Sec+ Practice Test 4

Question 1

1. Gizzard Videos wants to place sensitive resources in a separate zone that is protected by additional security controls such as firewalls or intrusion detection systems. Which of the following techniques can help the company achieve this goal?

   Options:

   • Security zones 
   • Threat scope reduction
   • Adaptive identity
   • Policy-driven access control

   Overall explanation:

   • Security zones are used to segment a network into smaller, more manageable areas in order to improve its security posture. For example, sensitive resources might be placed in a separate zone that is protected by additional security controls such as firewalls or intrusion detection systems.
   • Adaptive identity allows for more flexible and dynamic access control by using contextual data to make dynamic access control decisions, but it does not necessarily segment a network into smaller, more manageable areas.
   • Policy-driven access control allows for more flexible and dynamic access control by using pre-defined policies to make access control decisions, but it does not necessarily segment a network into smaller, more manageable areas.
   • Threat scope reduction is a technique used to reduce the potential impact of a security breach by limiting the scope of potential damage, but it does not necessarily segment a network into smaller, more manageable areas.

   Tags: Infrastructure Considerations

Question 2

2. Rachel, an IT support professional, has been told that one of her company's certificates appears not to be valid.  Using the name of the certificate, what is the quickest way for her to see if the certificate has been invalidated?

   Options:

   • Root of Trust
   • Certificate Revocation Lists
   • Online Certificate Status Protocol
   • Certificate Authorities

   Overall explanation:

   • Online Certificate Status Protocol (OCSP) is an internet protocol used for obtaining the revocation status of a digital certificate. Since she has the name, she can quickly look up the certificate to see if it has been invalidated.
   • Root of Trust (RoT) is a source that can always be trusted within a cryptographic system. This does not describe the internet protocol used for obtaining the revocation status of a digital certificate.
   • Certificate Authorities (CAs) are trusted entities that issue and manage security credentials and public keys for message encryption. Contacting the CA to check on the certificate's validity isn't a very fast way to find out if the certificate is invalid.
   • Certificate Revocation Lists (CRLs) are lists of certificates that have been revoked by a Certificate Authority before their scheduled expiration date. This will work, but she will have to scan through the entire list. Since she has the name, her best bet is to use the Online Certificate Status Protocol, not the CRL.

   Tags: Digital Certificates

Question 3

3. Take the Cake, a bakery, recently bought software to improve security. The software randomly adds data to the input of a hash function before it hashes it. What is the software doing?

   Options:

   • Salting
   • Digital Signatures
   • Key Stretching
   • Hashing

   Overall explanation:

   • Salting is a technique used in cryptography to add random data to the input of a hash function to increase security. This matches the technique being used in the scenario.
   • Digital signatures are a type of electronic signature that uses a specific type of encryption to ensure the authenticity and integrity of a digital message or document. This technique does not involve adding random data to the input of a hash function.
   • Key stretching is a method used that repeatedly hashing the password to make it more random and longer than it originally appeared. This should make the key more time consuming to break. It doesn't necessarily add data to the input, but it can.
   • The key difference between key stretching and regular hashing or salting is the number of times the hashing is done. Hashing is the process of converting an input of any length into a fixed size string of text, using a mathematical function. Hashing doesn't add data to the input before completing the conversion.

   Tags: Increasing Hash Security

Question 4

4. Linsey, an IT security manager, is responsible for ensuring the security of their company’s information. They are reviewing the company’s security policy and wants to make sure it covers the three main goals of information security, commonly referred to as the CIA triad. Which of the following is NOT one of these goals?

   Options:

   • Integrity
   • Confidentiality
   • Authenticity
   • Availability

   Overall explanation:

   • Authenticity is not one of the three main goals of information security, commonly referred to as the CIA triad.
   • Integrity is one of the three main goals of information security and refers to maintaining the accuracy and consistency of information.
   • Availability is one of the three main goals of information security and refers to ensuring that authorized users have access to information when needed.
   • Confidentiality is one of the three main goals of information security and refers to protecting information from unauthorized access or disclosure.

   Tags: Availability

Question 5

5. A security officer is using a system that involves the use of cameras to monitor activities in a given area. What is this system known as?

   Options:

   • Video surveillance
   • Lighting
   • Sensors
   • Access badge

   Overall explanation:

   • Video surveillance involves the use of cameras to monitor activities in a given area. This matches the system being used in the scenario.
   • Lighting is used to illuminate areas, often to deter criminal activity or enhance safety. It does not involve the use of cameras to monitor activities.
   • An access badge is a card that employees use to gain access to certain areas within a company building. It does not involve the use of cameras to monitor activities.
   • Sensors are designed to detect noise, motion, and the opening of windows and doors. They can be paired with video surveillance, but don't necessarily provide video evidence of intrusion.

   Tags: Surveillance Systems

Question 6

6. Which asymmetric encryption technique provides a comparable level of security with shorter key lengths, making it efficient for cryptographic operations?

   Options:

   • Diffie-Hellman
   • Elliptic curve cryptography (ECC)
   • RSA
   • DSA

   Overall explanation:

   • ECC is a type of trapdoor function that is efficient with shorter key lengths. For instance, ECC with a 256-bit key provides roughly the same security as RSA with a 2048-bit key. The primary advantage is that ECC has no known shortcuts to cracking it, making it particularly robust.
   • Diffie-Hellman is an algorithm primarily for secure key exchange, not directly comparable to the encryption efficiency offered by ECC's shorter key lengths.
   • While a foundational asymmetric algorithm, RSA generally requires longer key lengths than ECC to achieve comparable security levels.
   • Digital Signature Algorithm (DSA) is an algorithm used for digital signatures, but it doesn't inherently offer the same efficiency in terms of key length as ECC.

   Tags: Asymmetric Algorithms

Question 7

7. Neon Weaving wants to install bollards and a fence to improve security at their factory. Which of the following types of security controls are bollards and fences?

   Options:

   • Technical
   • Operational
   • Managerial
   • Physical

   Overall explanation:

   • Physical security controls are measures that involve protecting an organization’s physical assets. These controls can include security cameras, locks, bollards, fences, and security badges.
   • Operational security controls are measures that involve the day-to-day operations of an organization’s security. These controls can include backup and recovery procedures, configuration management, media protection, and log monitoring.
   • Managerial security controls are measures that involve directing and overseeing the overall security of an organization. These controls can include risk assessments, security awareness training, incident response planning, and service acquisition.
   • Technical security controls are measures that are put in place to protect the confidentiality, integrity, and availability of a system or network. These controls can include firewalls, intrusion detection/prevention systems, encryption, and access controls.

   Tags: Physical Security

Question 8

8. Which of the following is a formal request to a certificate authority for a digital certificate and contains the public key to be signed by the CA?

   Options:

   • CSR
   • Self-signed certificate
   • Wildcard certificate
   • Root of trust

   Overall explanation:

   • A CSR (Certificate Signing Request) is a message sent to a certificate authority containing details and the public key that the entity wishes to be certified. Once approved, the CA provides a certificate.
   • A self-signed certificate is signed by the same entity that generated it, not a formal request for another certificate.
   • A wildcard certificate is used to secure multiple subdomains under a single domain. The request itself is not termed as a wildcard.
   • The root of trust is the source of trust in a system, usually an entity or key, not a request for a certificate.

   Tags: Digital Certificates

Question 9

9. Which of the following BEST enhances the security by exponentially increasing possible combinations?

   Options:

   • Longer key length 
   • Block cipher mode
   • Hash collision
   • Key clustering

   Overall explanation:

   • A longer key length, when increased even by a single bit, can double the number of possible key combinations, thereby exponentially increasing security against brute-force attacks and making it more difficult for attackers to guess the correct key.
   • Key clustering is when two different keys produce the same ciphertext from the same plaintext. It's a phenomenon in cryptography but doesn't directly showcase the security benefits of longer key lengths.
   • Hash collision occurs when two different inputs produce the same hash output. It's a concern in cryptographic hashing but doesn't directly relate to the exponential security increase of longer key lengths.
   • Block cipher mode defines how to apply a cipher's encryption algorithm to blocks of data. It doesn't illustrate the principle of increasing security with longer key lengths.

   Tags: Password Security

Question 10

10. At Kelly Innovations Corp., Sarah noticed that their core business application, which tracks customer orders, was not updating inventory levels accurately. A recent update seemed to have introduced a bug. Which of the following would offer the BEST solution?

    Options:

    • Dependency check
    • Application rollback 
    • Application restart
    • Patch management

    Overall explanation:

    • Reverting an application to a previous state or version from a backup to correct issues caused by updates or changes. In this scenario, restoring the application from a backup taken two days earlier is an example of an application rollback and would be the most effective solution.
    • Application restart involves stopping and then starting an application, often to apply changes or ensure updates have taken effect. While it may be a part of many troubleshooting processes, it wouldn't address the bug introduced by the update.
    • Patch management is the process of managing updates for software applications. While the issue arose from an update, Jason is not suggesting another patch but is recommending reverting to a previous state.
    • Dependency check refers to ensuring that all required components, libraries, or modules needed by an application are present. The scenario doesn't suggest any missing dependencies; rather, it's a problem with the application's function.

    Tags: Application Security

Question 11

11. At WebDev Inc., Ryan, a software developer, is working on a project with a team spread across different geographical locations. When discussing the project's progress in a team meeting, they realized that two team members have been working on different versions of the same module. Which of the following procedures will resolve the conflict of working or two different instances of the module?

    Options:

    • Updating diagrams
    • Upgrading the software development tools.
    • Assigning a different module to each team member.
    • Implementing a version control system.

    Overall explanation:

    • Using a VCS ensures that all team members work on the most recent version of a module, and it allows tracking and merging changes efficiently.
    • Avoiding overlap doesn't resolve the conflict; it only diverts the problem. Proper version control is needed to handle such situations.
    • Updating diagrams refers process revising visual representations IT systems or processes order reflect changes or updates.
    • Simply upgrading tools doesn't address the core problem of managing different versions of a module.

    Tags: Application Security

Question 12

12. You are a security analyst at Dion Training and you discover that an unauthorized device has been connected to the company’s network. As you investigate, you discover that the device was added so the employee could play video games during her breaks. What type of threat actor are you dealing with?

    Options:

    • Unskilled Actor
    • Shadow IT
    • Insider Threat
    • Nation-state Actor

    Overall explanation:

    • Shadow IT is a type of threat actor that is the result of unauthorized or unapproved IT systems or devices within an organization. In this case, the device may introduce security risks and compliance issues for an organization, but the employee wasn't intending any harm to the company.
    • An insider threat is a type of threat actor that has authorized access to an organization’s network, systems, or data and has variable resources/funding and level of sophistication/capability depending on their role and position. Insider threats can abuse their authorized access, leak information, sabotage operations, or collaborate with external actors. They intend to harm the company by their actions.
    • Nation-state actors are a type of threat actor that is sponsored by a government or a country's military. They normally have high resources/funding and high level of sophistication/capability, but they are not a part of the organization they attack.
    • An unskilled threat actor is one that lacks technical expertise or sophistication. Unskilled attackers often launch simple and opportunistic attacks using tools or scripts developed by others. The employee in this case may be unskilled but but the employee didn't attach the device to cause problems for the company.

    Tags: Shadow IT

Question 13

13. Which of the following motivations is MOST likely to drive a nation-state threat actor to launch an attack?

    Options:

    • Service disruption
    • Political beliefs
    • Financial Gain
    • Espionage

    Overall explanation:

    • Espionage is the act of obtaining secret or confidential information without the permission of the holder of the information. A nation-state threat actor may conduct espionage to gain strategic advantage, intelligence, or insight into their adversaries or competitors.
    • Service disruption is the act of interrupting or degrading the availability or performance of a system or network. A nation-state threat actor may conduct service disruption as part of other activities, but it is rarely their primary motivation for attacking.
    • Political beliefs may be part of a motivation for a Nation-state actor, but they are much more likely to be motivated by a desire for data or a competitive advantage.
    • Nation-state threat actors usually have extensive funding from the government or military organization that funds them, so they wouldn't have financial gain as their primary motivation for attacking.

    Tags: Nation-state Actor

Question 14

14. Which of the following is a type of attack that involves modifying the system's boot sequence to execute malicious code?

    Options:

    • Application based
    • Operating system (OS) based
    • Hardware based
    • Web based

    Overall explanation:

    • Operating system (OS) based attacks involve modifying the boot sequence or configuration of a system to execute malicious code or bypass security controls. They can allow an attacker to gain persistent and stealthy access to the system, or compromise its integrity or availability.
    • Hardware based attacks involve exploiting vulnerabilities or weaknesses in hardware devices, such as firmware, end-of-life, legacy, or hardware tampering. They can allow an attacker to alter the functionality, performance, or security of the hardware device, or install malware, backdoors, or spyware on it.
    • Application based attacks involve exploiting vulnerabilities or weaknesses in software applications, such as memory injection, buffer overflow, race conditions, or malicious updates. They can allow an attacker to alter the behavior, performance, or security of the application, or install malware, backdoors, or spyware on it.
    • Web-based attacks involve exploiting vulnerabilities or weaknesses in web servers, applications, or browsers, such as SQL injection, XSS, CSRF, or directory traversal. They can allow an attacker to access, modify, delete, or execute data or commands on the web server or the user’s browser.

    Tags: Rootkits

Question 15

15. Which of the following mitigation techniques can help enforce compliance with security standards and policies on a system or network by designating programs that are allowed to run and blocking all other programs from being run?

    Options:

    • Configuration Enforcement
    • Application allow list
    • Patching
    • Least Privilege

    Overall explanation:

    • Application allow list is a technique that can help enforce compliance with security standards and policies on a system or network by using a list of approved applications that are allowed to run and blocking all other applications that may violate the standards or policies. Application allow list involves using a list of applications that have been verified and authorized by the system or network administrator, and blocking all other applications that may not meet the security requirements or expectations of the system or network.
    • Least privilege is a mitigation technique that limits users to the level of access and privilege they need to do their work. This can limit the extent of an attack by limiting the attacker’s access and privilege to those of the compromised user. Least privilege involves applying predefined rules and permissions, such as roles, groups, and functions and enforcing the rules and permissions through mechanisms such as passwords, tokens, and biometrics. This focuses on limiting the user policies rather than the application itself.
    • Patching is a technique that can help prevent exploitation of known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements. Patching involves applying patches or updates to software and systems, but it does not use a list of approved applications that are allowed to run and block all other applications that may violate the standards or policies.
    • Configuration enforcement is a mitigation technique that can help prevent unauthorized or improper changes that increase a system or device’s vulnerability to attack. By creating predefined security standards and policies, and enforcing them, configuration enforcement helps prevent the inadvertent or purposeful creation of vulnerabilities and security risks. This focuses on the configuration settings rather than the applications used within a system.

    Tags: Technical Implications of Changes

Question 16

16. Recently, Kelly Innovations LLC launched a new web application for its clients. Jake noticed that several users reported unexpected changes to their account settings even though they hadn't made any modifications. Emily, analyzing the logs, discovered that many of the affected users were previously on various unrelated external sites just before the unexpected changes occurred. The logs show a valid session cookie for each affected user, but there was no direct user action triggering the change. Which of the following BEST describes the attack that the users of Kelly Innovations LLC's web application might be experiencing?

    Options:

    • Session token prediction
    • Cross-site request forgery
    • Session hijacking
    • Unsecured network sniffing

    Overall explanation:

    • Cross-site request forgery (CSRF or XSRF) exploits applications that use cookies to authenticate users and track sessions. In this type of attack, a victim is tricked into performing unwanted actions on a web application in which they're authenticated, without the victim necessarily having to click a link. The attacker sends an HTTP request to the victim's browser, spoofing an action on the target site, such as changing account settings.
    • A session token prediction attack focuses on identifying potential weaknesses in the generation of session tokens. If an attacker can predict the session token, they can take over a session. This type of attack is more about guessing session values rather than inducing unintended changes on behalf of authenticated users.
    • Attackers can sniff network traffic to obtain session cookies sent over an unsecured network. This would lead to session hijacking, but it does not directly cause unintended changes on a user's account as described in the scenario.
    • Session hijacking involves taking over a user's session, typically by obtaining their session cookie. While it can result in unauthorized changes, it doesn't typically involve the victim being on an external site before the unexpected change.

    Tags: XSS and XSRF

Question 17

17. During a routine audit, Enrique, a cybersecurity specialist at Kelly Innovations LLC, noticed that a specific software module was crashing unexpectedly. While inspecting further, he discovered multiple requests that contained exceedingly long strings of characters without any discernible patterns. These strings, when processed, seemed to disrupt the normal execution of the application and caused unexpected behavior. Which of the following BEST defines the type of attack Enrique observed on Kelly Innovations LLC's software application?

    Options:

    • Parameter tampering
    • Denial of service (DoS)
    • Cross-site scripting (XSS)
    • Buffer overflow

    Overall explanation:

    • Buffer overflow attacks occur when an application receives more data than it's allocated to handle, causing the excess data to overflow into adjacent memory locations. This can lead to application crashes or potentially allow an attacker to execute arbitrary code.
    • DoS attacks aim to make a system or network resource unavailable by overwhelming it with traffic. While it can cause system disruptions, it doesn't operate through buffer overflows.
    • Cross-site scripting attacks involve embedding malicious scripts into web content. These scripts are executed by unsuspecting users but are unrelated to overflowing application memory buffers.
    • Parameter tampering focuses on altering existing data parameters to change the application's expected behavior. While it involves meddling with data input, it doesn't directly cause memory overflows, as seen in Enrique's observations.

    Tags: Buffer Overflow

Question 18

18. Which of the following BEST describes a threat actor who primarily depends on commonly found tools, often easily accessible from the web or dark web?

    Options:

    • APT
    • Script kiddie
    • Ethical hacker
    • Bug bounty hunter

    Overall explanation:

    • Typically a novice in cyber-attacks, a script kiddie heavily relies on off-the-shelf tools without much understanding of how they work.
    • A Bug bounty hunter is an individual who seeks software vulnerabilities in exchange for rewards or compensation but doesn't rely solely on basic, common tools.
    • Advanced persistent threats (APTs) are often state-sponsored groups with significant resources, known for long-term, targeted attacks using a variety of sophisticated tools and techniques.
    • An ethical hacker is a cybersecurity professional who systematically attempts to penetrate systems on behalf of its owners to find vulnerabilities.

    Tags: Threat Actors

Question 19

19. Which of the following mobile device vulnerabilities that is created by installing applications from sources other than the official app store?

    Options:

    • Jailbreaking
    • Buffer overflow
    • Side loading 
    • Memory injection

    Overall explanation:

    • Side loading is a mobile device vulnerability that results from installing applications from sources other than the official app store, such as third-party websites, USB drives, or email attachments. It can expose the device to malware, spyware, or unauthorized access.
    • Memory injection is a technique that involves injecting code into a running process to alter its behavior or gain access to its memory. It can be used for malicious or legitimate purposes on mobile devices, such as debugging or hooking.
    • Buffer overflow is a type of memory corruption that occurs when a program writes more data than the allocated buffer can hold, causing it to overwrite adjacent memory locations. It can lead to crashes, code execution, or privilege escalation.
    • Jailbreaking creates a vulnerability on mobile device by bypassing the restrictions imposed by the manufacturer or provider of a device, such as an iPhone or iPad, to gain root access and install unauthorized applications or customizations. It can expose the device to malware, spyware, or unauthorized access.

    Tags: Mobile Vulnerabilities and Attacks

Question 20

20. An employee connects their smartphone to a seemingly legitimate peripheral device using Bluetooth. Unbeknownst to them, the peripheral device has been embedded with malicious firmware, allowing it to execute attacks. What kind of risk is associated with connecting to such devices?

    Options:

    • Bluesnarfing
    • Device discovery
    • Risk from malicious peripheral devices
    • Bluejacking

    Overall explanation:

    • Peripherals with malicious firmware can pose significant risks when connected. They have the potential to launch highly effective attacks. The crafting of such malicious peripherals requires extensive resources, making the risk less frequent but impactful.
    • Device discovery makes a Bluetooth device visible to others nearby. While it can increase the risk of unwanted connections, it doesn't involve the specific threat of malicious firmware in peripherals.
    • Bluejacking involves sending unsolicited messages to Bluetooth devices. It's a form of spam and doesn't refer to the risk of connecting to malicious devices.
    • Bluesnarfing is the act of exploiting Bluetooth vulnerabilities to gain unauthorized access to data on another person's device. It doesn't specifically refer to the risk of connecting to malicious peripherals.

    Tags: Bluetooth Vulnerabilities and Attacks

Question 21

21. Which of the following techniques allows an attacker to eavesdrop on a wired network by connecting their device directly to the network cables?

    Options:

    • Packet Sniffing
    • Man-in-the-middle attack
    • Port Mirroring
    • Wiretapping

    Overall explanation:

    • Wiretapping, in the context of a wired network, refers to the act of connecting directly to the network's physical infrastructure (cables) to monitor and capture data traffic. It is a direct method to eavesdrop on communications.
    • Port mirroring is a method used mainly for network troubleshooting and diagnostics. It allows a switch to send a copy of network packets to a network monitoring connection. While it can be used for nefarious purposes if misconfigured, it doesn't inherently imply malicious intent like wiretapping does.
    • Packet sniffing is the process of capturing data packets on a network. While a packet sniffer can be used maliciously, the act of packet sniffing itself doesn't specify the method of data capture or a direct connection to network cables.
    • While a Man-in-the-Middle attack involves intercepting and potentially altering communication between two parties, it doesn't necessarily require direct access to the physical network cables.

    Tags: Physical Security

Question 22

22. Sarah was passed over for a promotion again.  She has been working hard on a new device because her boss promised her a promotion and a raise.  What is the point of her hard work if she isn't going to be rewarded? She takes all of the data about the new device and puts it on the internet.  She hopes that someone will produce the new device before her company can and her company will lose all of the money they have invested in research and development.  What is her primary motivation for conducting this data exfiltration?

    Options:

    • Ethical Considerations
    • Financial Gain
    • Revenge
    • Blackmail

    Overall explanation:

    • Revenge is the desire to harm or punish someone or something that has caused injury or offense. Sarah wants to reveal the device's data so her company will lose money which will harm the company. She does this because she feels the company hasn't treated her well. Sarah didn't feel that the product or its production was unethical.
    • She didn't steal and publish the data to prevent the company from acting in an unethical manner. Her goal was the harm the company, so ethical considerations weren't a motivation.
    • Sarah published the information on the internet. She didn't try to sell it to another company or try to make any money from the data, so financial gain isn't her primary motivation for taking the data.
    • Blackmail is the act of demanding money or other benefits from someone in return for not revealing compromising or damaging information about them. Sarah published the data without giving the company an opportunity to prevent her from revealing them, so blackmail wasn't her motivation.

    Tags: Insider Threats

Question 23

23. What type of the threat actor is motivated by beliefs about politics and often targets organizations they disagree with?

    Options:

    • Unskilled Attackers
    • Nation-state Actors
    • Insider Threats
    • Hacktivists

    Overall explanation:

    • A hacktivist is a threat actor that is motivated by philosophical or political beliefs and often targets organizations or governments that they disagree with. Hacktivists may use methods such as defacement, denial-of-service, or data leakage to achieve their goals. They hope defacement and data leaks will discredit the target organizations or governments. Denial-of-service attacks will prevent the organizations and governments from communicating and functioning.
    • Insider Threats are threat actors that have authorized access to an organization’s network, systems, or data. They are often current or former employees who are motivated by revenge, greed, or ideology. Insider Threats may abuse their privileges, leak information, sabotage operations, or collaborate with external actors in order to undermine an organization.
    • Unskilled Attackers are threat actors that have little or no technical skills and are motivated by curiosity, boredom, or personal gain. Unskilled Attackersmay use tools or scripts developed by others to launch attacks without understanding how they work.
    • Nation-state Actors are a type of threat actor that is sponsored by a government or a military and are motivated by gaining information through espionage, conducting warfare, or gaining influence. Nation-state Actors may target other countries, organizations, or individuals that pose a threat to or have different interests than the government that sponsors the Nation-state Actors.

    Tags: Hacktivists

Question 24

24. Natasha, a systems administrator, was alerted about an issue on a company server. Despite the server appearing to operate normally, there were reports of unauthorized access to sensitive data. Upon inspection, Natasha noticed that standard tools like tasklist and netstat were not showing any unauthorized processes or connections. However, she discovered some oddly named system files that closely resembled genuine system executables. Which of the following types of malware is Natasha MOST likely dealing with?

    Options:

    • Virus
    • Spyware
    • Ransomware
    • Rootkit

    Overall explanation:

    • Rootkits can conceal their presence by compromising system files and programming interfaces. The odd system files that resemble genuine executables are indicative of a rootkit's attempt to disguise its presence.
    • Ransomware focuses on encrypting user files and demanding a ransom for their decryption. There's no mention of encrypted files or ransom demands.
    • Spyware is designed to monitor user behavior and capture data but doesn't typically hide processes or connections in the manner described.
    • A virus attaches itself to a legitimate program and spreads, but the concealment tactics described are more in line with rootkits.

    Tags: Rootkit

Question 25

25. Cerys is investigating an incident.  She found a hidden program that monitors the network traffic and captures sensitive information. Which of the following types of malware is MOST likely involved in this incident?

    Options:

    • Ransomware
    • Worm
    • Trojan
    • Spyware

    Overall explanation:

    • Spyware is a type of malware that monitors the network traffic and captures sensitive information, such as passwords, credit card numbers, or personal details.
    • Ransomware is a type of malware that encrypts the data or files on a system and demands a ransom for their decryption or restoration.
    • A Trojan is a type of malware that disguises itself as a legitimate or benign program, but performs malicious actions when executed, such as creating a backdoor for remote access or control.
    • A worm is a type of malware that self-replicates and spreads to other systems or networks without user interaction.

    Tags: Spyware

Question 26

26. You are working remotely and you need to access your company’s network resources. You connect to a public Wi-Fi hotspot at a nearby coffee shop and use a VPN client to establish a secure connection. However, you notice that the VPN client is outdated and has not been updated for several months. What type of vulnerability are you exposing yourself to?

    Options:

    • Default credentials
    • Vulnerable software
    • Open service ports
    • Unsecure networks

    Overall explanation:

    • Vulnerable software is software that has known or unknown flaws that can be exploited by attackers to gain unauthorized access or cause harm. Outdated software may have unpatched vulnerabilities that can compromise the security of the system or the network.
    • Default credentials are usernames and passwords that are set by default for certain devices or applications. Default credentials can be easily guessed by attackers and used to gain access to the system or the network.
    • Open service ports are ports that are listening for incoming connections from other systems or devices. Open service ports can expose services that may have vulnerabilities or allow unauthorized access to the system.
    • Unsecure networks are networks that do not have adequate security measures, such as encryption, authentication, or firewall, to protect the data transmitted over them. Public Wi-Fi hotspots are examples of unsecure networks that can be intercepted by attackers, however, in this case, you are using a VPN which provides security for the connection.

    Tags: Vulnerabilities and Attacks

Question 27

27. Dion Training's hardware devices were compromised and sensitive data was stolen. Upon investigation, it was discovered that an attacker was able to exploit a vulnerability in the device's low-level software. Which of the following vulnerabilities BEST describes this scenario?

    Options:

    • Legacy hardware
    • Hardware failure
    • Firmware vulnerability
    • End-of-life hardware

    Overall explanation:

    • A firmware vulnerability is a weakness in the low-level software that controls hardware devices, which can be exploited by an attacker to gain unauthorized access or cause harm.
    • End-of-life hardware refers to hardware devices that are no longer supported by the vendor and may be vulnerable to known attacks, but this does not directly relate to low-level software vulnerabilities.
    • Hardware failure can affect the availability and functionality of hardware devices, but it does not directly relate to low-level software vulnerabilities.
    • Legacy hardware refers to outdated hardware devices that may be vulnerable to known attacks, but this does not directly relate to low-level software vulnerabilities.

    Tags: Vulnerabilities and Attacks

Question 28

28. Which of the following is a type of message-based attack that involves sending fraudulent voice calls to trick recipients into revealing sensitive information or performing certain actions?

    Options:

    • IM
    • Smishing
    • Phishing
    • Vishing

    Overall explanation:

    • Vishing is a type of message-based attack that involves sending fraudulent voice calls to trick recipients into revealing sensitive information or performing certain actions.
    • Smishing is a type of message-based attack that involves sending fraudulent text messages to trick recipients into revealing sensitive information or clicking on malicious links.
    • IM is a type of message-based attack that involves sending fraudulent instant messages to trick recipients into revealing sensitive information or clicking on malicious links.
    • Phishing is a type of message-based attack that involves sending fraudulent emails to trick recipients into revealing sensitive information or clicking on malicious links.

    Tags: Phishing Attacks

Question 29

29. Which mitigation technique involves shutting off specific entry and exit points in a system to prevent potential vulnerabilities or unauthorized access?

    Options:

    • Encryption
    • Disabling ports
    • Monitoring
    • Segmentation

    Overall explanation:

    • Disabling ports is the act of turning off specific communication points in a system to reduce potential vulnerabilities or halt unauthorized access.
    • Monitoring is the continuous observation and checking of a system or network to ensure its functionality and security. It is not directly related to shutting off communication points.
    • Segmentation is the dividing a network into different parts or segments for security and performance enhancement, but not specifically about shutting off communication points.
    • Encryption is the process of converting data into a code to prevent unauthorized access. It doesn't deal with turning off specific entry or exit points in a system.

    Tags: Hardening

Question 30

30. Which of the following mitigation techniques can help reduce the exposure of systems to potential attacks by turning off unneeded or unwanted network communication channels?

    Options:

    • Changing Default Passwords
    • Patching
    • Disabling ports and protocols
    • Removing unnecessary software

    Overall explanation:

    • Disabling ports and protocols is a hardening technique that can help reduce exposure to potential attacks. This can be done on firewalls, switches, routers, and hosts to close or block any network ports or protocols that aren’t needed for the normal operation of the systems and devices. Ports are numerical identifiers that specify the destination or source of network traffic, and protocols are rules or standards that define how network traffic is formatted or transmitted.
    • Removal of unnecessary software is a hardening technique that can help reduce the attack surface of systems and devices by removing unused or unneeded. The more software that is on a system, the more exposure there is to vulnerabilities. If the software is not needed or used, there is no purpose in having extra exposure to vulnerabilities. While this will harden the system, it doesn't alter the channels of communication.
    • Patching is a mitigation technique that can help prevent exploitation of known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements. Patching involves applying patches or updates to software and systems. This doesn't involve turning off or blocking any network communication channels that are not needed or used.
    • Default password changes is a hardening technique that can help prevent some password attacks on systems and devices.  This is done by changing the default or factory-set passwords that may be easily cracked by automated tools or dictionaries because they are often reused or drawn from a small pool of passwords. Password managers, password generators, and security policies can be used to create and enforce the use of strong and unique passwords for each system and device. This will protect the system, but doesn't alter the channels of communication.

    Tags: Hardening

Question 31

31. Which of the following mitigation techniques can help reduce the attack surface of systems by uninstalling unused applications?

    Options:

    • Removal of unnecessary software
    • Disabling Ports and Protocols
    • Patching
    • Decommissioning

    Overall explanation:

    • Removal of unnecessary software is a hardening technique that can help reduce the attack surface of systems and devices by removing unused or unneeded. The more software that is on a system, the more exposure there is to vulnerabilities. If the software is not needed or used, there is no purpose in having extra exposure to vulnerabilities.
    • Patching is a mitigation technique that can help prevent exploitation of known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements. Patching involves applying patches or updates to software and systems. Patching software is good to do, but if you aren't using the software, removing it is more effective than patching it.
    • Decommissioning is a mitigation technique that can help reduce the risk of data breaches or theft by properly disposing of systems and devices that are no longer needed or used. Decommissioning involves following a set of procedures to erase or destroy any sensitive data stored on the systems and devices, and to physically dispose of them in a safe and environmentally friendly manner. It is used for hardware that is no longer needed, not for unneeded software.
    • Disabling ports and protocols is a hardening technique that can help reduce exposure to potential attacks. This can be done on firewalls, switches, routers, and hosts to close or block any network ports or protocols that aren’t needed for the normal operation of the systems and devices. Ports are numerical identifiers that specify the destination or source of network traffic, and protocols are rules or standards that define how network traffic is formatted or transmitted. This is a good practice, but doesn't involve removing software from the system.

    Tags: Hardening

Question 32

32. Which of the following technologies allows running code without managing any underlying infrastructure?

    Options:

    • Virtualization
    • Infrastructure as code
    • Software Defined Networking (SDN)
    • Serverless

    Overall explanation:

    • Serverless is an architecture model that allows running code without managing any underlying infrastructure. It can offer benefits such as flexibility, scalability, cost-efficiency, and security.
    • Virtualization is a technology that allows creating multiple virtual machines or environments on a single physical device, not running code without managing any underlying infrastructure.
    • Software-defined networking (SDN) is a network technology that involves dynamically configuring and managing network devices and services through software, not creating multiple isolated environments on a single physical device.
    • Infrastructure as code (IaC) is a method of managing and provisioning IT infrastructure through code, not running code without managing any underlying infrastructure.

    Tags: Serverless

Question 33

33. To enhance the privacy of its users, Kelly Innovations LLC is considering a system that can act as an intermediary for internet requests, hiding the origin of the request from the destination server. Which solution would BEST fit this purpose?

    Options:

    • Router
    • Jump server
    • Proxy server
    • Intrusion prevention system (IPS)

    Overall explanation:

    • A proxy server sits between a client and the destination server, forwarding requests and responses on behalf of the client. By doing this, it can effectively mask the client's IP address, providing a level of privacy and anonymity.
    • Routers forward data packets between computer networks and direct traffic on the internet. Though they can be configured for certain security tasks, they don't inherently mask the origin of internet requests like a proxy server does.
    • While an IPS monitors and blocks malicious traffic, it does not act as an intermediary for general internet requests or mask the origin of those requests.
    • A jump server facilitates administrative access to an environment but isn't designed to forward and mask internet requests from clients to destination servers.

    Tags: Network Appliances

Question 34

34. Which of the following architecture models involves using a combination of cloud and on-premises resources to deliver services and applications?

    Options:

    • Decentralized
    • Virtualization
    • Serverless
    • Hybrid

    Overall explanation:

    • Hybrid is an architecture model that involves using a combination of cloud and on-premises resources to deliver services and applications. It can offer benefits such as flexibility, scalability, cost-efficiency, and security.
    • Decentralized is a network design that distributes the control and authority among multiple nodes or entities, not using a combination of cloud and on-premises resources.
    • Serverless is an architecture model that involves running code without provisioning or managing servers, not using a combination of cloud and on-premises resources.
    • Virtualization is a technology that allows creating multiple virtual machines or environments on a single physical device, not using a combination of cloud and on-premises resources.

    Tags: Security Architecture

Question 35

35. Which of the following is designed to provide electricity for an extended period during power outages and relies on fuel sources such as diesel or natural gas?

    Options:

    • Generators
    • UPS
    • Surge protectors
    • Power inverters

    Overall explanation:

    • Generators convert fuel into electricity and are designed to provide power backup for extended periods during outages. They can sustain operations until regular power is restored.
    • Power inverters convert direct current (DC) to alternating current (AC) for use with appliances. While they can change the type of current, they don't provide backup power on their own during outages.
    • A UPS (Uninterruptible Power Supply) offers immediate short-term power protection from input power interruptions, typically from batteries, ensuring devices can either be shut down properly or switched to a generator. They can't provide power for long durations.
    • Surge protectors protect devices from voltage spikes but do not provide any power backup. They ensure equipment safety from electrical surges but don't aid during power outages.

    Tags: Powering Data Centers

Question 36

36. Which of the following methods converts original data into a coded format to prevent unauthorized access and requires a key to decode it?

    Options:

    • Tokenization
    • Encryption 
    • Hashing
    • Compression

    Overall explanation:

    • Encryption transforms data into a coded format using specific algorithms and a key. Only those possessing the correct key can decrypt and access the original data, making it a primary means to secure information against unauthorized access.
    • Tokenization replaces sensitive data with non-sensitive placeholders or "tokens." While it hides original data, it doesn’t convert the entire data set into a coded format. Tokenized data often remains on-premise, with the original data stored securely offsite.
    • Compression reduces the size of data to save space or accelerate transmission. Though it changes the data format, its primary purpose isn't security. Compressed data can typically be decompressed without a specific key.
    • Hashing converts data into a fixed-length string of characters, typically a hash value. Hashing is one-way; once data is hashed, it can’t be reversed to its original form. Hashing is more about data integrity and verification than preventing unauthorized access.

    Tags: Encryption Tools

Question 37

37. Dion Training is optimizing its wireless network infrastructure. They have deployed multiple Wireless Access Points (WAPs), each identified by a unique MAC address (BSSID), and operating in different radio bands. To secure and ensure optimal performance of the network, which of the following principles should Dion Training prioritize in the placement and configuration of the WAPs?

    Options:

    • Utilizing unique service set identifiers (SSIDs)
    • Increasing the number of access points
    • Minimizing co-channel and adjacent channel interference 
    • Operating exclusively in 5 GHz band

    Overall explanation:

    • Avoiding co-channel interference (CCI) and adjacent channel interference (ACI) is crucial for optimal wireless network performance. By carefully selecting and spacing channels, the company can reduce errors, re-transmissions, and bandwidth loss, securing and enhancing the network's efficiency.
    • While having unique SSIDs helps in identifying different networks, it does not directly address interference issues or optimize the performance of the wireless network.
    • While the 5 GHz band is less crowded and offers more channels, exclusively operating in this band does not prevent interference if channel spacing is not correctly managed.
    • Merely increasing the number of WAPs without proper channel management could exacerbate interference issues, reducing the overall performance and security of the wireless network.

    Tags: Wireless Infrastructure Security

Question 38

38. Given that cloud architecture provides dynamic resource allocation, which of the following security considerations is MOST critical when dealing with the compute component?

    Options:

    • Implementing strong user authentication.
    • Limiting the number of virtual machines.
    • Ensuring isolation between different instances. 
    • Frequent backup of workload data.

    Overall explanation:

    • As the cloud provides resources abstracted from physical hardware, maintaining strict isolation between different workload instances ensures that one instance's vulnerabilities or threats don't compromise another. Breaching this isolation could allow lateral movement within the cloud environment.
    • While essential for security, user authentication is more about controlling access than directly dealing with the compute resource's dynamic allocation in the cloud.
    • Backup strategies are crucial for data integrity and recovery, but they don't address the specific security concerns introduced by the dynamic resource allocation of compute components.
    • Restricting the number of VMs might conserve resources, but it doesn't directly address the inherent security implications of on-demand compute allocation in a cloud environment.

    Tags: Cloud Security

Question 39

39. Which of the following architecture models involves deploying applications as independent services that communicate with each other through well-defined APIs?

    Options:

    • Serverless
    • Infrastructure as code (IaC)
    • Microservices
    • Cloud

    Overall explanation:

    • Microservices is an architecture model that involves deploying applications as independent services that communicate with each other through well-defined APIs. Microservices can improve performance, scalability, and security of applications, but they also introduce complexity, dependency, and communication challenges.
    • Infrastructure as code (IaC) is a method that involves using code or configuration files to automate the provisioning and management of infrastructure. It does not involve deploying applications as independent services that communicate with each other.
    • Serverless is an architecture model that involves running code without provisioning or managing servers. It does not involve deploying applications as independent services that communicate with each other.
    • Cloud is an architecture model that involves delivering computing services over the internet. It does not involve deploying applications as independent services that communicate with each other.

    Tags: Microservices

Question 40

40. To protect customers' financial records and adhere to standards set to prevent money laundering and fraud, which of the following is the BEST strategy a bank should adopt?

    Options:

    • Integration of multi-factor authentication for user access
    • Creating a schedule for the creation of regular encrypted data backups
    • Strict adherence to AML/KYC regulations and secure data storage
    • Continuous security monitoring and intrusion detection systems

    Overall explanation:

    • A dual-focused approach where adherence to Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations ensures the bank's practices are in line with legal requirements, while secure data storage measures guarantee customers' financial details remain confidential and protected from breaches.
    • While continuous security monitoring and intrusion detection systems actively observes, logs, and notifies on potential security threats, it does not offer a comprehensive approach towards meeting the specific requirements of financial regulations like AML/KYC.
    • Though adding robustness to the authentication process by requiring users to provide multiple pieces of evidence to access financial data, this method doesn't directly address the regulatory needs of AML/KYC.
    • Creating a schedule for the creation of regular encrypted data backups ensures data remains recoverable in the event of losses and providing an added layer of security through encryption, this approach doesn't focus on the prevention of fraudulent activities or adherence to anti-money laundering regulations.

    Tags: Standards

Question 41

41. A water treatment facility relies on SCADA systems for automation. This environment can introduce which of the following security vulnerabilities?

    Options:

    • Legacy protocols without encryption.
    • Built for multicore processing.
    • Over-reliance on sandboxing.
    • Frequent OS patching.

    Overall explanation:

    • Many SCADA systems utilize legacy communication protocols that lack modern security features, making them vulnerable to unauthorized interception or tampering.
    • Sandboxing is a method to run untrusted codes. This concern isn't directly associated with the innate vulnerabilities in SCADA systems.
    • SCADA systems tend to have infrequent updates, not frequent OS patching.
    • While multicore processing can improve performance, it's not a direct security concern linked to SCADA.

    Tags: ICS and SCADA

Question 42

42. In security architecture, which approach is considered the BEST option for protecting stored data?

    Options:

    • Parallel processing
    • Encryption
    • Backups
    • Infrastructure

    Overall explanation:

    • Encryption is the best option as it transforms data into an unreadable format for unauthorized users, thereby safeguarding it from unauthorized access.
    • Parallel processing involves using multiple CPUs to process different parts of a bigger task. It requires the task to be broken into separate parts. The benefits of parallel processing include greater speed and greater fault tolerance. In addition, it can be cheaper because using several lower performance CPUs may mean that an expensive, higher performance CPU isn’t needed. It isn't a method used to keep data at rest.
    • Infrastructure refers to the physical and organizational structures needed for the operation of a system, but it does not provide protection for stored data like encryption.
    • While backups are important for data recovery, they do not provide the same level of protection for stored data that encryption does, as they don't prevent unauthorized access.

    Tags: Data States

Question 43

43. Which of the following methods BEST ensures the security of data at rest?

    Options:

    • Encryption and access control lists (ACLs). 
    • Only using passwords for access.
    • Regular backups without encryption.
    • Storing in remote locations.

    Overall explanation:

    • Data at rest, such as that found in databases, archived media, or configuration files, can be vulnerable to unauthorized access. To protect this data, organizations commonly employ encryption methods. This can range from whole disk encryption to database or individual file/folder encryption. Additionally, by setting up access control lists (ACLs), organizations can ensure that only authorized individuals can access or modify the stored data.
    • While regular backups are essential for data recovery, they do not inherently provide protection against unauthorized access or modification.
    • Storing data remotely might offer some physical security benefits, but it doesn't address the core concerns of unauthorized access or tampering.
    • While passwords provide a level of security, they are not comprehensive methods for protecting data at rest, especially when compared to encryption and ACLs.

    Tags: Data States

Question 44

44. A company intends to systematize its document access in a way that email marketing team would only be able to access and edit marketing-related documents, whereas the finance team could access only financial documents. What should the company implement to achieve this?

    Options:

    • Obfuscation
    • Data Sovereignty
    • Permission restrictions
    • Segmentation

    Overall explanation:

    • Implementing permission restrictions would allow a company to dictate who has access to specific documents, ensuring that members of a team only have access to the documents they need.
    • Segmentation is the dividing of a network into subnetworks to improve security. It doesn't divide employees into sets of roles for the purpose of access.
    • Obfuscation is the hiding or camouflaging of information to prevent access to it. In this case, the data is available to be viewed for the people who have access to it.
    • Data Sovereignty is the concept that the laws of the country in which the data is collected will control the ways in which the data can be used, processed, and stored. Countries may set regulations about information that is collected within the country. They can also set regulations about how businesses store and use Personal Identifying Information about citizens of their country even when the businesses are located in other countries. For example, if a business will be collecting information about citizens of the European Union (EU), the business must obey the EU’s laws regarding the storage, use, and processing of that data.

    Tags: Assigning Permissions

Question 45

45. Which of the following data considerations pertains to data that is currently being processed by a computer?

    Options:

    • Data at Rest
    • Data in Use
    • Data Sovereignty
    • Data in Transit

    Overall explanation:

    • Data in Use refers to active data which is currently being processed or manipulated by a computer.
    • While Data in Transit involves data movement, it doesn’t specifically refer to data being processed by a computer.
    • Data at Rest indicates data that is not currently being processed or moved, typically stored data.
    • Data Sovereignty governs the jurisdiction and legalities of data based on its geographical location, not its active usage.

    Tags: Data States

Question 46

46. In an IoT architecture, which of the following is a critical consideration to secure connected devices from vulnerabilities?

    Options:

    • Embedded Systems
    • Availability
    • Power
    • Patch Availability

    Overall explanation:

    • IoT (Internet of Things) architectures are unique because they encompass a vast array of interconnected devices, from smart refrigerators and thermostats to security cameras and wearable devices. This vast and diverse ecosystem makes patch availability an integral aspect of maintaining security. For IoT architectures, ensuring patch availability is critical, as timely updates can secure devices by fixing vulnerabilities and protecting against potential exploits.
    • While power is a consideration in IoT, it primarily affects the operational aspect of devices rather than directly addressing their security through vulnerability management.
    • Embedded systems are a type of computing platform used in IoT, but the term doesn’t directly refer to the consideration of securing devices.
    • Availability in IoT architectures means that the systems can be accessed when needed. Availability doesn’t directly address the securing of devices. Patch management is an important factor ins securing IoT architectures.

    Tags: Internet of Things (IoT)

Question 47

47. Dion Training Solutions is aiming to optimize their wide-area network (WAN) while ensuring advanced network management and performance optimization. They are considering a solution that can be deployed both on-premises and in the cloud. Which of the following technologies would BEST match their requirements?

    Options:

    • AH
    • SD-WAN 
    • TLS
    • SASE

    Overall explanation:

    • SD-WAN (Software-defined wide area network) provides centralized network management, flexible routing, and traffic management capabilities. It can be hosted both on-premises and in the cloud, giving it an edge for comprehensive WAN optimization.
    • AH (Authentication header) is a protocol component of IPSec which offers packet integrity but does not specifically cater to WAN optimization or management.
    • TLS (Transport Layer Security) operates at the application layer and is primarily used for securing application-level communication. It doesn't offer WAN optimization or centralized network management.
    • While SASE offers both network security and WAN capabilities, its primary selling point is as a cloud-based solution that integrates both. It doesn't focus solely on WAN performance optimization.

    Tags: SD-WAN and SASE

Question 48

48. Which of the following statements BEST explains the importance of Root Cause Analysis in incident response?

    Options:

    • Root Cause Analysis involves removing the root cause of the incident from affected systems and networks to prevent its recurrence.
    • Root Cause Analysis helps to understand how the incident occurred and how to prevent similar incidents in the future. 
    • Root Cause Analysis helps determining how severe and incident would be and how it would impact the organization.
    • Root Cause Analysis determines the individuals or groups responsible for the incident and helps in legal proceedings.

    Overall explanation:

    • Root Cause Analysis is crucial in incident response as it helps to understand how the incident occurred, what vulnerabilities were exploited, and how to prevent similar incidents in the future. By identifying the root cause, organizations can address underlying weaknesses in their security measures and implement necessary improvements to enhance their overall security posture.
    • Root Cause Analysis is not primarily focused on identifying and classifying incidents based on their severity and impact. That activity is part of the "Detection" phase in the incident response process.
    • While identifying the individuals or groups responsible for the incident might be valuable for legal proceedings, Root Cause Analysis is primarily focused on understanding how the incident occurred and how to prevent similar incidents in the future.
    • Removing the root cause of the incident to prevent recurrence is part of the "Eradication" phase in the incident response process, not the primary purpose of Root Cause Analysis.

    Tags: Incident Response Process

Question 49

49. Which of the following terms refers to a scenario where a potentially harmful or malicious event goes undetected by a system or tool, resulting in no alert or action being taken?

    Options:

    • Open-source intelligence (OSINT)
    • Threat feed
    • False negative 
    • False positive

    Overall explanation:

    • A false negative arises when a security system fails to detect a genuine threat or malicious action, allowing potentially harmful activities to continue without intervention.
    • A false positive occurs when a security measure mistakenly identifies a legitimate action as malicious or a threat, potentially leading to unnecessary corrective actions or alerts.
    • A threat feed provides a continuous stream of data regarding potential threats, used to enhance and inform cybersecurity measures.
    • Leveraging publicly available data sources to gather information about targets, Open-source intelligence (OSINT) provides insights without violating any laws.

    Tags: Analyzing Vulnerabilities

Question 50

50. Which of the following reasons MOST accurately describes the significance of implementing a data retention policy?

    Options:

    • They ensure compliance with legal and regulatory requirements. 
    • They reduce storage costs over time by ensuring that too much data isn't kept.
    • They speed up data recovery processes by allowing faster incremental and differential backups.
    • They enhance system performance by regular data deletion.

    Overall explanation:

    • A proper data retention policy helps organizations maintain and dispose of data in accordance with laws, regulations, and industry standards, preventing potential legal consequences.
    • While removing extraneous data can enhance system efficiency, it isn't the most relevant choice among the given alternatives.
    • Data retention policies may streamline data structures, but the primary goal isn't necessarily to speed up recovery processes.
    • While a data retention policy can lead to cost savings by disposing of unnecessary data, its primary purpose is not usually financial.

    Tags: Data Redundancy

Question 51

51. Dion Solutions, an e-commerce platform, has decided to overhaul its user authentication system. Instead of relying on traditional passwords, they want to provide users with an option where their online account credentials are proven only when they unlock their biometric-enabled laptops, all underpinned by public key cryptography. By doing this, users won't need to remember or enter passwords for their accounts. Which of the following BEST describes this authentication solution?

    Options:

    • Password vault
    • Passkey
    • Hardware token 
    • CAPTCHA

    Overall explanation:

    • The passkey system boosts sign-in security. It operates on the principle of public key cryptography, and proof of credential ownership is given only when the user unlocks their device.
    • CAPTCHA is a test to determine whether the user is human, often using distorted images of letters and numbers.
    • A password vault is a software program that stores and manages users' passwords in an encrypted format.
    • A hardware token is a physical device that generates or stores credentials for user authentication.

    Tags: Multifactor Authentication (MFA)

Question 52

52. Jason, the CTO of Dion Training Solutions, wants to standardize and simplify the web filtering solutions currently in use across the organization's various branches. He also hopes to have a consolidated view of web traffic reports. Which of the following would BEST meet Jason's needs?

    Options:

    • Deploying local firewalls at each branch.
    • Increasing the frequency of software updates.
    • Implementing a centralized proxy. 
    • Adopting a cloud-based storage solution.

    Overall explanation:

    • A centralized proxy allows for the uniform application of web filtering policies across multiple branches and provides consolidated reporting, making management more efficient and streamlined.
    • Local firewalls can control traffic at each location, but they don't provide the centralized management and reporting that Jason is seeking.
    • While regular updates are essential for security, they don't necessarily provide a standardized web filtering approach or consolidated reporting.
    • Cloud-based storage solutions focus on storing and managing data and don't address the need for centralized web filtering or reporting.

    Tags: Network Appliances

Question 53

53. Frozzbozz Recording has experienced an increase in malware infections. To improve its cybersecurity capabilities, the company has decided to implement URL scanning capabilities in its network. Which of the following choices BEST explains why the company would implement URL scanning?

    Options:

    • URL scanning automatically keeps employee browsers up to date to reduce accessing illegitmate websites.
    • Implementing URL scanning will help reduce email phishing attacks.
    • URL scanning will prevent employees from accessing URLs that are on the company's deny list.
    • Implementing URL scanning provides more sophisticated tools to block access to the internet while at work.

    Overall explanation:

    • The main significance of implementing URL scanning in the given scenario is its ability to identify and block malicious URLs in real-time including any URL that appears in an email. This will help reduce email phishing attacks.
    • URL scanning is not responsible for updating or patching browsers. Its primary focus is on analyzing and filtering URLs for security threats.
    • URL scanning is not primarily responsible for encrypting web traffic. While encryption is essential for protecting sensitive data during transmission, URL scanning's main purpose is to identify and block malicious URLs.
    • While URL scanning can block access to certain malicious websites, its primary focus is on scanning and filtering URLs for malicious content rather than blocking access to all websites.

    Tags: Web and DNS Filtering

Question 54

54. As a security analyst, you are examining endpoint logs while investigating a malware attack incident. Which of the following pieces of information is NOT typically captured in the endpoint log data?

    Options:

    • Amount of available storage space on the device 
    • Files and applications accessed
    • Time and date of system and application events
    • User login activities

    Overall explanation:

    • Endpoint logs typically do not monitor or record the amount of available or used storage space on a device. While this information could be useful for understanding system performance, it is not typically relevant or captured for security investigations.
    • Time and date of system and application events are essential components of log data. They help establish timelines for events, correlate incidents across multiple systems, and identify unusual patterns of activity.
    • Files and applications accessed are commonly logged and can provide insights when investigating events such as unauthorized access, data exfiltration, or malware infection.
    • User login activities are usually captured in endpoint logs. This includes when and by whom a system is accessed, failed access attempts, and logout times; these are crucial when investigating potential unauthorized access or insider threats.

    Tags: Endpoint Logs

Question 55

55. A software development company regularly releases software updates to its global customer base. Recently, some customers reported receiving unauthorized and potentially malicious software updates. The company wants to implement a security technique to ensure the authenticity and integrity of its software updates when delivered to customers.

    Options:

    • Antivirus Scanning
    • Multi-factor Authentication
    • Code Signing 
    • Intrusion Detection System

    Overall explanation:

    • Code signing is a security technique that allows software developers to digitally sign their software updates before distribution. By using cryptographic signatures, code signing ensures the authenticity and integrity of the software updates. When customers receive the updates, their systems can verify the signature to confirm that the update came from a trusted source and that it has not been altered during transmission. Code signing is an effective way for the company to guarantee the legitimacy of its software updates and protect customers from potentially malicious or unauthorized modifications.
    • An Intrusion Detection System (IDS) is a security solution that monitors network traffic and system activities to detect suspicious or malicious behavior. While IDS is valuable for identifying potential security incidents, it primarily focuses on network-level security and does not directly address the authenticity and integrity of software updates. Although it is essential for the company to have an IDS for its overall security infrastructure, it is not the most appropriate technique for ensuring the legitimacy of software updates.
    • Multi-factor authentication (MFA) is a security method that requires users to provide two or more forms of identification before accessing a system. MFA is commonly used to enhance user authentication and access control. However, it is not directly related to verifying the authenticity and integrity of software updates when delivered to customers. MFA does not address the process of ensuring that the software updates are coming from a trusted source and have not been tampered with during distribution. Therefore, while MFA is a valuable security measure, it is not the most suitable technique for the company's current objective.
    • Antivirus scanning is a security measure that involves using antivirus software to detect and remove malware from a system. While antivirus scanning is crucial for protecting computers from known malware, it does not directly address the authenticity and integrity of software updates. It focuses on identifying and removing existing malware but does not ensure that the software updates are legitimate and have not been tampered with during distribution. Therefore, antivirus scanning is not the most suitable technique for the company's objective.

    Tags: Application Security

Question 56

56. Reed, an IT manager at Kelly Innovations LLC, found out that a popular password-cracking tool was easily deciphering many user passwords. He suspects this is due to users relying on easily guessable patterns and words. What is the BEST approach for Reed to ensure that passwords are not easily decipherable?

    Options:

    • Implementing multi-factor authentication.
    • Increasing the frequency of mandatory password changes.
    • Switching to a different encryption algorithm for stored passwords.
    • Mandating increased complexity in passwords.

    Overall explanation:

    • By forcing users to incorporate a variety of characters, the predictability of passwords is decreased, making them harder to crack.
    • Frequent password changes can lead to user fatigue and might not ensure complexity in chosen passwords.
    • Though MFA greatly improves account security, it doesn't guarantee that the password component is complex.
    • While important for overall security, changing encryption algorithms won't necessarily make individual passwords more complex.

    Tags: Password Security

Question 57

57. In the CVSS metric framework, which determines if the attacker must rely on user interaction, like a user opening a malicious email attachment, for successful exploitation?

    Options:

    • AC
    • AV
    • UI 
    • PR

    Overall explanation:

    • The UI (User Interaction) metric specifies whether an attack can be executed solely by the attacker or if it necessitates user involvement to succeed.
    • The AC (Attack Complexity) metric describes the conditions that must be met for an exploit to work but doesn't revolve around user behavior.
    • AV (Attack Vector) specifies the context of the exploit, like local or network-based, rather than user involvement.
    • The Privileges Required (PR) metric measures the level of privileges an attacker must have to exploit the vulnerability, not user interaction.

    Tags:

Question 58

58. Kelly Innovations LLC is collaborating with an external cybersecurity firm for a penetration testing exercise. After identifying critical weaknesses in their web applications, which action is essential for the cybersecurity firm to undertake before concluding the exercise?

    Options:

    • Training Kelly Innovations' employees on cybersecurity best practices.
    • Deploying a firewall on Kelly Innovations' web servers.
    • Delivering a detailed penetration test report to Kelly Innovations. 
    • Implementing immediate patches for identified vulnerabilities.

    Overall explanation:

    • Delivering a detailed penetration test report to Kelly Innovations outlines the vulnerabilities discovered, exploitation methods used, potential business impacts, and remediation recommendations.
    • While firewalls provide an added layer of security, the primary role of the cybersecurity firm in this context is to report on the vulnerabilities discovered, not to deploy solutions.
    • While important, immediate patching is typically the responsibility of the organization's IT team, not the external cybersecurity firm.
    • Although employee training is valuable, training is not the direct responsibility of the external firm post-penetration testing.

    Tags: Penetration Testing

Question 59

59. You are an IT security manager for an enterprise that deals with sensitive customer information and intellectual property. The organization is concerned about data loss through email and removable storage devices. As a security manager, you recommend implementing a Data Loss Prevention (DLP) solution to enhance security. Which of the following configurations would be the MOST effective way to implement Data Loss Prevention (DLP) for the given scenario?

    Options:

    • Using the DLP solution solely for monitoring purposes without implementing any preventive measures.
    • Configuring the DLP solution to scan all outbound emails and files leaving the organization for sensitive information. 
    • Enabling the DLP solution to block all email attachments and USB storage devices to prevent data leakage.
    • Implementing DLP on endpoints with a focus on monitoring and preventing data transfers between internal users.

    Overall explanation:

    • Configuring the DLP solution to scan outbound emails and files leaving the organization allows it to identify sensitive information and prevent data loss effectively. By scanning outgoing communications, the DLP solution can detect and block any attempts to transmit sensitive data outside the corporate network, reducing the risk of data breaches while still allowing legitimate business activities to proceed.
    • While blocking all email attachments and USB storage devices might prevent data leakage, it can also severely disrupt legitimate business operations. Employees often need to share files through email attachments, and USB storage devices can be essential for productivity.
    • Completely blocking these functionalities may hinder day-to-day operations without providing a more targeted security approach. While monitoring internal data transfers is essential for some organizations, the primary concern stated in the scenario is data loss through email and removable storage devices. Focusing on internal transfers might not adequately address the main security issue at hand, which is preventing sensitive data from leaving the organization through email or removable storage.
    • While monitoring is a crucial aspect of DLP, the real value of DLP lies in its ability to prevent data loss incidents. Without implementing any preventive measures, the organization would miss the opportunity to stop data leakage in real-time and potentially expose sensitive information to unauthorized recipients.

    Tags: Data Loss Prevention (DLP)

Question 60

60. As a security analyst, you are investigating a suspicious file activity incident. While examining metadata associated with different files, which of the following pieces of information is NOT typically presented in metadata?

    Options:

    • Date and time of last modification
    • File size
    • File's creator
    • The file extension of the file

    Overall explanation:

    • Metadata does NOT normally include the file's extension.
    • The name of the user who created the file is often included as part of the file's metadata. This is crucial information during an investigation of unauthorized file access or alteration.
    • Date and time of last modification is an integral part of metadata. This can help establish timelines of activity and identify any unexpected changes, which is crucial during an investigation.
    • File size is a common piece of metadata. This could potentially be useful in an investigation if, for example, a file's size significantly changes without a clear reason.

    Tags: Metadata

Question 61

61. Which of the following activities BEST explains the eradication phase in the incident response process?

    Options:

    • Taking steps to prevent any recurrence of the problem. 
    • Identifying and classifying incidents based on their impact to the organization.
    • Brainstorming ideas to get rid of potential security problems.
    • Analyzing the evidence and determining the root cause of the incident.

    Overall explanation:

    • The "Eradication" phase in the incident response process involves removing the root cause of the incident from affected systems and networks to prevent its recurrence. This phase is crucial to ensure that the incident does not resurface and cause further damage to the organization.
    • Identifying and classifying incidents based on their severity and impact to the organization is part of the "Detection" phase in the incident response process. This phase involves recognizing that an incident has occurred and understanding its potential implications.
    • Analyzing the evidence and determining the root cause of the incident falls under the "Analysis" phase of the incident response process. This phase comes after containment and aims to understand how the incident occurred and what vulnerabilities were exploited.
    • Developing an incident response plan, defining roles and responsibilities, and conducting regular training and drills belong to the "Preparation" phase of the incident response process. Part of this phase involves brainstorming and considering what can be done if a security problem occurs. This phase ensures that the organization is ready to respond effectively to incidents, but it does not directly involve eradicating the root cause of a specific incident.

    Tags: Incident Response Process

Question 62

62. You are a security analyst tasked with investigating a suspected security breach. As part of your investigation, you decide to examine the automated security reports generated by your security tools. Which of the following pieces of information from these reports would be MOST valuable to investigate the incident?

    Options:

    • Average time between security alerts over the past month.
    • List of employees who received the highest number of phishing emails in the last quarter.
    • The total number of security alerts generated.
    • Specific details of security alerts triggered around the time of the suspected incident

    Overall explanation:

    • Detailed information on security alerts triggered around the timeframe of the incident could be vital in identifying the cause, origin, and scope of the breach.
    • While useful for identifying potential future threats, the list of employees who received the highest number of phishing emails in the last quarter information would not be particularly relevant for investigating a specific, current security incident unless that incident was due to a successful phishing attack.
    • While the average time between security alerts over the past month information may help to identify trends or patterns in security alerts, it would not directly provide valuable insights into a specific security incident.
    • The total number of security alerts generated is too broad and generic. It fails to provide useful insights into the specific security incident in question.

    Tags: Investigating an Incident

Question 63

63. Enrique is making a detailed list of every application installed on Dion Training's server. Which of the following tasks BEST describes Enrique's task?

    Options:

    • Network mapping
    • Software enumeration 
    • Patch management
    • Risk assessment

    Overall explanation:

    • Software enumeration focuses on identifying and cataloging every software component present on a particular system. It aids in understanding the software landscape and helps in making informed decisions related to software asset management.
    • Network mapping is the process of creating a visual representation or layout of the network infrastructure. While it provides a detailed overview of network connections and devices, it does not concern itself with listing individual software.
    • A comprehensive evaluation of potential threats and vulnerabilities in a system or process. While it may take into account the software present, its primary goal isn't to list them but to assess potential risks associated with them.
    • Patch management centers around the practice of updating software components with patches to address vulnerabilities or bugs. It ensures that software is up to date and secure but does not involve creating a list of software installations

    Tags: Asset Management

Question 64

64. Jason and Reed, both IT specialists at Kelly Innovations LLC, are tasked with ensuring the workstations' secure baseline remains uncompromised over time. Which technique would BEST help them achieve this?

    Options:

    • Rely solely on antivirus scans to detect changes in workstation configuration.
    • Use Windows Update without a validation process.
    • Implement Ansible to enforce and verify settings. 
    • Manually check each workstation at month-end for deviations from the baseline.

    Overall explanation:

    • Implementing Ansible to enforce and verify settings enforce desired configurations and can quickly bring non-compliant systems back to the desired state.
    • Antivirus scans are essential but don't specifically focus on ensuring baseline configurations remain consistent.
    • Manually check each workstation at month-end for deviations from the baseline is labor-intensive and might miss immediate vulnerabilities.
    • While updates are crucial, deploying updates without validation could introduce incompatibilities or unforeseen issues.

    Tags: Automating Security

Question 65

65. As a security analyst, you are currently investigating a potential security breach within your organization's network, specifically focusing on unusual traffic that was detected coming from an external IP address. To dig deeper into this situation, you have decided to analyze the packet capture logs that were recorded during the time of the suspected incident. Given that the unauthorized access was attempting to communicate via TCP to a sensitive internal server on port 443, and there were also abnormal DNS requests observed, which of the following pieces of information from the packet captures would be MOST valuable to investigate the incident further?

    Options:

    • TLS handshake details and DNS query responses 
    • ICMP echo request and reply messages
    • HTTP GET and POST requests
    • ARP cache content

    Overall explanation:

    • Examining the TLS handshake details can help in verifying if the secure connection was established using strong cryptographic algorithms, and it can also reveal the certificate information to check for any anomalies or unauthorized certificates. Analyzing DNS query responses is crucial to understand which domain names were resolved and to identify any potential malicious or unauthorized domain interactions. Both of these details are vital for investigating the incident, especially given the nature of the communication to a sensitive server over a secure port and the observed abnormal DNS requests.
    • HTTP GET and POST requests are used to retrieve or submit data over the web. Given that the incident involves communication on port 443, which is commonly used for HTTPS rather than HTTP, and there are specific concerns about DNS requests, focusing on HTTP GET and POST requests might not yield the most valuable information for this particular investigation. Additionally, encrypted HTTPS traffic would require proper decryption before any HTTP methods could be analyzed, adding an extra layer of complexity.
    • The Address Resolution Protocol (ARP) cache stores IP-to-MAC address mappings for local network devices. While ARP spoofing can be a security concern, examining the ARP cache may not provide direct insights into the suspected breach involving secure TCP communication and DNS irregularities in this specific scenario.
    • ICMP echo requests and replies, commonly known as ping messages, are used to check the availability of a network device. While they can be helpful for basic network diagnostics, they are less likely to provide in-depth information about a security incident, especially in the context of unauthorized access and abnormal DNS requests on specific TCP ports.

    Tags: Domain Name System (DNS) Attacks

Question 66

66. A company's access control mechanism determines access to resources based on users' job functions. The system enforces access control based on these predefined responsibilities, and users do not have the discretion to modify or override access permissions. Which type of access control mechanism is being used in this scenario?

    Options:

    • Rule-based
    • Role-Based 
    • Attribute-Based
    • Discretionary

    Overall explanation:

    • In the scenario described, the access control mechanism used in the medium-sized company is "Role-Based access control" (RBAC). In an RBAC system, access to resources is determined based on the roles or job functions of users. Users are assigned specific roles, and access permissions are associated with those roles. The system enforces access control based on these predefined roles, providing a structured and organized way to manage access.
    • "Attribute-Based access control" (ABAC) dynamically evaluates various user attributes, such as job role, department, location, and time of access, to determine access rights to specific resources. While the scenario mentions access control based on job roles, it does not mention the dynamic evaluation of multiple attributes for access decisions, which is characteristic of ABAC.
    • "Discretionary access control" (DAC) allows individual users to have discretion or control over the access permissions of their resources. In a DAC system, owners of resources can determine who has access and what level of access they are granted based on their own judgment. The scenario does not describe users having this level of discretion over access rights; instead, access control is determined based on job functions. "
    • Rule-based access control" is a broad term that can encompass various access control mechanisms. While the scenario mentions the enforcement of access control based on predefined roles, access is given based on the job functions of users.

    Tags: Access Control Models

Question 67

67. In digital forensics, which of the following is MOST crucial to consider when determining the requirements for an investigative report?

    Options:

    • The personal preferences of the forensic analyst.
    • The geographical location of the incident.
    • The software tools used in the investigation. 
    • The intended audience of the report.

    Overall explanation:

    • Understanding the audience, whether it's legal professionals, executives, or technical teams, determines the report's depth, language, and emphasis.
    • An objective, standardized approach is favored in digital forensics over individual preferences in reporting.
    • While important for internal records and repeatability, the specific tools used don't typically define reporting requirements.
    • While the location might influence some elements of a case, it doesn't typically dictate the structure or content of the report itself.

    Tags: Investigating an Incident

Question 68

68. Red Notes, a financial institution , has experienced a sophisticated, multi-vector cyberattack. Only quick action by their security team prevented a data breach. The security team has recommended using Extended Detection and Response (XDR) across the company environment. Which of the following problems best explains why they recommend XDR in this scenario?

    Options:

    • Their EDR, like most EDRs, doesn't provide real-time monitoring and reporting of attacks.
    • They need a more comprehensive system of ensuring all software was updated and patched against sophisticated attacks coming from a variety of locations simultaneously. 
    • Their current EDR didn't have the ability to isolate an attacked endpoint and prevent the spread of malware.
    • Company security data was spread across a number of applications and tools, preventing the security team from seeing such a sophisticated attack.

    Overall explanation:

    • The main significance of implementing XDR in the given scenario is its ability to integrate and correlate security data from various sources, such as endpoints, network, and cloud environments. By doing so, XDR can detect and respond to sophisticated, multi-vector cyber threats more effectively, which aligns with XYZ Corp's goal to address the increase in sophisticated cyberattacks.
    • One of the main advantages of EDRs is that they provide real-time monitoring and reporting of attacks. So this is not the problem they are trying to solve.
    • While XDR may contribute to enforcing security policies, its primary role is to detect and respond to multi-vector cyber threats across the IT environment.
    • While some XDR solutions may include features for software updates and patch management, the primary focus of XDR is not on updating and patching software on endpoints. XDR's primary purpose is to enhance threat detection and response capabilities.

    Tags: XDR

Question 69

69. To guarantee that sensitive data on old hard drives at Dion Training is entirely irretrievable, which of the following physical methods should Jamario, the Security Chief, choose?

    Options:

    • Shredding the hard drives. 
    • Storing drives in a locked cabinet.
    • Reformatting the drives.
    • Labeling the drives as "Obsolete".

    Overall explanation:

    • Shredding the hard drives physically obliterating the drives ensures data cannot be recovered.
    • Though stored safely, data remains on the drives even if the drives are in a locked cabinet.
    • A label might deter some but does not delete the data.
    • While reformatting will make it appear that the data is gone, it can be recovered.

    Tags: Asset Disposal and Decommissioning

Question 70

70. You are a security analyst tasked with investigating a suspected security breach in your organization's network. You decide to examine the Intrusion Prevention System/Intrusion Detection System (IPS/IDS) logs. Which of the following pieces of information would be MOST valuable in these logs to investigate the incident?

    Options:

    • The list of permitted IP addresses for the organization's internal network.
    • The source IPs, destination IPs, port numbers, protocols used, and timestamps for all connections in the past 2 weeks.
    • The total number of network connections made in the last month.
    • Details of detected suspicious activities for the past two weeks.

    Overall explanation:

    • The details of specific suspicious activities such as source and destination IPs, port numbers, protocols, and timings can provide significant evidence for a security investigation. This information can help trace potential intruders and determine the methods they used for the breach.
    • The source IPs, destination IPs, port numbers, protocols used, and timestamps for all connections in the past 2 weeks could be beneficial, but it is a lot of information to go through and it will be easy to overlook events. You will be better served by looking at suspicious activities rather than all activities.
    • The sheer number of connections doesn't provide specific or actionable information about a potential security breach. Detailed log entries about anomalous or suspicious connections would be more useful.
    • While the list of permitted IPs is an important part of managing access and controlling a network, it doesn't provide immediate, incident-specific information for a security breach investigation.

    Tags: Analyze and store logs

Question 71

71. Which of the following statements BEST explains the Acquisition as part of the incident response activities?

    Options:

    • Acquisition involves acquiring individual testimony of all people who could be impacted by an incident.
    • Acquisition involves obtaining a clean copy of the data from a device so it can be used as evidence. 
    • Acquisition means new security controls are purchased or otherwise obtained to prevent future incidents.
    • Acquisition involves evaluting details about the incident to determine financial and legal consequences.

    Overall explanation:

    • Acquisition involves identifying and gathering evidence related to the security incident. This may include collecting logs from affected systems, taking disk images, or other procedures to catalogue everything that may be used as evidence in a court proceeding.
    • While acquiring testimony may be important in investigating an incident, it is what Acquisition means in terms of incident response. Acquisition involves gathering evidence about an incident that has occurred and ensuring that the evidence is
    • New security controls may be needed after an incident, but Acquisition involves securing evidence from an incident in such a way that it can be used in legal proceedings.
    • While documenting the incident's components for potential financial or legal consequences is vital, it is not the meaning of Acquisition.

    Tags: Acquisition and Procurement

Question 72

72. Mary, a security analyst for Kelly Innovations LLC, is recommending a security control to protect the component of an Industrial Control System (ICS) responsible for direct operator interaction. Which of the following ICS components is she MOST likely addressing, and what primary security concern is she likely considering?

    Options:

    • PLC – Firmware Tampering 
    • DCS – System Availability
    • Data historian – Data Integrity
    • HMI – Unauthorized Access

    Overall explanation:

    • The Human-Machine Interface (HMI) is a critical component in an ICS that allows operators to interact directly with the system. Its security is paramount to prevent unauthorized access and potential manipulation of the system.
    • A Distributed Control System (DCS) manages process automation within a single site. Although ensuring system availability is vital, it isn't centered around direct operator interactions.
    • The data historian captures and archives all information from the control loop. While data integrity is a significant concern for historians, it doesn't focus on direct operator interaction.
    • Programmable Logic Controllers (PLC) are embedded devices within ICSs connecting to actuators and sensors. While firmware tampering is a potential security concern, PLCs aren't the primary interface for operator interactions.

    Tags: ICS and SCADA

Question 73

73. Which concept is an important reliability metric in maintenance management and represents the average time between failures for a non-repairable system?

    Options:

    • FMEA
    • MTBF 
    • MTTR
    • Risk assessment

    Overall explanation:

    • MTBF (Mean time between failures) predicts the average time intervals between system failures, indicating the reliability of a system or component.
    • MTTR (Mean time to repair) indicates the typical time needed to fix a failed system, not the interval between failures.
    • FMEA (Failure mode and effects analysis) is a proactive method to identify possible failures, separate from quantifying time between failures.
    • Risk assessment involves the process of identifying risks, but it does not measure the average time between system failures.

    Tags: Risk Identification

Question 74

74. At Kelly Innovations LLC, Sasha received an unexpected call from someone claiming to be from the IT department. The caller asked her to confirm her username and password for a "system upgrade." Unsure, Sasha hesitated and asked the caller to provide some form of identification or a callback number. Which of the following terms BEST describes the scenario Sasha encountered?

    Options:

    • Social Engineering 
    • Vulnerability Assessment
    • Phishing
    • Tailgating

    Overall explanation:

    • Social Engineering manipulates individuals into divulging confidential information or performing specific actions, often for malicious purposes. The caller attempted to deceive Sasha to gain her credentials.
    • Tailgating involves unauthorized individuals physically following authorized personnel into secure areas.
    • Vulnerability Assessment is a method to evaluate the security posture of a system, not a manipulation technique.
    • While a form of social engineering, phishing typically involves deceptive emails or websites, not direct phone calls.

    Tags: Social Engineering

Question 75

75. Horizon Security, a cybersecurity training company, experienced a data breach due to a vendor's negligence. This breach led to a significant loss of sensitive customer information and damage to the company's reputation. What type of consequence is Horizon MOST likely to face?

    Options:

    • Reputational damage 
    • Fines
    • Loss of license
    • Sanctions

    Overall explanation:

    • Reputational damage refers to the potential harm or negative impact on Horizon's reputation due to its failure to comply with data protection regulations. As a result of the data breach, customers may come to believe that Horizon doesn't know enough about cybersecurity to prevent the breach. Its reputation in the cybersecurity training industry may be tarnished.
    • Fines are penalties imposed by regulatory authorities for non-compliance with data protection regulations. However, in this scenario, Horizon did not commit the negligence, so they are not likely to face fines unless they are located in a country that has laws regarding fines for any data breach regardless of responsibility.
    • Sanctions are also potential penalties for non-compliance, but they are typically more severe and may include restrictions or limitations on the company's operations. However, in this scenario, Horizon did not commit the negligence, so they are not likely to face sanctions unless they are located in a country that has laws regarding sanctions for any data breach regardless of responsibility.
    • Loss of license could be a consequence of non-compliance in certain industries. However, in this scenario, Horizon did not commit the negligence, so they are not likely to lose any licenses they may have.

    Tags:

Question 76

76. Which of the following terms refers to an individual whose personal data is being collected, held, or processed?

    Options:

    • Data subject
    • Data retention
    • Data processor
    • Data controller

    Overall explanation:

    • The Data Subject is an individual whose personal information is being collected, held, or processed by an organization or entity.
    • The Data Processor is the entity that processes data on behalf of the controller.
    • Data Retention is the set of policies or regulations that dictate how long an entity must hold onto specific types of information.
    • The Data Controller is the entity or person who determines the purposes and means of processing personal data. They have overall responsibility for ensuring that data processing is carried out in compliance with applicable privacy laws and regulations.

    Tags: Data Ownership

Question 77

77. Which of the following procedures outlines the steps for controlling alterations to IT systems within an organization?

    Options:

    • Change management procedure 
    • Onboarding/offboarding procedure
    • Incident response procedure
    • Playbooks procedure

    Overall explanation:

    • The change management procedure outlines the steps and guidelines for managing changes to IT systems within an organization. It includes processes for requesting, evaluating, approving, implementing, and reviewing changes to minimize the risk of disruptions and ensure that changes are carried out in a controlled and coordinated manner.
    • The onboarding/offboarding procedure involves the processes and tasks related to welcoming new employees (onboarding) and handling the departure of employees (offboarding) within an organization. While important for managing personnel transitions, it is not directly related to changes in IT systems.
    • The incident response procedure defines the steps for detecting, analyzing, responding to, and recovering from cybersecurity incidents and data breaches. While essential for handling security incidents, it is not directly related to managing changes to IT systems.
    • Playbooks are comprehensive sets of instructions that outline predefined responses to specific situations or events. They are often used in incident response and cybersecurity for guiding actions during security incidents. While valuable for incident management, playbooks are not specifically related to managing changes in IT systems.

    Tags: Change Management

Question 78

78. What type of assessment should you do to evaluate the security measures and vulnerabilities of a company that offers goods or services?

    Options:

    • Vendor selection
    • Statement of Work
    • Vendor assessment 
    • Vendor monitoring

    Overall explanation:

    • A vendor assessment involves evaluating the security measures and vulnerabilities of a vendor's systems and infrastructure to ensure they meet the organization's security requirements.
    • A Statement of Work (SOW) sets the expectations for work to be completed by a third-party. It doesn't normally include an evaluation of the third-party's vulnerabilities and security measures.
    • Vendor monitoring involves continuous evaluation and oversight of a vendor's performance, including its security practices, throughout the duration of the business relationship, but it is not specifically focused on the initial assessment of security measures and vulnerabilities.
    • Vendor selection is the process of choosing a vendor based on various criteria, but it does not specifically focus on evaluating the vendor's security measures and vulnerabilities.

    Tags: Vendor Assessment

Question 79

79. Which of the following terms specifically represents the target duration for recovering IT and business operations after a disruptive event?

    Options:

    • MTTR
    • RPO
    • RTO 
    • BCP

    Overall explanation:

    • RTO (Recovery time objective) sets the goal for the time taken to recover business operations after an outage, essential for continuity planning.
    • BCP (Business continuity planning) is the overarching process that includes recovery time objectives, but it is not a time-specific recovery target.
    • MTTR (Mean time to repair) is the average repair time for a failed system or component, not the timeframe for full business recovery.
    • RPO (Recovery point objective) assesses the maximum tolerable data age for recovery purposes, unrelated to the duration for restoring operations.

    Tags: Risk Identification

Question 80

80. In the realm of systems and data management, who is primarily responsible for determining the classification of data and ensuring it aligns with organizational policies?

    Options:

    • Data Controller
    • End User
    • Data Processor
    • Data Owner

    Overall explanation:

    • A data owner is typically an individual or a functional role within an organization that is responsible for the data's classification, and ensuring it is in line with the organization's security policy.
    • A data controller determines the purposes and means of processing personal data, but the classification and alignment with organizational policies is typically under the purview of the data owner.
    • Data processors process data on behalf of the data controller and don't decide on data classifications.
    • End users access and use the data but do not typically have responsibilities for classifying it or ensuring its alignment with organizational policies.

    Tags: Data Ownership

Question 81

81. Which of the following is a monetary penalty imposed as a result of non-compliance with regulations or violations of certain rules or agreements?

    Options:

    • Fee
    • Sanction
    • Fine 
    • Deductible

    Overall explanation:

    • A fine is a specific monetary penalty levied by an official entity, such as a regulatory body or court, as punishment for an offense or violation. It is typically imposed to deter individuals or organizations from breaching regulations, standards, or contractual agreements. The amount can vary based on the severity and nature of the infraction.
    • A deductible is an agreed-upon amount that an insured individual must pay out-of-pocket before an insurance company will cover the remaining costs of a claim. It represents a portion of the financial responsibility that falls on the policyholder and can vary based on the terms of the insurance policy.
    • A fee refers to a charge or payment for specific services rendered by professionals or organizations. Unlike fines, fees are not penalties; they are agreed-upon costs for services such as consultations, applications, or usage of facilities.
    • A sanction is a broader term that encompasses various penalties or restrictions imposed on individuals or entities for non-compliance or misconduct. While it can include fines, sanctions may also involve trade restrictions, asset freezes, or other punitive measures intended to enforce rules and regulations.

    Tags: Non-compliance Consequences

Question 82

82. At Dion Training, Susan recently joined the IT department. On her first day, Reed handed her a document outlining the company's best practices, security procedures, and the expected behavior regarding company data and assets. Which of the following resources did Reed provide to Susan to ensure she understands the organization's security stance?

    Options:

    • Policy/handbook 
    • Insider threat training
    • Operational security
    • Situational awareness

    Overall explanation:

    • This is a document provided to employees to familiarize them with the company's security standards, practices, and expected behaviors.
    • This refers to the process of identifying and protecting critical information from adversaries. It's a concept, not a tangible resource.
    • While important, this is more about being aware of one's surroundings and understanding potential threats, rather than a printed or digital resource.
    • While it's crucial for employees to understand potential insider threats, it is a specific training, not a comprehensive document outlining various company practices.

    Tags: Policy and Handbooks

Question 83

83. Which of the following terms refers to the specific laws and regulations set by a country's government that dictate how the personal data of its citizens should be collected, stored, and processed?

    Options:

    • National legal implications 
    • Consent management
    • Data encryption
    • General Data Protection Regulation (GDPR)

    Overall explanation:

    • National legal implications are laws and regulations set at the country level that outline the requirements and boundaries for data protection and privacy.
    • Consent management is a process that ensures organizations obtain and manage the consent of individuals before collecting or processing their personal data.
    • The GDPR is a regulation enacted by the European Union to ensure data protection and privacy for all its citizens.
    • Data encryption is a method used to protect data from unauthorized access by converting it into a code.

    Tags: Data Sovereignty

Question 84

84. Which document provides comprehensive guidance for digital identity management, including recommendations for password and access control requirements?

    Options:

    • NIST Special Publication 800-63 
    • ISO/IEC 27002 
    • FIPS
    • PCI DSS

    Overall explanation:

    • NIST SP 800-63 offers a detailed framework for digital identity management, encompassing password policies, authentication procedures, and access controls.
    • Federal Information Processing Standards primarily set requirements for cryptography, not for comprehensive digital identity management.
    • ISO/IEC 27002 provides guidance on security controls for information security management systems but does not offer detailed digital identity management guidelines like NIST SP 800-63 does.
    • The Payment Card Industry Data Security Standard governs the security of cardholder data and is not directly related to digital identity guidelines.

    Tags: Standards

Question 85

85. Which of the following involves an authorized testing of the security of a third-party by actively engaging the third-party's system?

    Options:

    • Supply chain analysis
    • Vendor monitoring
    • Vendor assessment
    • Penetration testing

    Overall explanation:

    • Penetration testing is the practice of conducting authorized simulated attacks on a vendor's network or systems to identify potential security weaknesses and vulnerabilities.
    • Supply chain analysis involves examining the security of companies and suppliers for a vendor. It wouldn't normally include an active engagement with a vendors' system.
    • Vendor assessment involves evaluating various aspects of a vendor's capabilities, including security measures, to determine if they meet the organization's requirements. This is usually done through methods other than a formal penetration test.
    • Vendor monitoring involves continuously tracking and evaluating a vendor's performance and compliance with the agreed-upon terms and security standards. It doesn't involve an active engagement of their third-party system.

    Tags: Penetration Testing

Question 86

86. Which of the following entities is responsible for providing detailed analysis and recommendations to the governance board to aid in informed decision-making, particularly in areas requiring specialized knowledge?

    Options:

    • Advisory Councils
    • Management Groups
    • Committees 
    • Executive Teams

    Overall explanation:

    • Committees are specialized groups that include subject matter experts who support the governance board with expert analysis and recommendations.
    • Management Groups typically handle day-to-day operational decisions rather than providing specialized support to the governance board.
    • Executive Teams individuals are part of the governance board with ultimate decision-making authority but may not focus on specific issues like committees do.
    • While Advisory Councils may also provide advice, they are not solely responsible for in-depth analysis and recommendations for the governance board.

    Tags: Governance

Question 87

87. Which of the following terms is used to describe the probability or frequency of a risk occurring in a given time frame?

    Options:

    • Likelihood 
    • Risk frequency
    • ARO 
    • Probability

    Overall explanation:

    • Likelihood measures how probable it is that a risk will occur, which is crucial for risk analysis and management.
    • Risk frequency could be seen as similar to likelihood but is less specifically defined in risk management terminology.
    • While ARO (Annualized rate of occurrence) is a measurement of how often a risk event is expected to happen annually, it doesn't describe the general probability or frequency as broadly as the term likelihood does.
    • Probability also indicates the chance of a risk occurring but does not necessarily tie it to a specific time frame as likelihood does within the context of risk assessment.

    Tags: Risk Management

Question 88

88. Which term BEST applies to an organization that aims to minimize risk exposure, focusing on cash preservation, maintaining a solid reputation, and meeting regulatory requirements rather than seeking significant growth?

    Options:

    • Conservative risk appetite 
    • Risk thresholds
    • Neutral risk appetite
    • Expansionary risk appetite

    Overall explanation:

    • A conservative risk appetite characterizes organizations that are risk-averse and prioritize stability and compliance over the pursuit of opportunities that carry more risk.
    • An expansionary risk appetite is evident in organizations that take on more risk to achieve high returns or growth, typically through new initiatives like launching products or entering new markets.
    • A neutral risk appetite reflects an organization's balanced stance on risk-taking, neither aggressively seeking high-risk opportunities nor being overly conservative, but taking on risks that are strategically aligned and manageable.
    • Risk thresholds indicate the points at which risk levels are considered to exceed acceptable levels.

    Tags: Risk Register

Question 89

89. At Dion Training, a tech company, the security team is conducting a review of their security measures to enhance the protection of their facilities. Which of the following is an essential component of an organization's governance to ensure that access to buildings and sensitive areas is appropriately restricted?

    Options:

    • Information security policies
    • Physical security standards  !!!!!!
    • AUP 
    • Change management procedures

    Overall explanation:

    • An AUP outlines how organizational IT resources can be used by employees. It doesn't specifically address physical security standards. These define how facilities should be protected against unauthorized access, which might include measures such as access control systems, surveillance cameras, and security personnel.
    • Change management procedures ensure that changes to IT systems and applications are done in a controlled manner. It doesn't directly dictate physical security measures.
    • While information security policies play a vital role in the broader framework of security, they typically address all aspects of infosec, not just the physical.

    Tags: Physical Security

Question 90

90. The management team at Albus Global is working to prepare for potential disruptions like natural disasters and cyber attacks. They want to ensure that they maintain critical business functions regardless of the type of disruption they encounter. What document should they create?

    Options:

    • Disaster recovery policy
    • Acceptable use policy (AUP)
    • Business continuity policy 
    • Incident response policy

    Overall explanation:

    • The business continuity policy outlines the procedures and strategies that an organization should follow to ensure the continuous operation of critical business functions during disruptions or disasters. It includes plans for maintaining essential services, data, and systems to minimize downtime and resume operations as quickly as possible.
    • The incident response policy provides guidelines and procedures for detecting, responding to, and mitigating security incidents and breaches. It focuses on the actions to be taken when a security event occurs to contain the incident and prevent further damage. Cyber attacks would be part of this, but they are planning for a broader picture so the correct answer is a business continuity plan.
    • The disaster recovery policy specifies the steps and protocols to recover IT infrastructure and systems after a major disaster or disruptive event. It involves restoring critical data and services to resume business operations following a catastrophic incident. This will help them with a disaster, but they are planning for broader threats.
    • The acceptable use policy (AUP) sets the rules and guidelines for the proper use of an organization's IT resources and facilities by its employees and users. It defines what is considered acceptable behavior when using company assets and systems to ensure their appropriate and secure use. However, the AUP does not directly address strategies for ensuring business continuity during disruptions.

    Tags: Continuity of Operations Plan