that includes your personal information, such as your name or birthdate
Using a password that is at least 6 characters long
Using the same password for multiple accounts
Using a password that contains a combination of letters, numbers, and special characters
Using a password that contains a combination of letters, numbers, and special characters
Why: This is an ideal practice for creating a strong password. Using a combination of uppercase and lowercase letters, numbers, and special characters makes the password more difficult to guess and harder to crack through brute-force attacks. The complexity of the password increases with the variety of characters used. This strategy is often part of a robust password policy aimed at enhancing security.
Which of the following is the MOST effective physical perimeter security control?
Fencing
Security guards
Access control systems
Security cameras
Security guards
Why: The effectiveness of a physical perimeter security control largely depends on the context, but among the choices provided, security guards are generally considered to be the most effective. The reason is that they offer a dynamic, flexible, and adaptive solution to physical security. Security guards can respond in real-time to changing situations, identify suspicious behavior, and provide immediate human intervention, often acting as a deterrent to potential intruders. They can use judgment and discretion in a way that other listed systems cannot.
We are blocking unused ports on our servers as part of our server hardening. We have chosen to block UDP (User Datagram Protocol) port 137. What are we blocking?
SMTP
NetBIOS name resolution
HTTPS
DNS
NetBIOS name resolution
Why: NetBIOS (Network Basic Input/Output System) is a networking protocol used primarily on networks using Microsoft Windows, for various purposes such as file sharing, printer sharing, and other network services. Port 137 over UDP (User Datagram Protocol) is specifically used for NetBIOS name resolution, which is essentially the method by which NetBIOS names are resolved to IP addresses. So, by blocking UDP port 137, you are blocking NetBIOS name resolution
DNS - port 53
SMTP - port 25
HTTPS - port 443
Which of the following is a type of security testing that involves deliberately trying to breach the security of a system to identify vulnerabilities?
Security auditing
Break attack simulations (BAS)
Penetration testing
Vulnerability scanning
Penetration testing
Why: Penetration testing involves simulating an attack on a system to identify vulnerabilities that could be exploited by a real attacker. Penetration testers, or “ethical hackers,” use the same techniques as malicious hackers, but they do it legally and ethically, to identify and document vulnerabilities that could be exploited. The goal of penetration testing is to identify weak points in an organization’s security posture before they can be exploited by a real attacker.
What is the MOST secure type of software to use in a critical infrastructure system?
Commercial off-the-shelf (COTS) software
Proprietary software
Open-source software
Custom-developed software
Custom-developed software
Why: When it comes to critical infrastructure systems, the most secure option is often custom-developed software. This is because the software can be designed specifically with the unique needs and vulnerabilities of the infrastructure system in mind. Unlike commercial off-the-shelf (COTS), open-source, and proprietary software, custom-developed software is not widely distributed, so its vulnerabilities are not as well known or exploitable. The source code of custom-developed software is typically not shared with the public, which means it’s harder for potential attackers to analyze the software for vulnerabilities.
Which of the following is NOT a principle of Privacy by Design (PbD)?
Highest Priority
End-to-end security
User-centric
Proactive rather than reactive
Forced consent
Highest Priority
Why: Privacy by Design (PbD) is a framework that promotes privacy and data protection compliance from the start, emphasizing proactive measures to ensure privacy. The principles of PbD encourage proactive rather than reactive measures, privacy as the default setting, privacy embedded into the design, full functionality – positive-sum, not zero-sum, end-to-end security, visibility and transparency, and respect for user privacy (user-centric). None of the official principles of PbD specifically mentions “highest priority” as a standalone concept. While prioritizing privacy is implicit in the ethos of PbD, it’s not listed as a discrete principle in this framework.
Which type of control would best describe a security guard?
Physical control
Environmental control
Operational control
Technical control
Physical control
Why: Physical controls are security measures that are designed to deny unauthorized access to physical resources and protect against physical threats. They involve tangible, visible means of protection. A security guard falls under this category as their job is to physically prevent unauthorized individuals from accessing certain areas, to deter and detect potential security breaches, and respond to various security incidents. They physically patrol a facility and use their presence as a deterrent to crime. In some cases, they may also interact with access control systems, another form of physical control. The role of a security guard, therefore, fits most appropriately within the context of physical control. They can also be used as a compensating control.
ThorTeaches.com has implemented a new access control system for its employees. The system requires all employees to use a unique username and password to log in to the company’s network. However, you have received reports from some employees that they are able to log in using someone else’s username and password. What is the most likely cause of this issue?
Employees are sharing their login information
The employees’ passwords are too easy to guess
The access control system has been hacked
The access control system is not configured correctly
Employees are sharing their login information
Why: Employees are sharing their login information: This is the most likely cause. If employees can log in using someone else’s credentials, it’s often because they have been shared, intentionally or unintentionally. While it’s possible that other factors, such as a misconfigured system, weak passwords, or even a breach, could be contributing factors, the ability for one employee to use another’s credentials typically points to credential sharing directly. It’s essential to ensure employees know the risks of sharing their login information and are educated about keeping their credentials confidential.
What is the main security control of a secure password?
Password length
Password encryption
Password complexity
Password expiration
Password complexity
Why: A password with a high level of complexity, including a combination of uppercase and lowercase letters, numbers, and special characters, is more difficult for attackers to guess or crack through brute force methods.
Which type of malware is embedded in another normal program?
Worm
Trojan Horse
Virus
Ransomware
Trojan Horse
Why: A Trojan Horse is a type of malware that is often disguised as legitimate software or is embedded within legitimate software. The term is derived from the Ancient Greek story of the wooden horse that was used to help Greek troops invade the city of Troy by stealth. Similarly, in the computing context, a Trojan Horse tricks users into loading and executing malicious code on their systems. These threats are usually spread by some form of social engineering, for example, where a user is duped into executing an email attachment disguised to appear not suspicious, or by drive-by download.
Which of the following security control strategies is the MOST effective in preventing unauthorized access to sensitive information?
Training employees on security best practices
Installing antivirus software
Conducting regular security audits
Implementing two-factor authentication
Implementing two-factor authentication
Why: Two-factor authentication is the most effective option for preventing unauthorized access to sensitive information. It provides an additional layer of security beyond just a username and password. With two-factor authentication, even if an attacker is able to steal a user’s password, they would still need the second factor (which could be a code sent to the user’s phone, a fingerprint scan, etc.) to gain access. This makes it much more difficult for unauthorized individuals to access sensitive information.
Acting ethically is very important, especially for IT security professionals. If we look at the IAB’s “Ethics and the Internet,” which of these behaviors does it NOT consider unethical?
Hacking into a website without permission
Using an anonymous proxy to browse the internet
Sharing personal information without consent
Using a company’s network for personal gain
Using an anonymous proxy to browse the internet
Why: Using an anonymous proxy to browse the Internet: The IAB’s “Ethics and the Internet” does not consider using an anonymous proxy to browse the Internet as unethical. This practice is generally acceptable as long as it is used responsibly and legally. Anonymous proxies are tools that provide privacy to internet users, hiding their IP addresses and encrypting data. They can be used to maintain anonymity, bypass geographical restrictions, or protect sensitive information. However, it is crucial that such tools are used ethically and not for purposes that breach the law or infringe on others’ rights, such as hacking, cyberstalking, or accessing prohibited content. While some may argue that they can be used for nefarious purposes, the tools themselves aren’t inherently unethical: it’s how they’re used that can be. The act of simply using an anonymous proxy to browse the internet is not considered unethical according to the IAB’s guidelines.
ThorTeaches.com has recently experienced some issues with software updates, and it has become apparent that the changes were not properly documented or reviewed before they were implemented. How can we ensure that changes made to software are properly documented and reviewed?
By having a dedicated team of security analysts review the changes made to the software
By implementing a system that automatically logs all changes made to the software
By requiring all software developers to sign a document indicating that they have reviewed the changes made to the software
By implementing a robust password policy for all software developers
By implementing a system that automatically logs all changes made to the software
Why: Implementing a system that automatically logs all changes made to the software ensures that changes are properly documented and consistently reviewed, providing a foundation for accountability and traceability in the software development process. Such a system can provide a complete history of what changes were made, when, and by whom, which is essential for effective review and auditing.
What is the MOST effective way to secure company information when employees use their own devices for work?
Installing antivirus software on all devices
Providing employees with company-owned devices
Implementing a bring your own device (BYOD) policy
Implementing strict password policies
Implementing a bring your own device (BYOD) policy
Why: A bring your own device (BYOD) policy allows employees to use their own devices for work while also establishing security measures, such as setting up virtual private networks (VPNs) and requiring multi-factor authentication, to protect company information. Such a policy should include rules for what types of devices are allowed, what data can be accessed, what security measures must be in place on the device, and what happens if the device is lost or stolen. This provides a structured framework for employees to use their personal devices in a secure and controlled manner.
Which of the following is the PRIMARY indicator of good governance in an organization?
Least amount of risk to the organization
Best alignment of resources with business objectives
Most effective decision-making processes
Highest level of compliance with regulations
Best alignment of resources with business objectives
Why: Best alignment of resources with business objectives: Good governance in an organization is primarily indicated by how well the resources (human, financial, physical, technological, etc.) are aligned with the organization’s business objectives. This is because effective governance ensures that an organization’s resources are used in a way that best supports achieving its strategic goals and objectives. When resources are aligned with business objectives, the organization has a clear strategy and direction, and all its actions are designed to support this strategy. It also suggests a strong coordination between different units of the organization, with everyone working towards the same goals.
Which of the following is the HIGHEST priority in QoS (Quality of Service)?
Minimum latency
Maximum availability
Maximum bandwidth
Minimum delay
Minimum delay
Why: In Quality of Service (QoS), especially for low latency applications like VoIP, online gaming, or live video streaming, the highest priority is usually given to minimum delay. Delay refers to the time taken for a packet of data to get from one designated point to another in the network. It encompasses all possible sources of delay including propagation, transmission, and processing delays. By minimizing delay, networks ensure that data packets move swiftly through the network, thereby enhancing the user experience especially in real-time communications where a fraction of a second can make a significant difference.
Which of the following is NOT a requirement of the Information Security Governance standard?
Regular review and monitoring of security controls
Development of policies and procedures
Implementation of a user training program
Use of encryption for all data transmissions
Use of encryption for all data transmissions
Why: While encryption is a critical component of information security, it is not specifically required by the Information Security Governance standard. This standard focuses on the development and implementation of policies and procedures, regular review and monitoring of security controls, and user training.
Which of the following is the MOST effective way to handle a regulatory investigation?
Ignoring the investigation and hoping it will go away.
Hiring a lawyer to handle all communication with the investigating agency.
Providing false or incomplete information to the investigating agency.
Cooperating fully with the investigating agency and providing all relevant information.
Cooperating fully with the investigating agency and providing all relevant information.
Why: Cooperating fully with the investigating agency and providing all relevant information is the most effective way to handle a regulatory investigation because it shows that the organization is transparent and willing to work with the investigating agency to resolve any issues.
Which of the following is the FIRST step in a public key cryptography system?
Exchange of public keys
Encrypting the message with the public key
Generating the private key
Decrypting the message with the private key
Generating the private key
Why: In public key cryptography, also known as asymmetric cryptography, the very first step is to generate a private key. The private key is kept secret by the user and is not shared with others. This private key is used to decrypt data that has been encrypted with the corresponding public key.
Which of the following is NOT a typical role of an auditor?
Providing recommendations for improvement
Making decisions on behalf of the organization
Evaluating the effectiveness of internal controls
Verifying compliance with laws and regulations
Making decisions on behalf of the organization
Why: Making decisions on behalf of the organization) is NOT the role of an auditor, as their role is to provide independent and objective assessments and recommendations rather than making decisions for the organization.
What is a commonly used method for assessing the potential consequences of a disruption to an organization’s operations and resources?
Business impact analysis
Threat analysis
Risk assessment
Risk management
Business impact analysis
Why: Business impact analysis (BIA) is a systematic process that assesses the potential consequences of a disruption to an organization’s operations and resources. It helps an organization understand the potential impact of such disruptions, and therefore, can plan better for various contingencies to minimize their effects. The purpose of BIA is to identify the critical functions, services, and resources that need to be protected and to prioritize the recovery of those operations and resources in the event of a disruption.
Which of the following is the FIRST step in implementing a positive-listing strategy?
Configure user access controls
Develop a list of approved applications and block all others
Implement firewall and intrusion detection systems
Identify and categorize all authorized applications
Identify and categorize all authorized applications
Why: In implementing a positive-listing strategy, the first step involves identifying and classifying all qualified applications. Positive-listing or allowlisting is essentially about having a list of applications approved for use within a particular environment, whether a network, an operating system, a device, etc. For this, the administrators must first know what applications are authorized. This involves gathering all applications currently in use and potentially necessary, examining their security profiles, understanding their roles within the operational infrastructure, and making decisions about their continued authorization.
What is the definition of access control?
The ability to access and manipulate data within a system
The provision of resources to users based on their roles and responsibilities
The management and distribution of keys for physical security
The prevention of unauthorized access to assets
The prevention of unauthorized access to assets
Why: Access control is a security measure that is implemented to prevent unauthorized access to assets within a system. It’s a process that allows, denies, or restricts access to a resource. It ensures that only authenticated and authorized users can access specific resources, thus preventing unauthorized access. It does this through a variety of methods, such as implementing passwords, biometrics, two-factor authentication, and more.
In our disaster planning, we are looking at another site for a data center. We would want it to take us less than an hour to be back to operation on our critical applications. Which type of disaster recovery site are we considering?
Cold site
Mobile site
Warm site
Hot site
Hot site
Why: A hot site is a type of disaster recovery site that is fully equipped to take over all IT operations within a very short time period. A hot site has all the necessary hardware, software, network connectivity, and data replication facilities to ensure business continuity even in the event of a disaster. It would provide the capability for the company to be operational within an hour for critical applications, aligning with the scenario described in the question.
What is the FIRST step in the security assessment process?
Develop and implement security controls
Identify assets and vulnerabilities
Conduct risk analysis
Establish security requirements
Establish security requirements
Why: Establishing security requirements is a critical initial step in the security assessment process. It involves determining what needs to be protected and the level of protection required. This step sets the foundation for the entire security assessment, by defining the security objectives, compliance requirements, and the criteria against which the security posture will be evaluated. Before you can identify assets and vulnerabilities, conduct a risk analysis, or develop security controls, you need to understand what you are protecting and why, which is determined by your security requirements.
What is the FIRST principle of nonrepudiation?
The recipient cannot deny receiving the message
The sender cannot deny sending the message
The sender and recipient cannot deny the contents of the message
The message cannot be altered in transit
The sender cannot deny sending the message
Why: The FIRST principle of nonrepudiation is that the sender cannot deny sending the message. This ensures that the sender cannot later claim that they did not send the message, which would be necessary in the case of a legal dispute or contract negotiation.
Which of the following is the PRIMARY indicator that a fail secure door is functioning properly?
The door is locked when power is on.
The door is locked when power is lost.
The door is unlocked when power is on.
The door is unlocked when power is lost.
The door is locked when power is lost.
Why: Fail secure doors are designed in such a way that when the power is lost or the system is not working, the door defaults to a locked state. This ensures that the property remains secure even during power outages or system failures. It is the essential characteristic and primary indicator that a fail secure door is functioning as it should be.
Which of the following is the MOST important consideration when conducting a penetration test?
The cost of the test
The amount of time spent on the test
The scope of the test
The tools used in the test
The scope of the test
Why: Because the scope of the test provides the most accurate evaluation of the system’s vulnerabilities and risks.
Which of the following best defines the concept of least privilege?
The practice of granting users access to all resources and systems on the network
The practice of granting users the minimum access necessary to perform their job functions
The practice of granting users the same level of access as the system administrator
The practice of granting users the maximum access possible to perform their job functions
The practice of granting users the minimum access necessary to perform their job functions
Why: The practice of granting users the minimum access necessary to perform their job functions is the most accurate definition of least privilege. This security principle ensures that users only have access to the resources and systems that they need to do their job, and are not granted unnecessary privileges that could potentially be exploited by attackers.
During an attack, some of our data was deleted. Which leg of the CIA triad would be MOSTLY affected?
Integrity
Confidentiality
Availability
Authenticity
Availability
Why: When an attack results in data deletion, the leg of the CIA triad most affected is ‘Availability.’ The concept of availability in the CIA triad refers to the assurance that systems and data are accessible by authorized users when needed. If data has been deleted, it directly hampers availability as the data or the system becomes inaccessible to the users who need it. Therefore, the availability leg of the triad is most affected in this scenario.
If we are using a qualitative risk analysis approach, which of these would we use?
Likelihood and impact matrix
Probability and likelihood matrix
Threat and vulnerability matrix
Probability and impact matrix
Likelihood and impact matrix
Why: A qualitative risk analysis approach focuses on identifying the risks involved in a project or any business activity and assesses them based on their potential impact and the likelihood of their occurrence. It doesn’t involve numerical or financial measures but rather uses descriptive or categorical scales. The risk is evaluated based on its perceived impact and the probability or likelihood of its occurrence, which is why a “likelihood and impact matrix” would be used in a qualitative risk analysis approach. This matrix helps in prioritizing risks based on their potential effect and the probability of their occurrence.
Which of the following is the MOST effective managed services offering for a small business?
Cloud-based data backup
On-site IT support
Antivirus software updates
Remote network monitoring
Cloud-based data backup
Why: This is because it provides a scalable, cost-effective, and reliable solution for storing and securing important data offsite. This helps small businesses ensure business continuity and prevent data loss due to hardware failures, natural disasters, or cyberattacks.
As the CIO of a large multinational corporation, you are responsible for implementing and maintaining strong IT security practices throughout the organization. One of your employees has just reported that they have received a suspicious email from a seemingly legitimate vendor asking for sensitive financial information. You suspect that this email may be part of a phishing attack. Which of the following actions should you take FIRST in response to this situation?
Respond to the email requesting additional information about the request.
Forward the email to your IT security team for further analysis.
Alert all employees to be cautious of similar emails and to report them to the IT security team.
Contact the vendor directly to confirm the legitimacy of the request.
Forward the email to your IT security team for further analysis.
Why: The initial response to a potential phishing attack should involve forwarding the suspicious email to the IT security team. They possess the necessary tools and expertise to properly analyze the email and validate its source and intent. They can conduct a risk assessment and help develop a response strategy, which might include contacting the vendor, communicating with employees, or enhancing technical safeguards. Prioritizing analysis minimizes the potential for exposure of sensitive data and ensures informed decision-making.
In our Disaster Recovery Plan (DRP), we have distinct phases. In which phase would we act on our DR (Disaster Recovery) procedures?
Activation phase
Testing phase
Implementation phase
Planning phase
Activation phase
Why: The activation phase is the stage of a Disaster Recovery Plan (DRP) where the actual disaster recovery procedures are carried out. This phase is activated when a disaster is declared, and the previously planned and tested procedures are put into action. This can include everything from failover to secondary systems, notification of personnel, data restoration from backups, or relocation to a recovery site.
Which of the following is the MOST effective method for implementing continuous monitoring?
Quarterly risk assessments
Automated daily scanning
Bi-annual penetration testing
Manual periodic reviews
Automated daily scanning
Why: Automated daily scanning allows for real-time monitoring and detection of potential security threats, making it the most effective method for implementing continuous monitoring.
What is the primary goal of a company’s information security program?
To maximize profit
To reduce legal liabilities
To protect the confidentiality, integrity, and availability of the organization’s assets
To improve employee productivity
To protect the confidentiality, integrity, and availability of the organization’s assets
Why: The primary goal of a company’s information security program is to protect the confidentiality, integrity, and availability of the organization’s assets. This ensures that sensitive information is kept private, data is not altered or corrupted, and systems are available for authorized users to access. This applies not just to digital data but also to physical assets like servers and network infrastructure.
Which of the following is the MOST effective method for preventing unauthorized access to sensitive data?
Enabling firewalls on all network devices
Implementing two-factor authentication
Implementing strong password policies
Conducting regular security audits
Implementing two-factor authentication
Why: Two-factor authentication (2FA) requires a user to present two separate forms of identification before they can access sensitive data. This typically involves something the user knows (such as a password) and something the user has (like a text message sent to their phone, or a physical token). This method provides an additional layer of security beyond a single-factor authentication method (like a password), as it ensures that even if a password is compromised, an attacker would still need the second factor to gain access.
Our networking department is recommending we use a half-duplex solution for an implementation. What is a KEY FEATURE of those?
Two devices can transmit at the same time.
Data can be sent and received at the same time.
Devices can transmit and receive simultaneously.
Only one device can transmit at a time.
Only one device can transmit at a time.
Why: Half-duplex is a type of communication system in which data can flow in both directions between two devices, but not at the same time. This means that only one device can transmit data at a time, while the other device receives. This is similar to a walkie-talkie system where when one person is talking, the other one has to wait for their turn to respond. Hence, a key feature of a half-duplex solution is that it allows only one device to transmit data at a given time.
As the IT security manager of a large international bank, you want to ensure the availability of all critical systems for the organization. One of the key challenges you face is the frequent power outages in the region, which can cause disruptions to the bank’s operations. Which of the following strategies would be most effective in ensuring the availability of the bank’s systems during power outages?
Implementing a load balancing system to distribute workloads across multiple servers
Implementing a cloud-based infrastructure to reduce reliance on on-premises servers
Implementing a disaster recovery plan that includes regular backups of data and system configurations
Implementing an uninterruptible power supply (UPS) system to provide backup power during outages
Implementing an uninterruptible power supply (UPS) system to provide backup power during outages
Why: An uninterruptible power supply (UPS) system is specifically designed to provide power backup during outages, ensuring continuous availability of systems even when there is a sudden power loss. A UPS offers immediate power via its battery to the connected systems, allowing them to keep running without interruption. For a bank facing frequent power outages, the UPS system becomes essential to ensure the availability of its critical systems during such outages. It prevents abrupt system shutdowns, potential data losses, and keeps services accessible to customers.
What is the main difference between network security and data security?
Network security focuses on protecting the integrity of data, while data security focuses on protecting the confidentiality of data.
Network security focuses on protecting data, while data security focuses on protecting the physical infrastructure.
Network security focuses on protecting the physical infrastructure, while data security focuses on protecting data from unauthorized access.
Network security and data security are the same thing.
Network security focuses on protecting the physical infrastructure, while data security focuses on protecting data from unauthorized access.
Why: Network security refers to the measures taken to protect an organization’s network infrastructure from threats like malware, hacking, and denial of service (DoS) attacks. It mainly concerns itself with the prevention of unauthorized intrusion into the network. This involves securing the hardware, software, and the rules and procedures that govern network traffic. On the other hand, data security is about protecting data from unauthorized access, alteration, or destruction. This could involve various strategies like data encryption, access controls, data backup and recovery, etc. While network security could be seen as a component of data security, as it can help prevent unauthorized access to data, the two concepts focus on different aspects of security.
Which of the following is the FIRST thing a security consultant should consider when evaluating the security controls of a client’s organization?
The organization’s current security policies
The organization’s budget
The organization’s initial security assessment
The organization’s security consultants
The organization’s current security policies
Why: The first thing a security consultant should consider when evaluating the security controls of a client’s organization is the organization’s current security policies. These policies give the consultant insight into the existing controls, security procedures, and the organization’s overall approach to security. By evaluating these policies, the consultant can identify potential weaknesses or areas for improvement and then make informed recommendations.
A team of penetration testers with full physical access to our facility have found Protected Health Information (PHI) hard copies lying around. Which of our policies are our employees NOT following?
Least privilege.
Wireless policy.
Clean desk policy.
Shred policy.
Clean desk policy.
Why: A Clean Desk Policy instructs employees to clear their desks and securely store all documents when they are not at their workstations. The presence of hard copies of Protected Health Information (PHI) in the facility suggests that employees are not properly organizing and disposing of sensitive materials. The clean desk policy specifies that employees should keep their work areas clean and tidy, including properly storing or shredding any sensitive documents to prevent unauthorized access. This policy helps to prevent sensitive information from being accessed by unauthorized individuals, particularly in areas where non-employees may have access.
Which of the following OSI layers is responsible for providing the MOST reliable delivery of data packets from the source to the destination?
Data link layer
Transport layer
Network layer
Physical layer
Transport layer
Why: The Transport layer is responsible for providing the most reliable delivery of data packets from the source to the destination. This layer ensures end-to-end communication by managing the flow control, error detection, and correction. In the case of TCP (Transmission Control Protocol), one of the main transport layer protocols, it provides reliability by using sequence numbers, acknowledgements, and retransmission of lost or corrupted packets.
Which of the following is NOT a common attack vector?
Vulnerability scan
Physical intrusion
Social engineering
Malware
Vulnerability scan
Why: A vulnerability scan is a technique used to identify and classify the security holes (vulnerabilities) in a computer, network, or communications infrastructure. It is not an attack vector but a security tool that is used to improve network security. It’s part of a proactive approach to managing network security and is typically performed by the organization’s own security team or a third-party security service.
Which of the following is the definition of compliance?
The practice of following all applicable laws, regulations, and standards.
The process of tracking and reporting on an organization’s security posture.
The measurement of an organization’s adherence to internal policies and procedures.
The implementation of security controls to prevent unauthorized access to data.
The practice of following all applicable laws, regulations, and standards.
Why: Compliance, in a general business and security context, is defined as the process of ensuring that an organization operates by a set of guidelines, laws, or regulations established by a particular standard, regulatory authority, or the government. This can range from data protection laws, such as GDPR, to industry-specific regulations like HIPAA for healthcare. Non-compliance can result in penalties, fines, and loss of customer trust.
Which of the following is NOT a key component of a defense-in-depth strategy?
Layered Security
Vulnerability Analysis Prioritization
Diversity in Defense
Consistent Application of Security Policies Across Layers
Vulnerability Analysis Prioritization
Why: Vulnerability Analysis Prioritization: While vulnerability analysis and prioritization is an essential part of any strong security posture, it is not a component of the defense-in-depth strategy. Defense-in-depth is more about having multiple layers of security in place so that if one layer fails, others will still provide protection. Vulnerability analysis and prioritization comes under risk management but not specifically under defense-in-depth.
In our technology refresh cycle, we need to dispose of old hardware. What would we do for proper data disposal of SSD drives if we need to keep the drives intact?
Use magnetic degaussing to erase all data from the SSD drives.
Physically destroy the SSD drives by shredding or crushing.
Utilize Secure Erase commands or data wiping software specifically designed for SSDs
Simply delete the files from the SSD drives and then reformat them.
Utilize Secure Erase commands or data wiping software specifically designed for SSDs
Why: ecure Erase commands and specialized data wiping software designed for SSDs work with the drive’s firmware to ensure that all data, including data in spare and reserved areas, is securely erased. These methods take into account the specific characteristics of SSDs, such as wear leveling and flash memory architecture, to ensure that all data is wiped completely. This option is in line with best practices for data sanitization and is the most effective method for securely erasing data from an SSD without physically damaging the drive, making it the correct answer to the question.
Which of the following is the MOST effective method for ensuring timely patch management?
Relying on users to report potential vulnerabilities
Implementing a patch management policy and regularly monitoring patches
Ignoring patches until a security incident occurs
Installing all available patches as soon as they are released
Implementing a patch management policy and regularly monitoring patches
Why: Implementing a patch management policy and regularly monitoring patches is the most effective method because it ensures that patches are being regularly evaluated and applied in a timely manner. This proactive approach can help prevent security incidents caused by unpatched vulnerabilities.
Which of the following is the HIGHEST level of organizational processes?
Operational processes
Tactical processes
Strategic processes
Compliance processes
Strategic processes
Why: Strategic processes focus on the long-term direction and goals of an organization. They involve high-level planning and decision-making, determining the organization’s leadership, purpose, and priorities. Top management typically sets these processes and long-term impacts on the entire organization.
Which of the following is an example of a non-repudiation service?
Encryption
Data leakage prevention
Access control
Digital signature
Digital signature
Why: A digital signature is a cryptographic technology that is used to verify the authenticity and integrity of a digital message, software, or document. It provides non-repudiation services because it prevents someone from denying having signed a message or document after the fact. It achieves this by creating a unique hash of the data, which is then encrypted using the sender’s private key. If the receiver can decrypt the hash using the sender’s public key and it matches the hash of the data, it proves that the data came from the sender and was not tampered with, therefore providing non-repudiation.
Which of the following design principles is the MOST important in ensuring secure network architectures?
Physical security
Segregation of duties
Access control
Encryption
Access control
Why: Access control is the MOST important design principle in ensuring secure network architectures as it involves defining and enforcing rules for controlling access to resources within the network. This includes authentication and authorization mechanisms to ensure only authorized users have access to sensitive data and systems.
A ransomware attack has brought ThorTeaches.com’s systems to a halt. When conducting a security incident investigation, which of the following would be the primary focus of the investigation?
Determining the root cause of the incident
Finding out who was responsible for the incident
Documenting the timeline of events
Identifying and securing any vulnerable assets
Determining the root cause of the incident
Why: The primary focus of a security incident investigation is to determine the root cause of the incident so that appropriate measures can be taken to prevent it from happening again in the future. By understanding the root cause, the organization can respond effectively and improve their overall security posture.
The IT team at a financial institution is looking for a way to improve the security of the company’s systems and data. What is a commonly used method to keep an eye on and analyze security events to identify potential threats?
Continuous monitoring
Risk management
Security assessments
Incident response
Continuous monitoring
Why: Continuous monitoring is a method used to regularly and consistently monitor and analyze security events to identify potential threats and vulnerabilities. This includes the ongoing scanning of network traffic, the regular analysis of system logs, and the continuous observation of user activity to identify any suspicious or anomalous behavior. Continuous monitoring helps in keeping a real-time eye on all activities, thereby allowing timely detection and prevention of any malicious activities or security breaches.
Which of the following is the FIRST step in a firmware update process?
Obtaining the latest firmware from the manufacturer
Installing the new firmware on all devices
Testing the new firmware on a small group of devices
Backing up existing firmware
Obtaining the latest firmware from the manufacturer
Why: Obtaining the latest firmware from the manufacturer: This is the correct answer because it is essential to have the new firmware available before you can perform any other steps in the update process. The manufacturer will typically provide the latest firmware version, along with release notes, to inform users of the improvements and bug fixes made.
Which of the following is the LEAST likely security concern related to IoT (Internet of Things) devices?
Lack of strong authentication mechanisms
Insufficient network bandwidth
Inability to update and patch vulnerabilities
Unsecured device connectivity
Insufficient network bandwidth
Why: Although network bandwidth may be a concern for some IoT devices, it is not necessarily a security concern as other factors such as unsecured connectivity and lack of strong authentication mechanisms pose greater risks to IoT security.
In the event of a natural disaster, what is the FIRST step that should be taken to protect the organization’s assets?
Notify employees and evacuate the premises
Assess the damage and prioritize recovery efforts
Implement data backup and storage procedures
Implement a disaster recovery plan
Notify employees and evacuate the premises
Why: The first step in protecting the organization’s assets during a natural disaster is to ensure the safety of all employees. Before addressing technological or infrastructural aspects of a disaster, organizations must prioritize human life. This includes notifying employees about the disaster and evacuating the premises to ensure their safety. Other procedures related to data recovery or damage assessment are secondary to human safety.
Which of the following is the MOST effective method for physical penetration testing?
Conducting a walk-through of the facility
Using a lockpick set
Dumpster diving
Social engineering
Social engineering
Why: Social engineering involves manipulating people to reveal sensitive information or gain unauthorized access to systems or facilities. Social engineering can be highly effective because it exploits human psychology and trust, which are often considered the weakest links in security.
What is the primary goal of a company’s IT department?
To manage and maintain the company’s technology infrastructure and assets
To increase revenue and profits
To ensure compliance with industry regulations
To provide customer support and technical assistance
To manage and maintain the company’s technology infrastructure and assets
Why: The primary goal of a company’s IT department is to manage and maintain the company’s technology infrastructure and assets, including hardware, software, networks, and data. This includes ensuring the security and availability of these assets, as well as their ongoing maintenance and updates. They are responsible for ensuring that the company’s technology is functioning efficiently and securely, which in turn supports the company’s operations and strategic goals.
As the IT security manager for a large corporation, you want to implement a system to ensure that only authorized employees can access sensitive company data. Which security mechanism is used to manage and control access to network resources?
Encryption
Two-factor authentication
Access control list
Firewall
Access control list
Why: An ACL is a mechanism used to define who (or what) is allowed access to a specific system resource, and what operations they are allowed to perform on that resource. In the context of ensuring only authorized employees can access sensitive data, ACLs can specify which users or groups of users have access to certain data or network segments, and the type of access they have (e.g., read, write, execute).
Which of the following is NOT a characteristic of Software as a Service (SaaS)?
The user has full control over the software
The software is accessed through the internet
The provider is responsible for maintaining the software
The user pays for the software on a subscription basis
The user has full control over the software
Why: The user has full control over the software: In the Software as a Service (SaaS) model, the service provider is responsible for the underlying infrastructure, including the software itself. The service provider maintains, updates, and upgrades the software, providing users with access typically via the internet. Therefore, the user does not have full control over the software. They can generally manage user access and may have some level of configuration control, but they don’t control the software’s core aspects, like source code or infrastructure. This lack of control is often a trade-off for the convenience of not having to worry about maintenance and updates, which are handled by the provider.
Which of the following is the MOST effective way to prevent identity theft?
Using strong, unique passwords for all accounts
Installing antivirus software on your computer
Regularly checking your credit report for suspicious activity
Disclosing personal information to unknown sources
Using strong, unique passwords for all accounts
Why: Using strong, unique passwords for all accounts: This is the most effective preventive measure among the options listed. Strong, unique passwords make it much harder for thieves to access your accounts, even if they do manage to obtain some of your personal information. For best practice, use a combination of letters, numbers, and symbols in your passwords, and avoid using easily guessed information like birthdays or pet names. Additionally, using a different password for each account can help ensure that if one account is compromised, the others remain secure.
In our Redundant Array of Independent Disks (RAID) configuration, we are using striping with redundancy. At least how many disks would we need?
3
1
4
2
3
Why: When we talk about striping with redundancy in RAID configurations, we are typically referring to RAID 5. RAID 5 requires at least three disks. The data is striped across all but one of the disks (similar to RAID 0), and the last disk stores parity information which provides the redundancy. This parity information allows data to be rebuilt if one disk fails, hence providing fault tolerance.
Which of the following is the MOST important factor to consider when determining which cloud service provider to use for storing and managing information?
Cost
Integration with existing systems
Ease of use
Data security
Data security
Why: When choosing a cloud service provider for storing and managing information, data security should be the most important factor to consider. As the prevalence of data breaches and cyber attacks continues to rise, the need for robust data security measures becomes increasingly critical. Cloud storage providers must be able to demonstrate that they have strong encryption for data in transit and at rest, secure data centers, and robust procedures for handling data breaches, among other security measures. Additionally, they must be compliant with various global and industry-specific regulations, such as GDPR or HIPAA. If data security is compromised, it can lead to serious reputational damage, financial loss, and legal issues, making it the most important factor when choosing a cloud service provider.
What is the FIRST step in implementing a new security policy?
Develop a plan for monitoring compliance
Conduct a risk assessment
Train employees on the new policy
Update the policy to reflect current business needs
Conduct a risk assessment
Why: The first step in implementing a new security policy is conducting a risk assessment. This is important because it allows an organization to understand its current security posture, identify potential vulnerabilities, and evaluate the potential impact of threats. It provides a foundation for the development of a new security policy, ensuring that it addresses the specific security needs and risks of the organization.
What is the MOST important factor to consider when implementing a data classification scheme?
Data access permissions
Data sensitivity levels
Data storage capabilities
Data retention policies
Data sensitivity levels
Why: The MOST important factor to consider when implementing a data classification scheme is the sensitivity levels of the data. Understanding how sensitive different types of data are is the key to determining how they should be handled, who should have access to them, and what kinds of protections should be put in place. Data sensitivity often pertains to the impact on the organization should the data be inappropriately accessed, disclosed, modified, or destroyed. This could relate to legal implications, financial consequences, reputational damage, or effects on national security.
In order to ensure the safety of our customer’s personal information, we need to regularly assess the strength of our security systems. What is a common practice that helps organizations identify potential vulnerabilities and weaknesses in their security systems?
Implementing firewalls
Conducting internal reviews
Conducting external assessments
Implementing encryption algorithms
Conducting external assessments
Why: External assessments, also known as external audits, are performed by independent third parties who are not familiar with the organization’s security systems. This allows them to identify potential vulnerabilities and weaknesses that may not be easily noticeable by those who are familiar with the systems. These assessments can provide valuable insights and recommendations for improving the organization’s security posture.
What is the FIRST step in implementing a defense-in-depth strategy?
Implementing technical controls
Implementing physical security controls
Developing a security policy
Conducting a risk assessment
Conducting a risk assessment
Why: Conducting a risk assessment is the first step in implementing a defense-in-depth strategy. This process involves identifying assets, vulnerabilities, threats, and the potential impacts of these threats. By conducting a risk assessment, an organization can understand its security posture and prioritize resources to build an effective multilayered defense strategy based on the identified risks.
Which of these would be something we should encrypt if we are dealing with sensitive data?
Data sent over the network.
Hard disks.
Backup tapes.
All of these.
All of these.
Why: All of these options: hard disks, backup tapes, and data sent over the network: should be encrypted when dealing with sensitive data. Encryption is a critical part of a data security strategy. Hard disks: Hard disks often contain sensitive data, and if the computer is stolen or accessed by unauthorized individuals, this data can be at risk. By encrypting the hard disk, this data is protected, even if the hard disk itself falls into the wrong hands. Backup tapes: Like hard disks, backup tapes can contain large amounts of sensitive data. If they’re lost, stolen, or mishandled, that data can be compromised. Encrypting backup tapes ensures that this data remains secure. Data sent over the network: When data is sent over a network, it’s potentially exposed to anyone else who has access to that network. Encryption protects this data while in transit, ensuring that even if it is intercepted, it cannot be read without the proper decryption key.
An attacker has stolen one of our backup tapes. What could prevent the data on the tape from being accessible?
Destroying the tape
Encrypting the data on the tape
Storing the tape in a secure location
Changing the password on the tape
Encrypting the data on the tape
Why: Encrypting the data on the tape: Encryption refers to the process of converting data into a code to prevent unauthorized access. If the data on the backup tape were encrypted, it would appear as random, unreadable characters to the thief. Even if they possess the physical tape, they wouldn’t be able to interpret the data on it without the appropriate decryption key. This is the most effective means of protecting sensitive data from being accessed if it falls into the wrong hands. It’s a standard practice in data security, especially for data at rest or in transit.
What is the FIRST step that should be taken when addressing identification and authentication failures?
Identifying the root cause of the failure
Conducting a thorough security assessment
Implementing stricter access controls
Implementing additional authentication methods
Identifying the root cause of the failure
Why: Before any corrective actions can be taken to address identification and authentication failures, it is crucial to first understand the underlying issue that is causing the problem. This is accomplished by identifying the root cause of the failure. In some instances, it might be due to incorrect user credentials, system malfunctions, or network-related issues. Understanding the root cause enables the appropriate steps to be taken in resolving the issue effectively. It also aids in making informed decisions on the implementation of security controls, assessment strategies, or any other measures required to rectify the situation.
Which of the following is the HIGHEST benefit of using asymmetric encryption?
More secure communication between parties
Faster encryption and decryption times
Simplified key management
Increased ability to scale up encryption
More secure communication between parties
Why: Asymmetric encryption uses two different keys, a public and a private key, to encrypt and decrypt messages. This means that only the intended recipient has the private key needed to decrypt the message, providing a higher level of security compared to symmetric encryption which uses the same key for both encrypting and decrypting.
Which of the following is the MOST important aspect of mandatory reporting?
Providing support for affected individuals
Ensuring compliance with regulatory requirements
Maintaining the confidentiality of sensitive information
Protecting the organization’s reputation
Ensuring compliance with regulatory requirements
Why: Mandatory reporting refers to the legal requirement to report specific incidents or categories of information to regulatory bodies or appropriate authorities. The primary purpose of compulsory reporting is to ensure that organizations comply with these legal and regulatory requirements. Non-compliance can lead to significant fines, legal actions, and other repercussions.
Which of the following is the MOST effective way to secure a mobile device against malware?
Using a screen lock
Disabling all applications that are not essential
Installing a firewall
Regularly updating the device’s operating system
Regularly updating the device’s operating system
Why: Keeping the operating system of a mobile device updated is the most effective measure among the given options for securing a mobile device against malware. These updates often include patches for known vulnerabilities that malware could exploit. By staying updated, users can reduce the risk of infection.
Which of the following is an example of an access control mechanism?
Steganography
Encryption
Biometric authentication
Firewall
Biometric authentication
Why: This is the correct answer. Biometric authentication is an access control mechanism that verifies an individual’s identity based on physical or behavioral characteristics. These characteristics could include fingerprints, face recognition, voice patterns, or iris scans. This method of authentication is considered to be very secure because these physical or behavioral characteristics are unique to each individual and extremely difficult to replicate.
What is the BEST way for an IRT (Incident Response Team) to handle a data breach?
Restoring the affected systems to their previous state
Alerting the media and informing all affected parties
Ignoring the breach and hoping it goes away
Containing the breach and conducting a thorough investigation
Containing the breach and conducting a thorough investigation
Why: The best course of action for an IRT in the case of a data breach is to contain the breach as quickly as possible to prevent any further damage. This may involve disconnecting affected systems from the network, isolating the source of the breach, and conducting a thorough investigation to determine the cause and scope of the breach.
Which of the following would NOT be a compliance requirement for a company’s information security policy?
The use of encryption for data at rest
The use of biometric authentication
The use of strong password policies
The use of the smallest possible key length for encryption
The use of the smallest possible key length for encryption
Why: Compliance requirements for a company’s information security policy typically include the use of strong password policies, the use of encryption for data at rest, and the use of biometric authentication. The smallest possible key length for encryption would not be a compliance requirement. Shorter key lengths might be easier to manage and quicker to process, but they are more susceptible to brute force attacks and are therefore less secure.
What is the main function of a firewall?
To monitor network traffic for malicious activity
To provide virtual private network (VPN) services
To encrypt data transmissions
To block unauthorized access to a network
To block unauthorized access to a network
Why: A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. The primary function of a firewall is to separate a secure area (internal network) from a non-secure area (Internet) and to control communications between the two, effectively blocking unauthorized access to the network.
As part of her regular duties, Anastasia is reviewing our logs. When she does that, it is which type of control?
Passive preventative control
Active detective control
Passive detective control
Active physical control
Active detective control
Why: An active detective control involves manual intervention, such as audits and reviews to identify and react to issues or irregularities. In this case, Anastasia is actively reviewing logs, a proactive measure to detect anomalies, errors, or security threats. This active process of checking and verifying the logs can help to quickly identify and respond to potential problems. The term “active” refers to the proactive nature of this process, while “detective” signifies its purpose of detecting potential issues.
Who is the person leading our organization?
The CEO
The CIO
The CFO
The CTO
The CEO
Why: The CEO (Chief Executive Officer): In a traditional business hierarchy, the CEO is typically the highest-ranking executive in the company. They are responsible for making major corporate decisions, managing a company’s overall operations and resources, and acting as the main point of communication between the board of directors (the board) and corporate functions. Therefore, it is usually correct to say that the CEO leads an organization.
We have 12 old servers that have been decommissioned. Each server had four spinning disk hard drives. Which of these would NOT be an acceptable way for us to deal with remanence?
Degaussing the drive
Using a tool to encrypt the data on the drive
Physically destroying the drive
Overwriting the entire drive with random data
Using a tool to encrypt the data on the drive
Why: Remanence refers to the residual information that remains on storage media like hard drives after attempts have been made to remove or erase the data. The main goal when dealing with remanence is to ensure that no recoverable data is left on the disk. Encryption doesn’t adequately address this goal because it simply makes the data unreadable without the correct decryption key. However, the original data is still there, and it could potentially be recovered if the decryption key was somehow compromised or if advanced decryption methods were applied. Therefore, using a tool to encrypt the data on the drive wouldn’t be an acceptable way to deal with remanence in this situation.
We are going over our backup policies and implementations. Which type of backup backs everything up and clears the archive bit?
Mirror backup
Differential backup
Incremental backup
Full backup
Full backup
Why: A full backup is a method where all the files and folders selected for the backup will be backed up. After the full backup is taken, the system clears the archive bit to indicate that a backup has been made. This type of backup provides the highest level of protection by completely backing up all data within a system. It requires more storage space and takes more time compared to other methods like incremental or differential backups.
Which of the following is the FIRST step in implementing a software update?
Testing the update on a small group of systems
Installing the update on all systems
Identifying the need for the update
Conducting a risk assessment
Identifying the need for the update
Why: Before any software update can be implemented, the very first step is to identify the need for the update. This could be due to various reasons such as fixing security vulnerabilities, improving performance, adding new features, or addressing software bugs. Identifying the need for an update typically involves monitoring software performance, getting feedback from users, and staying informed about new security threats that could affect the software. It’s the basis for all subsequent actions and without this step, one wouldn’t know what to update or why it needs to be updated.
Which of the following is the MOST effective method for protecting the confidentiality of data in a file-level encryption system?
Encrypting the file with a public key
Hashing the file
Encrypting the file with a symmetric key
Compressing the file
Encrypting the file with a symmetric key
Why: This is the most effective method for ensuring the confidentiality of data in a file-level encryption system. Symmetric encryption uses a single key for both encryption (converting readable data into unreadable data) and decryption (converting the unreadable data back to its original form).
What is a collection of compromised computer systems that are controlled by a single entity, often used to launch distributed denial-of-service (DDoS) attacks?
Botnet
Malware
Trojan Horse
Firewall
Botnet
Why: A botnet is a collection of compromised computer systems that are controlled by a single entity. This allows the entity to launch distributed denial-of-service (DDoS) attacks, in which multiple compromised systems are used to flood a targeted website or network with traffic, disrupting its services. Botnets can also be used for other malicious purposes, such as stealing sensitive data or spreading malware.
We are looking at our risk responses. We are considering buying insurance to cover the gaps we have. Which type of response would that be?
Avoidance
Mitigation
Acceptance
Transference
Transference
Why: Transference is a risk response strategy where the organization transfers the risk to a third party without eliminating the risk entirely. This is typically accomplished through contractual shifting of the risk to another party or through insurance, as in this case. When you purchase insurance, you’re essentially transferring the financial risk to an insurance company.
Ritesh is the IT security manager at a large multinational corporation. One of his employees has recently alerted him to a potential data breach on the company’s servers. After investigating the issue, he discovers that an unauthorized individual has gained access to sensitive customer information. How should he handle this situation?
Immediately shut down all servers and networks to prevent further damage
Alert the authorities and perform a forensic analysis to determine the extent of the breach
Ignore the issue and hope it goes away
Notify affected customers and provide them with credit monitoring services
Alert the authorities and perform a forensic analysis to determine the extent of the breach
Why: In this situation, the appropriate response is to alert the authorities and conduct a forensic analysis to determine the size of the violation. Reporting the breach to authorities is necessary for legal and regulatory compliance and can aid investigations. It’s also essential for understanding and potentially identifying the attacker(s). Forensic analysis is essential to understand how the breach occurred, what data was accessed or stolen, and what vulnerabilities were exploited. This information is critical to prevent similar violations in the future, fix the identified vulnerabilities, and inform affected customers accurately about the compromised data.
You work in the IT department at a government agency and are responsible for implementing security measures to regulate who or what can view or use resources in the agency’s information system. What type of security measure is used to regulate who or what can view or use resources in an information system?
Access control
Encryption
Virtual private network
Firewall
Access control
Why: Access control is a security measure that regulates who or what can view or use resources in an information system. It essentially determines who is allowed to access what data, when, and from where. Access control can be based on several factors such as user roles, user attributes, environmental conditions, etc. Access control systems can provide layered security, allowing permissions to be set for entire groups of users or customized to the individual level.
What is the MOST appropriate method for protecting against DDoS (Distributed Denial of Service) attacks?
Configuring load balancers
Implementing network segmentation
Installing a firewall
Regularly changing all passwords
Configuring load balancers
Why: Distributed Denial of Service (DDoS) attacks aim to overload a network or system with excessive traffic to make it unavailable to users. One way to mitigate the effects of such attacks is to use load balancers. Load balancers distribute network traffic across multiple servers, preventing any one server from becoming overloaded. They can help absorb the influx of traffic that comes with a DDoS attack and ensure that the system continues to function. It’s worth noting that while load balancers can help mitigate DDoS attacks, they are not a comprehensive solution. More sophisticated DDoS mitigation strategies often involve a combination of techniques, including rate limiting, IP reputation lists, anomaly detection, and more.
What are the differences between a zero-day exploit and a known vulnerability?
A zero-day exploit is discovered by the vendor, while a known vulnerability is discovered by the attacker.
A zero-day exploit is a new and previously unknown vulnerability, while a known vulnerability is one that has potentially already been patched.
A zero-day exploit is a type of attack, while a known vulnerability is a type of defense.
A zero-day exploit is a type of malware, while a known vulnerability is a weakness in a system or application.
A zero-day exploit is a new and previously unknown vulnerability, while a known vulnerability is one that has potentially already been patched.
Why: A zero-day exploit is a new and previously unknown vulnerability, while a known vulnerability is one that has already potentially been patched: A zero-day exploit refers to a flaw in software that is unknown to the people or organization who created the software. Because it is not yet known by the software maker, it has not been fixed or patched, and can be exploited by attackers. The term ‘zero-day’ is used because there’s effectively zero days between the discovery of the vulnerability and the first attack that uses it. On the other hand, a known vulnerability is one that has been identified and typically patched by the software developer. This type of vulnerability is already known to the software maker, security professionals, and potentially malicious actors, but the risk is reduced if the patch is applied.
Which of the following is the BEST approach to preventing data breaches?
Implementing strict access controls
Ignoring cyber threats and hoping for the best
Investing in the latest security technologies
Regularly backing up data
Implementing strict access controls
Why: Implementing strict access controls, such as role-based access and authentication, is the most effective way to prevent unauthorized access to sensitive data. Access controls ensure that only authorized individuals can access specific data, systems, or resources. This can be achieved through measures such as user identification, authentication, and authorization. With strong access controls, the likelihood of unauthorized access (which could lead to data breaches) is significantly reduced.
Which of the following is the LEAST effective method for identifying individuals in a network?
Smart cards
Knowledge-based authentication
Passwords
Biometric authentication
Knowledge-based authentication
Why: Knowledge-based authentication, also known as challenge-response authentication, relies on the user being able to provide answers to specific questions or challenges. This method can be easily bypassed if an attacker is able to obtain this information through social engineering or other means.
What is the purpose of a security control assessment?
To provide a detailed analysis of an organization’s security policies
To determine the security posture of an organization
To ensure compliance with industry regulations and standards
To evaluate the effectiveness of security controls in protecting an organization’s assets
To evaluate the effectiveness of security controls in protecting an organization’s assets
Why: To evaluate the effectiveness of security controls in protecting an organization’s assets, A security control assessment is primarily designed to determine how well the organization’s security controls perform. This involves testing, examining, and interviewing to assess whether the rules are implemented correctly, operating as intended, and producing the desired outcome to meet the security requirements for the system or organization.
Which of the following is the FIRST step in the cyber security incident response process?
Conduct a post-incident review
Implement containment and eradication measures
Perform triage and analysis
Identify and document the incident
Identify and document the incident
Why: The first step in the cyber security incident response process is to identify and document the incident. This involves gathering information about the nature and scope of the incident, as well as any potential impacts on the organization’s systems and data.
Which of the following is the MOST effective measure for physical security?
Conducting regular security assessments
Installing security cameras
Implementing strict access control policies
Providing security guards at all entrances and exits
Implementing strict access control policies
Why: Access control policies are fundamental to physical security. They help prevent unauthorized access to facilities, resources, and information. These policies define who has the right to access certain areas, when they can access these areas, and what they can do once they have access. This may include implementing key cards, biometric systems, or other authentication methods to control access to certain areas. With stringent access control policies, even if other measures fail, unauthorized individuals should still be unable to gain access to secure areas.
Which of the following is the MOST secure way to implement multifactor authentication?
Using a combination of a password and a security token
Using a combination of a password, security token, and biometric authentication
Using a combination of a password and biometric authentication
Using a single password for all accounts
Using a combination of a password, security token, and biometric authentication
Why: This method is the most secure because it combines three distinct factors: something you know (password), something you have (security token), and something you are (biometric authentication, such as a fingerprint or facial recognition). By combining all three, even if one factor is compromised, the other factors still provide protection, making it extremely challenging for attackers to gain unauthorized access.
Which of the following is the MOST effective way to ensure the authenticity of a digital signature?
Using a trusted third party to verify the signature
Checking the certificate revocation list
Verifying the sender’s email address
Using a strong encryption algorithm
Using a trusted third party to verify the signature
Why: A trusted third party, such as a certificate authority (CA), can verify the authenticity of a digital signature by confirming that the sender’s digital certificate is valid and has not been revoked. This is the MOST effective way to ensure the authenticity of a digital signature because it provides a level of assurance that cannot be achieved through encryption algorithms or email address verification alone.
When authenticating against our access control systems, you present your ID. Which type of authentication are you using?
Multi-factor authentication
Two-factor authentication
Three-factor authentication
Single-factor authentication
Single-factor authentication
Why: Single-factor authentication: In the context of the question, presenting an ID is an example of single-factor authentication. Single-factor authentication (SFA) refers to the security process where users provide one form of identification to gain access to a system. This could be a username and password, a security token, a smart card, or in this case, an ID. It’s termed “single-factor” because it only involves one category or factor of authentication — something you know, something you have, or something you are. In this case, the ID is something you have.
What is the primary purpose of business continuity and disaster recovery planning?
To ensure that critical business processes can continue during a disaster
To prevent disasters from occurring in the first place
To minimize the financial impact of a disaster on the organization
To reduce the likelihood of data breaches
To ensure that critical business processes can continue during a disaster
Why: Business continuity and disaster recovery planning focuses on identifying potential disasters and developing strategies to minimize their impact on the organization, including maintaining critical business processes. BCP aims to maintain or quickly resume mission-critical functions following a disaster, while DR focuses on restoring an organization’s IT infrastructure and operations after a disaster.
Which of the following is the PRIMARY reason for implementing virtualized networks?
To increase network speed and performance
To simplify network management and maintenance
To increase network security
To reduce cost and increase efficiency
To reduce cost and increase efficiency
Why: Virtualized networks are primarily implemented to reduce cost and increase efficiency. Through network virtualization, one physical network can be partitioned into multiple virtual networks, each of which can run different applications and services. This allows for the optimal use of network resources and reduces the need for redundant infrastructure, leading to cost savings. It also allows for more flexible and dynamic configuration, which can improve efficiency by making it easier to adapt to changing needs. For instance, bandwidth can be allocated and reallocated based on demand, thereby reducing wastage and improving overall network utilization.
Which of the following is the MOST important factor in determining an organization’s RTO (Recovery Time Objective)?
The availability of backups
The impact of the outage on the organization’s operations
The amount of time required to repair damaged hardware
The amount of data that needs to be restored
The impact of the outage on the organization’s operations
Why: The impact of the outage on the organization’s operations is the most critical aspect to consider when determining an RTO because it directly affects the business continuity and profitability. If the downtime severely disrupts operations or results in significant revenue loss, the organization would need a shorter RTO, which means they’ll need to recover more quickly.
