Sec+ Practice Test 5

Question 1

1. Which of the following BEST describes a process used to identify differences between the current state of a system and its desired future state?

   Options:

   • Non-repudiation
   • Gap analysis
   • Zero Trust
   • Authentication

   Overall explanation:

   • A gap analysis is a method used to identify the differences or "gaps" between the current state of a system or process and its desired future state. It helps organizations determine the steps needed to reach their desired goals.
   • Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems.
   • Non-repudiation ensures that a sender cannot deny sending a message or performing an action. It provides proof of origin and proof of delivery to protect against denial by either the sender or the receiver.
   • Authentication is the process of verifying the identity of a person or system. It ensures that the user or system is who they claim to be.

   Tags: Gap Analysis

Question 2

2. When entering his password online, Ivan notices that each letter is quickly replaced by a dot. He finds this annoying and wishes that it wouldn't happen.  It has resulted in him entering the wrong password because there are as many dots as the number of characters in his password. What is Ivan observing?

   Options:

   • Encryption
   • Data Masking
   • Tokenization
   • Steganography

   Overall explanation:

   • Data masking is a method to deidentify some or all characters in a sequence, but not changing the total number of characters that a field should contain. The masked version will be structurally the same, but the data will be hidden. Changing the letters or numbers entered into a password field with dots is an example of data masking.
   • Encryption is the process of converting information or data into a code to prevent unauthorized access. It often uses an algorithm to replace the original data with other data. If a person figures out or acquires the algorithm, the data can be decrypted. It does not involve substituting data with other characters as placeholders.
   • Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. It does not involve substituting data with other characters as placeholders.
   • Tokenization is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token. The token and the data it substitutes are stored in a secure database. If the original data is needed, it can be accessed using the token and querying the database. The token will be a different size and have a different structure than the original data so the token can’t be used to decipher the original data. It does not involve substituting data with other characters as placeholders.

   Tags: Obfuscation

Question 3

3. Constance is logging into their bank account online. The website makes sure that she has the correct username and password. This is an example of which common method for authenticating people?

   Options:

   • Knowledge-based authentication
   • Possession-based authentication
   • Location-based authentication
   • Biometric authentication

   Overall explanation:

   • A username and password are examples of knowledge-based authentication, which is a common method for authenticating people.
   • Biometric authentication refers to the use of a biometric characteristic, such as a fingerprint or facial recognition, for authentication.
   • Possession-based authentication refers to the use of a physical object, such as a smart card or token, for authentication.
   • Location-based authentication uses the location where a person is when accessing a site and uses this in order to authenticate the user.

   Tags: Multifactor Authentication (MFA)

Question 4

4. In the Zero Trust model, which component primarily ensures the correct and efficient transmission of data once access decisions have been made?

   Options:

   • Control Plane
   • Adaptive identity
   • Threat scope reduction
   • Data Plane

   Overall explanation:

   • The Data Plane within the Zero Trust model oversees the conveyance of data. Once the Control Plane grants access, the Data Plane steps in to make certain that data is transmitted efficiently and arrives at its intended destination.
   • Though it's an aspect of Zero Trust, threat scope reduction revolves around limiting the potential damage zones in a network, ensuring that a breach in one area doesn't compromise the entire system. It doesn't specifically focus on data transmission.
   • An element of Zero Trust, adaptive identity employs dynamic security decisions based on user behavior and contextual information. While it aids the Control Plane in making decisions, it doesn't manage data transmission like the Data Plane.
   • The Control Plane in the Zero Trust framework doesn't manage data transmission. Instead, it's tasked with deciding on access requests, referencing policies, identity verification, and threat analysis.

   Tags: Zero Trust

Question 5

5. After the IT department proposed a new software update, Kevin, a system analyst, evaluates the potential effects of this change on system performance, user experience, and business processes. Which term BEST describes Kevin's evaluation?

   Options:

   • Impact analysis
   • Approval process
   • Backout plan
   • Version control

   Overall explanation:

   • The process of evaluating and forecasting the outcomes of a proposed alteration involves a comprehensive analysis of how the change might ripple through an organization or system. This approach ensures that decision-makers are fully informed of potential ramifications, both positive and negative. By understanding these possible effects, an organization can better prepare, mitigate risks, and optimize the benefits. Such assessments often consider impacts on workflows, personnel, technology infrastructure, financial resources, and customer experiences.
   • A system that records changes to a file or set of files over time, allowing specific versions to be recalled later. A strategy outlining the steps to revert changes if they lead to unforeseen complications or do not meet the desired outcomes. A formalized procedure to ensure changes are reviewed and approved before implementation.

   Tags: Change Management

Question 6

6. In the Zero Trust model, which of the following components focuses on making decisions about who can access what resources based on policies, identity verification, and threat analysis?

   Options:

   • Control Plane
   • Policy-driven access control
   • Data Plane
   • Implicit trust zones

   Overall explanation:

   • Within the Zero Trust framework, the Control Plane is responsible for making determinations on access requests. It processes these requests by referencing policies, verifying the identity of requestors, and considering any potential threats. Essentially, it's the brain behind who gets to access what, ensuring security decisions are informed and robust.
   • The Data Plane manages the transmission of data. It doesn't decide on access rights; rather, it ensures that once access has been granted by the Control Plane, data flows correctly and efficiently to the designated recipient.
   • While this is a component of Zero Trust, policy-driven access control is a specific strategy that ensures access is given based on clearly defined policies. It's more of a tactic used within the Control Plane, rather than a core component of the framework.
   • Implicit trust zones are areas within a network where communication is allowed without exhaustive security checks. While they're a component of Zero Trust, they don't function in decision-making or data transmission in the same way as the Control or Data Planes.

   Tags: Zero Trust

Question 7

7. During a change management meeting, Lisa, a project manager, is presenting the impact of a proposed change on various departments. She also gathers feedback from representatives of those departments to ensure all viewpoints are considered. Which of the following terms BEST describes the representatives from the various departments?

   Options:

   • Approval process
   • Backout plan
   • Stakeholders
   • Maintenance window

   Overall explanation:

   • Stakeholders, who are individuals or entities that have an interest in a particular decision or project, often representing various departments or groups, and their feedback is critical for comprehensive decision-making.
   • An approval process is a formalized procedure to ensure changes are reviewed and approved before implementation.
   • A backout plan is a contingency plan detailing steps to revert changes in case of failure or unforeseen complications.
   • A maintenance window is a pre-defined time frame during which changes or updates are implemented, often chosen to minimize business disruption.

   Tags:

Question 8

8. Which of the following is a pre-defined period during which planned changes and upgrades to an IT system are implemented to minimize disruption to users?

   Options:

   • Recovery point objective
   • Baseline configuration
   • Standard operating procedure
   • Maintenance window

   Overall explanation:

   • A maintenance window is a scheduled timeframe during which system updates, patches, or changes are implemented. This period is specifically chosen to reduce the impact on users and ensure business continuity.
   • A baseline configuration represents a set of specifications for a system, against which all future changes are measured. It doesn't refer to the time frame for implementing changes.
   • A Recovery Point Objective is a metric used in disaster recovery that defines the maximum allowable amount of lost data measured in time. It does not pertain to scheduled maintenance periods.
   • An SOP (Standard Operating Procedure) is a set of step-by-step instructions compiled by an organization to help workers carry out complex routine operations. It doesn't specify when these operations should be performed.

   Tags:

Question 9

9. Which asymmetric encryption technique provides a comparable level of security with shorter key lengths, making it efficient for cryptographic operations?

   Options:

   • Diffie-Hellman
   • DSA
   • RSA
   • Elliptic curve cryptography (ECC)

   Overall explanation:

   • ECC is a type of trapdoor function that is efficient with shorter key lengths. For instance, ECC with a 256-bit key provides roughly the same security as RSA with a 2048-bit key. The primary advantage is that ECC has no known shortcuts to cracking it, making it particularly robust.
   • Diffie-Hellman is an algorithm primarily for secure key exchange, not directly comparable to the encryption efficiency offered by ECC's shorter key lengths.
   • While a foundational asymmetric algorithm, RSA generally requires longer key lengths than ECC to achieve comparable security levels.
   • Digital Signature Algorithm (DSA) is an algorithm used for digital signatures, but it doesn't inherently offer the same efficiency in terms of key length as ECC.

   Tags: Asymmetric Algorithms

Question 10

10. Dion Training wants to secure only a specific section of their server's hard drive that contains sensitive client data. Which encryption method would be BEST suited for this requirement?

    Options:

    • Wildcard certificate
    • Full-disk encryption
    • File-level encryption
    • Partition encryption

    Overall explanation:

    • Partition encryption, like LUKS (Linux Unified Key Setup) on Linux systems, allows the encryption of a particular partition or volume. It's ideal for Dion Training's need to secure a specific section of their server's hard drive.
    • A wildcard certificate secures multiple subdomains of a main domain but is unrelated to disk encryption.
    • Full-disk encryption encrypts the entire hard drive, which might be overkill if only a specific section needs encryption.
    • While file-level encryption can encrypt specific files or folders, it doesn't necessarily target entire sections or partitions of a hard drive.

    Tags: Data Encryption Levels

Question 11

11. Kelly Innovations LLC is keen on adopting technology to ensure the integrity and transparency of its financial transactions. They are looking for a solution where each transaction record is secured using cryptography, and the hash value of one record is used in the hash calculation of the next. Which of the following technologies would be MOST suitable for this requirement?

    Options:

    • Digital watermarking
    • Symmetric encryption
    • Public key infrastructure (PKI)
    • Blockchain

    Overall explanation:

    • Blockchain employs an expanding list of transactional records, each referred to as a block, and each block validates the hash of the previous one. This process ensures that historical transactions remain untampered with. This form of encryption uses a single key to both encrypt and decrypt information, but it does not inherently create a linked chain of records as described.
    • Digital watermarking embeds information in digital content but doesn't deal with securing transaction records in the manner described.
    • While PKI is a framework of encryption and cybersecurity that protects communications between the server (your website) and the client (the users), it doesn't work with transactional records like blockchain does.

    Tags: Blockchain

Question 12

12. Which of the following mobile device vulnerabilities that is created by installing applications from sources other than the official app store?

    Options:

    • Buffer overflow
    • Side loading
    • Memory injection
    • Jailbreaking

    Overall explanation:

    • Side loading is a mobile device vulnerability that results from installing applications from sources other than the official app store, such as third-party websites, USB drives, or email attachments. It can expose the device to malware, spyware, or unauthorized access.
    • Memory injection is a technique that involves injecting code into a running process to alter its behavior or gain access to its memory. It can be used for malicious or legitimate purposes on mobile devices, such as debugging or hooking.
    • Buffer overflow is a type of memory corruption that occurs when a program writes more data than the allocated buffer can hold, causing it to overwrite adjacent memory locations. It can lead to crashes, code execution, or privilege escalation.
    • Jailbreaking creates a vulnerability on mobile device by bypassing the restrictions imposed by the manufacturer or provider of a device, such as an iPhone or iPad, to gain root access and install unauthorized applications or customizations. It can expose the device to malware, spyware, or unauthorized access.

    Tags: Mobile Vulnerabilities and Attacks

Question 13

13. Manar is reviewing logs and finds that many log on attempts were made using common words followed by numbers or symbols. Each password is attempted on the 20 computers in the accounting department. He suspects that these passwords were generated by an automated tool. Which of the following password attacks is BEST illustrated by this finding?

    Options:

    • Brute force
    • Spraying
    • Downgrade
    • Birthday

    Overall explanation:

    • A spraying attack is a type of password attack that involves trying common passwords against multiple accounts, hoping to find a match.
    • A birthday attack is a type of cryptographic attack that involves finding two different inputs that produce the same output for a hashing algorithm.
    • A downgrade attack is a type of cryptographic attack that involves forcing a communication channel to use a weaker encryption algorithm or protocol, making it easier to decrypt or intercept. It doesn't entail multiple password attempts.
    • A brute force attack is a type of password attack that involves trying all possible combinations of characters until the correct password is found. The logs would show many log on attempts, but the passwords used are more likely to be sequential than to use common words and the attacker is more likely to focus on one computer rather than trying each password on all of the computers in the department.

    Tags: Password Attacks

Question 14

14. Which of the following BEST describes an example of a hardware supply chain vulnerability?

    Options:

    • Data transmitted over an unsecured network between the vendor's sales department and companies.
    • Use of outdated third-party software libraries that is not effectively secured.
    • Incorrect configurations in server security settings that are difficult to change.
    • Compromised firmware in a device that allows unauthorized remote access.

    Overall explanation:

    • Attackers can inject malicious code into a device's firmware during its manufacture or update, granting them unauthorized remote access.
    • Data transmitted over an unsecured network between the vendor's sales department and companies is more of a network vulnerability than a direct hardware one.
    • Use of outdated third-party software libraries that is not effectively secured relates to a software, not hardware, vulnerability wherein outdated components can be exploited.
    • While a concern, incorrect configurations in server security settings that are difficult to change is not specific to hardware supply chain vulnerabilities.

    Tags: Supply Chain Risks

Question 15

15. Which of the following mitigation techniques can help prevent users from making changes to the security features of devices by applying predefined security standards?

    Options:

    • Patching
    • Encryption
    • Least Privilege
    • Configuration enforcement

    Overall explanation:

    • Configuration enforcement is a mitigation technique that can help prevent unauthorized or improper changes that increase a system or device’s vulnerability to attack. By creating predefined security standards and policies, and enforcing them, configuration enforcement helps prevent the inadvertent or purposeful creation of vulnerabilities and security risks.
    • Least privilege is a mitigation technique that limits users to the level of access and privilege they need to do their work.  This can limit the extent of an attack by limiting the attacker’s access and privilege to those of the compromised user.  Least privilege involves applying predefined rules and permissions, such as roles, groups, and functions and enforcing the rules and permissions through mechanisms such as passwords, tokens, and biometrics.  It ensures that users don't have greater access than their job requires, but it doesn't enforce security settings.
    • Encryption is a technique that can help protect data from unauthorized access or modification by transforming it into an unreadable format. Encryption involves using mathematical algorithms and secret keys to encrypt and decrypt data, but it does not ensure that they comply with predefined security standards and policies. Patching is a mitigation technique that can help prevent exploitation of known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements.
    • Patching involves applying patches or updates to software and systems. It ensures that the software is the most secure version, but does not ensure that the settings comply with predefined security standards and policies.

    Tags: Secure Baselines

Question 16

16. Recently, Kelly Innovations LLC launched a new web application for its clients. Jake noticed that several users reported unexpected changes to their account settings even though they hadn't made any modifications. Emily, analyzing the logs, discovered that many of the affected users were previously on various unrelated external sites just before the unexpected changes occurred. The logs show a valid session cookie for each affected user, but there was no direct user action triggering the change. Which of the following BEST describes the attack that the users of Kelly Innovations LLC's web application might be experiencing?

    Options:

    • Cross-site request forgery
    • Session token prediction
    • Session hijacking
    • Unsecured network sniffing

    Overall explanation:

    • Cross-site request forgery (CSRF or XSRF) exploits applications that use cookies to authenticate users and track sessions. In this type of attack, a victim is tricked into performing unwanted actions on a web application in which they're authenticated, without the victim necessarily having to click a link. The attacker sends an HTTP request to the victim's browser, spoofing an action on the target site, such as changing account settings.
    • A session token prediction attack focuses on identifying potential weaknesses in the generation of session tokens. If an attacker can predict the session token, they can take over a session. This type of attack is more about guessing session values rather than inducing unintended changes on behalf of authenticated users.
    • Attackers can sniff network traffic to obtain session cookies sent over an unsecured network. This would lead to session hijacking, but it does not directly cause unintended changes on a user's account as described in the scenario.
    • Session hijacking involves taking over a user's session, typically by obtaining their session cookie. While it can result in unauthorized changes, it doesn't typically involve the victim being on an external site before the unexpected change.

    Tags: XSS and XSRF

Question 17

17. Which group is MOST likely to possess the funding and resources to recruit top talent, including skilled strategists, designers, coders, and hackers?

    Options:

    • Independent black hat hacker
    • Criminal syndicate
    • Open source developer community
    • Security researcher

    Overall explanation:

    • Large organized crime rings have the financial means to hire and maintain a team of skilled individuals for sophisticated cyber operations.
    • While skilled, these individuals operate on their own and may not have the substantial resources a larger organization might.
    • While a collective of talented coders and developers, their main intent is on collaborative software development and not cyber-attacks. Though they have deep knowledge in cybersecurity, they typically operate independently or within institutions, focusing on studying and mitigating threats.

    Tags: Threat Actors

Question 18

18. John, a network administrator at Dion Training Solutions, was analyzing traffic logs from the company's main server. He noticed a large number of ARP requests and responses between a workstation and the gateway in a short time frame. The workstation was trying to associate its MAC address with the IP address of the company's main server. Which of the following terms BEST describes this malicious activity observed by John?

    Options:

    • ARP spoofing
    • Port scanning
    • On-path attack
    • Packet sniffing

    Overall explanation:

    • An on-path attack, also known as a man-in-the-middle attack, occurs when an attacker intercepts communications between two parties to capture or manipulate the data. The high number of ARP requests suggests the attacker might be trying to reroute traffic to gain access to information.
    • ARP spoofing is a type of on-path attack, where the attacker sends falsified ARP messages to link their MAC address with an IP address of a legitimate device on the network.
    • Packet sniffing involves capturing packets of data as they traverse a network. While it can be a part of on-path attacks, it does not specifically involve the alteration of ARP messages.
    • Port scanning is an activity where an attacker probes a server for open ports to find potential vulnerabilities. It does not involve ARP requests or traffic interception.

    Tags: Layer 2 Attacks

Question 19

19. You are a database administrator for a large corporation that stores and processes huge amounts of data in on-site servers. You are shifting to cloud based data storage. Which of the following mitigation techniques is most important in dealing with the on-site servers?

    Options:

    • Configuration Enforcement
    • Segmentation
    • Monitoring
    • Decommissioning

    Overall explanation:

    • Decommissioning is a mitigation technique that can help reduce the risk of data breaches or theft by properly disposing of systems and devices that are no longer needed or used. Decommissioning involves following a set of procedures to erase or destroy any sensitive data stored on the systems and devices, and to physically dispose of them in a safe and environmentally friendly manner. The servers will have to be disposed of in a way that protects the data on them.
    • Configuration enforcement is a mitigation technique that can help prevent unauthorized or improper changes that increase a system or device’s vulnerability to attack. By creating predefined security standards and policies, and enforcing them, configuration enforcement helps prevent the inadvertent or purposeful creation of vulnerabilities and security risks. This will not help you protect the data on the old servers.
    • Segmentation is a mitigation technique that involves dividing a network into smaller segments.  Each has its own security policies and controls. Segmentation can limit the scope of an attack by preventing the attacker from gaining access to an entire network because it will help isolate the compromised segment. This technique is most helpful for networks that are active.  The servers should be decommissioned, not segmented.
    • Monitoring is a mitigation technique that can help detect and respond to potential threats or incidents on a network. By collecting and analyzing data about the activities and events on the network, security analysts can develop theories about the vulnerabilities and incidents that occur on the system. Monitoring involves using tools and techniques such as logs, alerts, and audits. Monitoring would need to be done if you don't decommission the servers, but decommissioning is the far better choice.

    Tags: Asset Disposal and Decommissioning

Question 20

20. Which of the following ports should be disabled or carefully monitored to prevent unauthorized Voice over IP (VoIP) signaling, which can be an avenue for toll fraud or unauthorized call control?

    Options:

    • Port 161
    • Port 5060
    • Port 110
    • Port 139

    Overall explanation:

    • Session Initiation Protocol (SIP), port 5060, is used for signaling in Voice over IP (VoIP) services. Unauthorized access to this port can result in toll fraud or unauthorized call control.
    • Simple Network Management Protocol (SNMP), port 161, is used for collecting and organizing information about managed devices, and it's unrelated to VoIP services.
    • Post Office Protocol (POP3), port 110, is used for retrieving emails from a mail server, unrelated to VoIP services.
    • NetBIOS, port 139, is used for file and print sharing over local networks, not for VoIP signaling.

    Tags: Session Initiation Protocol

Question 21

21. What is the primary difference between a service disruption and a blackmail motivation for threat actors?

    Options:

    • Type of attack
    • Impact on the victim
    • Reason for attack
    • Target of attack

    Overall explanation:

    • The primary difference between a service disruption and a blackmail motivation for threat actors is the impact on the victim.
      • A service disruption motivation drives a threat actor to reduce the availability or functionality of a system or network, such as launching denial-of-service attacks, defacing websites, or deleting files.
      • A blackmail motivation drives a threat actor to extort money or other benefits from the victim by threatening to expose or harm their data, reputation, or assets.
    • Target of attack is not the primary difference between a service disruption and a blackmail motivation for threat actors, as both can target individuals, organizations, or governments.
    • Type of attack is not the primary difference between a service disruption and a blackmail motivation for threat actors, as both can involve attacks, such as ransomware, distributed denial-of-service, or phishing.
    • Reason for attack is not the primary difference between a service disruption and a blackmail motivation for threat actors, as both can have reasons, such as attention, amusement, or financial gain.

    Tags: Threat Actor Motivations

Question 22

22. Who, among the following, operates without any prior permissions and may launch attacks from remote locations?

    Options:

    • Cybercriminal
    • External threat actor
    • Internal threat actor
    • Business partner

    Overall explanation:

    • External threat actors operate without any prior permissions or authorized access to the system and can launch their attacks from virtually anywhere.
    • An internal threat actor has been granted permissions or access within a system, such as an employee or contractor.
    • Business partners typically have authorized access due to collaborative efforts, making them internal threat actors. While a cybercriminal can be an external threat, this term doesn't specify their method or position relative to the target, making it broader than the specific "external threat actor" definition.

    Tags: Threat Actorss

Question 23

23. Which of the following attributes of actors refers to the amount of equipment that a threat actor has at their disposal?

    Options:

    • Level of sophistication/capability
    • Resources/funding
    • Internal/external
    • Motivations

    Overall explanation:

    • Resources/funding refers to the amount of money, equipment, or personnel that a threat actor has at their disposal. Actors with higher levels of resources/funding can launch attacks that are greater in scope and duration and will have a greater impact than actors with low levels of resources/funding.
    • Internal/external refers to whether the actor has access inside or outside of an organization’s network or physical perimeter. Internal/external often refers to the amount of access, visibility, and trustworthiness the actor has. Internal actors tend to have greater access, are less visible, and are trusted by the organization they are attacking.
    • Motivations refer to the goals, intentions, or reasons that a threat actor has for launching an attack. The motivations of an attack will influence the target and method actors choose and also influences the outcome of an attack.
    • Level of sophistication/capability refers to the amount of technical skills, knowledge, or experience that a threat actor has. Actors with higher levels of sophistication/capability can launch attacks that are more complex, stealthier, and effective than actors with lower levels of sophistication/capability.

    Tags: Threat Actors

Question 24

24. An attacker sends unsolicited text messages or contact details to a Bluetooth-enabled device without requiring any authentication. This activity is an example of:

    Options:

    • Device discovery
    • Bluejacking
    • BlueBorne exploit
    • Bluesnarfing

    Overall explanation:

    • Bluejacking refers to the act of sending unsolicited messages, such as texts or vCards, to Bluetooth-enabled devices. It is essentially a form of spam targeting Bluetooth devices, and can also be a vector for malware.
    • Device discovery is the mode where a Bluetooth device becomes discoverable and can be seen by other Bluetooth devices nearby. It doesn't specifically refer to unsolicited message sending.
    • Bluesnarfing involves exploiting vulnerabilities in Bluetooth to steal information from another user's device. It goes beyond just sending messages; it's about unauthorized data access.
    • The BlueBorne exploit is a specific vulnerability that can compromise any active and unpatched system, even if discovery is not enabled. While dangerous, it doesn't refer to the act of sending unsolicited messages.

    Tags: Bluetooth Vulnerabilities and Attacks

Question 25

25. Which of the following mitigation techniques involves using mathematical algorithms to transform data into an unreadable format?

    Options:

    • Segmentation
    • Isolation
    • Encryption
    • Patching

    Overall explanation:

    • Encryption is a technique that involves using mathematical algorithms to transform data into an unreadable format. Encryption can protect data from unauthorized access or modification, as only those who have the secret key or algorithm can decrypt the data.
    • Isolation is a mitigation technique that can help prevent malware from spreading from one system or process to another by limiting their interaction and communication. Isolation involves sandboxing or simply disconnecting an infected system. This prevents potentially malicious programs or scripts from accessing the rest of the system or network. It does not transform data into an unreadable format.
    • Segmentation is a mitigation technique that involves dividing a network into smaller segments.  Each has its own security policies and controls. Segmentation can limit the scope of an attack by preventing the attacker from gaining access to an entire network because it will help isolate the compromised segment. It does not transform data into an unreadable format.
    • Patching is a mitigation technique that can help prevent exploitation of known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements. Patching involves applying patches or updates to software and systems. It does not transform data into an unreadable format.

    Tags: Encryption Tools

Question 26

26. Which of the following components provides code that allows a host to boot to an operating system, and can enforce boot integrity checks?

    Options:

    • Trusted Platform Module (TPM)
    • Network Access Control (NAC) server
    • Hardware Root of Trust (RoT)
    • Unified Extensible Firmware Interface (UEFI)

    Overall explanation:

    • UEFI provides the code that allows a host system to boot an OS and can enforce various boot integrity checks.
    • While RoT can provide attestation and verify the signatures of boot metrics and OS files, it doesn't provide the code to boot the OS.
    • The NAC server checks the reports from systems attempting to join a network, ensuring their integrity. It doesn't facilitate booting the OS.
    • TPM enhances security with hardware-based cryptographic functions but doesn't directly allow a host to boot to an OS.

    Tags:

Question 27

27. An employee connects their smartphone to a seemingly legitimate peripheral device using Bluetooth. Unbeknownst to them, the peripheral device has been embedded with malicious firmware, allowing it to execute attacks. What kind of risk is associated with connecting to such devices?

    Options:

    • Bluesnarfing
    • Device discovery
    • Bluejacking
    • Risk from malicious peripheral devices

    Overall explanation:

    • Peripherals with malicious firmware can pose significant risks when connected. They have the potential to launch highly effective attacks. The crafting of such malicious peripherals requires extensive resources, making the risk less frequent but impactful.
    • Device discovery makes a Bluetooth device visible to others nearby. While it can increase the risk of unwanted connections, it doesn't involve the specific threat of malicious firmware in peripherals.
    • Bluejacking involves sending unsolicited messages to Bluetooth devices. It's a form of spam and doesn't refer to the risk of connecting to malicious devices.
    • Bluesnarfing is the act of exploiting Bluetooth vulnerabilities to gain unauthorized access to data on another person's device. It doesn't specifically refer to the risk of connecting to malicious peripherals.

    Tags: Bluetooth Vulnerabilities and Attacks

Question 28

28. You are chatting with your friend on Facebook Messenger. They send you a link to a funny video and ask you to watch it. You click on the link and it takes you to a website that looks like YouTube. However, the website then asks you to install a browser extension in order to play the video. You agree and install the extension. The extension then hijacks your browser and redirects you to malicious websites. What kind of threat vector was used for this attack?

    Options:

    • Short Message Service (SMS)
    • Instant messaging (IM)
    • File-based
    • Watering hole

    Overall explanation:

    • An IM threat vector uses online chat platforms to deliver malicious messages or files.
    • An SMS threat vector uses text messages to deliver malicious links or attachments to unsuspecting users.
    • A file-based threat vector uses corrupted or malicious files to infect systems or networks.
    • A watering hole threat vector uses compromised websites that are frequented by a specific target group to deliver malware or redirect traffic.

    Tags: Phishing Attacks

Question 29

29. You are a system administrator for a small business that uses several laptops and desktops for its daily operations. Recently, some of your employees' devices have been used to open ports on your servers. You suspect an attacker has done this. Although the employees have the ability to open ports as part of their jobs, the ports were opened when the employees were not at their computers. The open ports were used to exfiltrate data and your boss is not happy. Which of the following mitigation techniques can help you prevent this from happening again?

    Options:

    • Patching
    • Access control through Permissions
    • Host-based intrusion prevention system (HIPS)
    • Disabling Ports and Protocols

    Overall explanation:

    • Using a Host-based Intrusion Prevention System (HIPS) is a hardening technique that can help prevent attacks from occurring. It is software that is installed on a system or device to detect and prevent unauthorized actions like file modifications and registry changes. HIPS will be able to detect the intrusion of attackers and prevent changes to ports.
    • Disabling ports and protocols is a hardening technique that can help reduce exposure to potential attacks. This can be done on firewalls, switches, routers, and hosts to close or block any network ports or protocols that aren’t needed for the normal operation of the systems and devices. Ports are numerical identifiers that specify the destination or source of network traffic, and protocols are rules or standards that define how network traffic is formatted or transmitted. The issue isn't that ports aren't closed, it is that the ports were closed and then were opened by the attacker. Closing or disabling them will not prevent an attacker from opening them again.
    • Access control through permissions is a mitigation technique that can help prevent unauthorized execution of programs or scripts on a system or device. This is achieved by defining permissions through policies and applying those policies to resources such as programs, scripts, files, folders, and databases. Users without the correct permissions, can’t access the resources. In this case, the employees need to have permissions to open ports in order to do their jobs, so limiting their ability to open ports will prevent them from doing their jobs.
    • Patching is a mitigation technique that can help prevent exploitation of known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements. Patching involves applying patches or updates to software and systems. This will not prevent the attacker from gaining access to your employees' devices.

    Tags: ACLs, Hardening

Question 30

30. Which of the following motivations is common among Hacktivists?

    Options:

    • Service disruption
    • Political beliefs
    • Data exfiltration
    • Espionage

    Overall explanation:

    • Philosophical/political beliefs are motivations that drive a threat actor to conduct cyberattacks based on their moral principles or values, or their opinions or views on certain issues or causes. A hacktivist is motivated by philosophical/political beliefs, and usually target organizations or entities that they disagree with.
    • Service disruption is the act of interrupting or degrading the availability or performance of a system or network. A Hacktivist may conduct service disruption as part of their cyberattacks, but it is not their primary motivation. Their goal is to draw attention to actions they perceive as unethical and to promote their political and philosophical views.
    • Data exfiltration is the unauthorized transfer of data from a system or network to another location. A Hacktivist may conduct data exfiltration as part of their cyberattacks, but it is not their primary motivation. Their goal is to draw attention to actions they perceive as unethical and to promote their political and philosophical views.
    • Espionage is the act of obtaining secret or confidential information without the permission of the holder of the information. A Hacktivist is unlikely to conduct espionage, as it may violate the laws or ethics of their profession or organization. Their goal is to draw attention to actions they perceive as unethical and to promote their political and philosophical views.

    Tags: Hacktivists

Question 31

31. Which of the following is a social engineering technique where an attacker pretends to be someone else, often to gain unauthorized access to systems or information?

    Options:

    • Spoofing
    • Impersonation
    • Reconnaissance
    • Encryption

    Overall explanation:

    • Impersonation involves the attacker pretending to be someone else – such as an IT support agent, coworker, or another trusted individual – to gain trust, and thereby, unauthorized access or confidential information. This technique leverages the human tendency to trust familiar or authoritative figures.
    • Reconnaissance is the act of gathering preliminary information or intelligence on a target (usually a system or organization) before launching an attack. This is more about information gathering rather than deception.
    • Encryption is the method of converting data into a code to prevent unauthorized access. It's a security measure and not a form of social engineering or attack.
    • Spoofing is a broader technique where attackers masquerade as a trusted entity by falsifying data, such as altering email headers or IP addresses. It's more about faking the source than the identity itself.

    Tags: Impersonation

Question 32

32. Robert is setting up access for employees in his organization's new cloud infrastructure. He wants to ensure that even if an attacker steals a user's password, they shouldn't be able to access the system without additional verification. Which of the following controls is the BEST solution for Robert to implement?

    Options:

    • ACLs
    • Firewall
    • SIEM
    • MFA

    Overall explanation:

    • MFA (Multi-factor authentication) mandates users to present two or more verification methods before they can access a resource. This means even if a malicious actor acquires a user's password, they would still need another form of verification, like a token or biometric data, to gain access.
    • SIEM (Security Information and Event Management) platforms aggregate and analyze log and event data to identify and respond to security threats. While they can detect potential security incidents, they do not handle user access verification.
    • Firewalls filter and control traffic entering or leaving a network based on specific rules. They are not designed to authenticate users with multiple verification methods.
    • ACLs (Access control lists) determine which users or roles are allowed access to specific resources. They do not, however, provide multiple layers of verification before allowing access.

    Tags: Multifactor Authentication (MFA)

Question 33

33. Which of the following BEST describes the primary purpose of the Payment Card Industry Data Security Standard (PCI DSS)?

    Options:

    • To define the safe handling and storage of payment card information.
    • To ensure the safe transmission of personal identification numbers (PINs) to merchants.
    • To enforce the mandatory disclosure of all financial transactions to the public.
    • To regulate the financial interests and stock trading within the payment card industry.

    Overall explanation:

    • PCI DSS specifically addresses the protection of cardholder data. This includes the card number, expiry date, CVV, and other associated information. The standard provides guidelines to ensure that payment card information is stored, processed, and transmitted in a secure environment, reducing the risk of financial data breaches and fraudulent activities.
    • PCI DSS is about the protection of cardholder data. It does not mandate the public disclosure of all financial transactions.
    • While PCI DSS addresses the security of payment card data, PINs should never be transmitted to or handled by merchants, indicating that the standard's primary purpose is not the transmission of PINs.
    • PCI DSS is focused on the security of payment card information, not on regulating financial interests or stock trading activities within the industry.

    Tags: Standards

Question 34

34. Dion Training Solutions is deploying a new security system to monitor and detect malicious activities in real-time on their network. They want a device that can analyze network traffic without interfering or disrupting the flow. Which of the following would best meet this requirement?

    Options:

    • Load balancer
    • Proxy server
    • Network appliance sensor
    • VLAN

    Overall explanation:

    • Network appliance sensors passively monitors network traffic, looking for signs of malicious or anomalous activity. Because it operates in a "listen-only" mode, it won't disrupt regular network operations.
    • While a load balancer distributes incoming traffic to prevent server overloads, it does not provide detailed traffic analysis or threat detection functionalities.
    • Though a proxy server can act as an intermediary for network requests and might offer some security features, it doesn't passively monitor all network traffic for malicious activities in the same way a dedicated sensor does.
    • A VLAN (Virtual local area network) segments a network based on operational requirements, not necessarily security needs. It doesn't analyze traffic for signs of malicious activities.

    Tags: Network Appliances

Question 35

35. To enhance the privacy of its users, Kelly Innovations LLC is considering a system that can act as an intermediary for internet requests, hiding the origin of the request from the destination server. Which solution would BEST fit this purpose?

    Options:

    • Router
    • Jump server
    • Proxy server
    • Intrusion prevention system (IPS)

    Overall explanation:

    • A proxy server sits between a client and the destination server, forwarding requests and responses on behalf of the client. By doing this, it can effectively mask the client's IP address, providing a level of privacy and anonymity.
    • Routers forward data packets between computer networks and direct traffic on the internet. Though they can be configured for certain security tasks, they don't inherently mask the origin of internet requests like a proxy server does.
    • While an IPS monitors and blocks malicious traffic, it does not act as an intermediary for general internet requests or mask the origin of those requests.
    • A jump server facilitates administrative access to an environment but isn't designed to forward and mask internet requests from clients to destination servers.

    Tags: Network Appliances

Question 36

36. Which of the following practices involves considering future infrastructure needs to ensure that systems can accommodate expected workloads without compromising performance or availability?

    Options:

    • System hardening
    • Technology forecasting
    • Patch management
    • Disaster recovery planning

    Overall explanation:

    • This practice focuses on predicting the future needs of technology infrastructure. By understanding growth trends and user demands, organizations can proactively scale and adapt their systems to meet the rising challenges without sacrificing performance.
    • System hardening emphasizes enhancing the security of systems by reducing vulnerabilities and potential attack vectors. While it is crucial for maintaining the integrity and confidentiality of data, it doesn't directly address scalability.
    • While vital for ensuring system continuity after adverse events, disaster recovery planning primarily revolves around data restoration and system failover rather than accommodating future workload increases.
    • Patch management is the process of applying updates to software and systems. These updates often fix security vulnerabilities or enhance performance but do not directly forecast infrastructure growth needs.

    Tags:

Question 37

37. What technique uses "dummy" data as substitute for sensitive data in test environments?

    Options:

    • Hashing
    • Encryption
    • Masking
    • Segmentation

    Overall explanation:

    • Masking uses dummy data, or obfuscates original data, to protect sensitive data, especially in non-production environments.
    • Hashing transforms data into a string of fixed length, it doesn't use substitute dummy data.
    • Encryption involves converting data into a code to prevent unauthorized access, but does not substitute dummy data.
    • Segmentation refers to dividing a network into smaller parts to control traffic and enhance security; it does not involve the substitution of data.

    Tags: Obfuscation

Question 38

38. In a scenario where the company wants to provide network administrators with a read-only copy of network traffic for analysis without disturbing the actual data flow, which device attribute would be MOST applicable?

    Options:

    • Fail-close
    • Tap/monitor
    • Remote access
    • Inline

    Overall explanation:

    • The tap/monitor device attribute enables read-only access to a copy of network traffic for analysis. It is passive, so it won't disrupt the live data flow, making it the best fit for this scenario.
    • Inline is an operational mode for network devices that will block malicious traffic, so it will disrupt the data flow. It is the opposite of what the company wants
    • Fail-close refers to what happens when a network encounters errors and exceptions. Fail-close means that when errors occur or exceptions are encountered, the system denies further access. This prevents any further network traffic until the error or exception are dealt with. While this provides greater security, it means that a website can’t be accessed even if the error encountered is minor or doesn’t pose a security threat. This is the opposite of what the company wants
    • Remote access enables users to connect to a network or a device remotely, but it doesn't primarily provide read-only access to network traffic for analysis without disturbing live data flow.

    Tags: Network Appliances

Question 39

39. When combining cloud providers and on-premises servers, which of the following considerations is essential for seamless operation between these environments?

    Options:

    • Resource scaling
    • Multi-factor authentication
    • Data synchronization and consistency
    • Network connectivity and integration

    Overall explanation:

    • When integrating cloud provider services with on-premises servers, it becomes imperative to ensure effective communication between the two, known as network connectivity and integration. Consider it akin to a collaborative project; if team members in different locations cannot interact efficiently, complications arise. Similarly, for systems and servers, robust communication is essential for sharing data and resources, ensuring seamless operation.
    • Multi-factor authentication is more about securing access and doesn’t directly tackle the integration of diverse environments.
    • Data synchronization and consistency is crucial for maintaining uniform data across environments but doesn’t directly address the operational integration between cloud providers and on-premises servers.
    • Resource scaling is important for managing different workloads but isn’t the key to integrating different computing environments seamlessly.

    Tags: Cloud Security

Question 40

40. Kelly Innovations decides to manage its IT infrastructure within its physical location, retaining full control over its hardware, software, and data. Which of the following security implications is MOST directly associated with this approach?

    Options:

    • Dependence on external patch availability.
    • Multi-tenancy risks.
    • Increased responsibility for physical security.
    • Risk transference to third-party vendors.

    Overall explanation:

    • With on-premise infrastructure, organizations must ensure the physical safety of servers and other equipment against theft, tampering, and disasters.
    • On-premise infrastructure typically allows for more control over when and how patches are applied, rather than being dependent on third-party vendors.
    • Multi-tenancy is a concern in shared cloud environments where resources are shared among different clients, not in on-premise setups.
    • Risk transference to third-party vendors is more relevant to cloud-based services where responsibilities are often shared between the provider and the customer.

    Tags: On-premise versus the Cloud

Question 41

41. Kelly Innovations LLC is looking to secure their web applications against various threats like cross-site scripting and SQL injection attacks. They also want to monitor and log HTTP/HTTPS traffic for malicious patterns. Given the requirement and the specific protocols mentioned, which of the following would be the MOST suitable solution?

    Options:

    • Proxy server on port 8080
    • UTM
    • WAF
    • EAP

    Overall explanation:

    • A WAF (Web application firewall) protects web applications by monitoring, filtering, and blocking HTTP/HTTPS traffic that can exploit any vulnerabilities in the application. Typically, it operates on Layer 7 (Application Layer) of the OSI model and can specifically defend against common web-based threats.
    • While a proxy server can act as an intermediary for network requests and offers some level of security by obscuring the true network addresses, it is not inherently designed to defend against specific web application threats like a WAF.
    • The mention of port 8080, a common alternate port for HTTP, might make it seem relevant but doesn't specifically cater to the requirement described.
    • EAP (Extensible authentication protocol) is an authentication framework, not a specific protocol. While EAP offers several methods and supports authentication for wireless networks and point-to-point connections, it doesn't specifically filter or block malicious HTTP/HTTPS traffic targeting web application vulnerabilities.
    • A UTM (Unified threat management) is an all-in-one security solution that can include a WAF, but it also comprises other functionalities like anti-virus, anti-spam, VPN, and more. While a UTM can indeed monitor HTTP/HTTPS traffic, choosing a specific WAF might be more tailored to the described requirement.

    Tags: Firewalls for Security

Question 42

42. To ensure compliance with international data protection laws and safeguard clients' confidential legal details, which of the following strategies would be BEST for a multinational law firm to adopt?

    Options:

    • Utilization of end-to-end encrypted email platforms
    • Obtaining a ISO 27001 Certification
    • Adoption of local server storage systems
    • Implementation of GDPR-compliant data handling practices

    Overall explanation:

    • Implementation of GDPR-compliant data handling practices ensures adherence to the European Union's privacy standards and respects client data rights.
    • Adoption of local server storage systems allows in-house storage of data but lacks robust international data protection mechanisms.
    • Utilization of end-to-end encrypted email platforms provides secure email communication but lacks a comprehensive approach to data handling compliance.
    • ISO 27001 Certification is an international standard for information security management but doesn't address GDPR specific requirements.

    Tags: Data Sovereignty

Question 43

43. Which statement BEST describes the significance of safeguarding legal information in an organization?

    Options:

    • All employees of an organization should access legal data to offer complete transparency.
    • If legal data leaks it can result in legal liabilities and harm an organization's reputation.
    • Like all other data, legal data is important to organizations and businesses.
    • Legal information is vital during courtroom trials so it must be protected while the trial is occurring.

    Overall explanation:

    • Unauthorized exposure of legal documents can lead to breaches of confidentiality and damage the organization's public image.
    • Unlimited employee access can lead to internal data leaks or misuse.
    • Legal data is crucial for many situations, even outside court disputes.
    • Legal information is not like all other data.  It often has confidentiality clauses that need strict protection.

    Tags: Data Sovereignty

Question 44

44. Dwayne has told his friends to always turn off geolocation on their devices. What BEST explains why he would suggest his friends turn off geolocation data in applications?

    Options:

    • Having geolocation data tracked can drain the device's battery.
    • The data can be used to show what applications a person uses most often.
    • The data can be used to tracking a person's movements.
    • Data is collected and use to improve the computational efficiency of algorithms.

    Overall explanation:

    • Geolocation data is information that can identify the physical location of a device and, by extension, its user. When collected, stored, and analyzed without proper consent or transparency, it can infringe upon an individual's privacy. Users might not be aware of how frequently their location is being tracked, who has access to this data, and for what purposes it might be used, leading to potential misuse and violation of personal privacy.
    • Geolocation data can be used to personalize content or services based on location, but it does not inherently improve the computational efficiency of algorithms. While geolocation data can have implications for connectivity (such as content delivery based on location), it is not directly related to the speed of data transfers.
    • Geolocation data is about determining physical location. It doesn't have a direct influence on the graphic or visual quality of an application.

    Tags: Data Types

Question 45

45. Which of the following solutions should a data center implement to guarantee customer data remains unreadable in the event of a physical server compromise?

    Options:

    • Redundant Array of Independent Disks
    • Server Clustering
    • Full disk encryption
    • Data Deduplication

    Overall explanation:

    • Full disk encryption (FDE) ensures that all data stored on a physical disk is encrypted, making it unreadable without the proper decryption key. This is the ideal solution for protecting data in the event of physical server theft or compromise, as the data remains unreadable without the decryption key.
    • Server clustering is a technique used to provide system continuity by distributing workloads across multiple servers. This ensures availability and fault tolerance but does not specifically secure data against unauthorized access on compromised physical servers.
    • Data deduplication is a method of reducing storage needs by eliminating duplicate data. Each unique chunk of data is saved only once, with subsequent duplicates just referenced back to the unique chunk. Deduplication does not provide encryption or protection against data readability.
    • RAID is a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units. While it provides data redundancy and performance benefits, RAID itself does not offer encryption or protection against unauthorized data access on compromised servers.

    Tags: Encryption Tools

Question 46

46. When considering data storage, which of the following BEST describes a method to capture the state of a system at a specific point in time, offering a quick recovery solution without the need for a full backup?

    Options:

    • Full backups
    • Differential backups
    • Snapshots
    • Incremental backups

    Overall explanation:

    • Differential backups store all changes made since the last full backup.
    • Full backups involve backing up the entire system data, regardless of changes made.
    • Snapshots capture the state of a system at a particular instant without copying the entire data, enabling quick recovery points.
    • Incremental backups record only the changes since the last backup, whether it was a full backup or an incremental backup.

    Tags: Data Backups

Question 47

47. Dion Training is looking to enhance the security of their enterprise infrastructure by detecting and analyzing malicious activity on their network in real-time. They need a solution that can monitor traffic, identify suspicious patterns, and send alerts for immediate action. Which of the following would be the MOST appropriate solution to apply in this scenario?

    Options:

    • VPNs
    • Network sensors
    • IPSs
    • Firewalls

    Overall explanation:

    • Network sensors actively monitor and analyze network traffic for suspicious activity and anomalies, making them a crucial tool for Dion Training to detect potential threats in real-time and secure their infrastructure effectively.
    • While firewalls are essential for controlling incoming and outgoing network traffic based on an organization’s previously established security policies, they are not specialized in analyzing traffic patterns for malicious activity.
    • Intrusion Prevention Systems do analyze network traffic to prevent vulnerability exploitation, but they are more focused on preventing known threats rather than real-time analysis and detection of new, unknown threats.
    • VPNs are primarily used to create a secure connection to another network over the Internet, ensuring secure communication, but they do not actively monitor and analyze network traffic for threats.

    Tags: IPS

Question 48

48. Which of the following statements is NOT true about the Dark Web?

    Options:

    • All content available on the Dark Web is illegal and harmful.
    • The Dark Web often serves as a marketplace for illicit activities due to its anonymity
    • Specialized software, such as Tor, is typically required to access the Dark Web.
    • The Dark Web is part of the Deep Web that is intentionally hidden and is inaccessible through standard web browsers.

    Overall explanation:

    • While the Dark Web does contain a lot of illegal activity and content, it isn't accurate to claim that all content on the Dark Web is illegal or harmful.
    • The Dark Web also hosts legal and innocuous content. The Dark Web is a subset of the Deep Web, intentionally hidden and usually inaccessible through standard web browsers.
    • Specialized software like Tor is typically required to access the Dark Web, providing anonymity to its users.
    • The Dark Web is often associated with illicit activities due to the anonymity it can offer to its users.

    Tags: Threat Intelligence Feeds

Question 49

49. Jamario, a security analyst at Dion Training Solutions, is configuring a new network architecture. He’s considering using a screened subnet to enhance security. How does a screened subnet MOST enhance network security when implemented with a firewall?

    Options:

    • It automatically updates firewall rules.
    • It compresses traffic to speed up the network.
    • It creates an isolated zone.
    • It encrypts all data between the internal and external networks.

    Overall explanation:

    • A screened subnet, often referred to as a DMZ (Demilitarized Zone), acts as a buffer between the untrusted external network (like the Internet) and the trusted internal network. By doing so, it prevents direct access to internal resources, adding an extra layer of security.
    • While encryption is crucial for data security, a screened subnet itself doesn't encrypt data. Its primary purpose is to segregate network zones.
    • A screened subnet doesn't auto-update firewall rules. Firewall configurations and updates are managed separately.
    • Screened subnets are not designed for traffic compression. Their role is to enhance security by creating a separate network zone.

    Tags: Infrastructure Considerations

Question 50

50. Which of the following statements BEST explains the importance of security groups within a system or network?

    Options:

    • Security groups allow for centralized management of user access and permissions.
    • Security groups automatically create encrypted backups of sensitive data to protect against data breaches.
    • Security groups facilitate the integration of security tools and systems for a unified defense strategy.
    • Security groups automate software deployments and updates across an organization's network.

    Overall explanation:

    • Security groups play a vital role in centralized management of user access and permissions. By grouping users with similar roles or access requirements, security administrators can efficiently assign permissions and access controls to these groups rather than individually managing each user account. This simplifies the administration process and ensures that users have the appropriate level of access, reducing the risk of unauthorized access and enhancing overall security.
    • While security groups can be part of an integrated security strategy, their primary purpose is not about facilitating integration between security tools but rather managing user access and permissions.
    • Security groups are more focused on managing user access and permissions rather than automating software deployment. Automated data backups are essential for data protection but that is not the primary purpose of security groups.
    • Security groups are concerned with managing user access and permissions, not automatically creating encrypted backups of data.

    Tags: Group Policies

Question 51

51. Mary, a network administrator at Dion Training, is discussing with Enrique ways to harden the company's mobile devices. Which technique would be the MOST effective for them to implement first?

    Options:

    • Recommend users to use strong WiFi passwords.
    • Enforce screen lock after inactivity.
    • Enforce full device encryption.
    • Enable Bluetooth discoverable mode.

    Overall explanation:

    • Encrypting the entire device ensures that the data remains inaccessible even if the physical device is compromised. This is paramount for data protection.
    • A screen lock is essential to prevent unauthorized access, but a determined attacker could still extract data from the device directly.
    • Enable Bluetooth discoverable mode makes pairing easier but increases vulnerability by allowing unsolicited connections. It doesn't contribute to overall security as much as the other answer options.
    • Strong WiFi passwords protect against unauthorized network access but don't safeguard the device's stored data.

    Tags: Hardening

Question 52

52. A company's access control mechanism determines access to resources based on users' job functions. The system enforces access control based on these predefined responsibilities, and users do not have the discretion to modify or override access permissions. Which type of access control mechanism is being used in this scenario?

    Options:

    • Role-Based
    • Rule-based
    • Discretionary
    • Attribute-Based

    Overall explanation:

    • In the scenario described, the access control mechanism used in the medium-sized company is "Role-Based access control" (RBAC). In an RBAC system, access to resources is determined based on the roles or job functions of users. Users are assigned specific roles, and access permissions are associated with those roles. The system enforces access control based on these predefined roles, providing a structured and organized way to manage access.
    • "Attribute-Based access control" (ABAC) dynamically evaluates various user attributes, such as job role, department, location, and time of access, to determine access rights to specific resources. While the scenario mentions access control based on job roles, it does not mention the dynamic evaluation of multiple attributes for access decisions, which is characteristic of ABAC.
    • "Discretionary access control" (DAC) allows individual users to have discretion or control over the access permissions of their resources. In a DAC system, owners of resources can determine who has access and what level of access they are granted based on their own judgment. The scenario does not describe users having this level of discretion over access rights; instead, access control is determined based on job functions.
    • "Rule-based access control" is a broad term that can encompass various access control mechanisms. While the scenario mentions the enforcement of access control based on predefined roles, access is given based on the job functions of users.

    Tags: Access Control Models

Question 53

53. Dion Training Solutions recently experienced a cyberattack that resulted in significant data loss and financial implications. In an effort to protect against future financial consequences, the company decides to explore measures that could help mitigate these risks. Which action is Dion Training Solutions likely to take?

    Options:

    • Purchase cyber liability insurance
    • Encrypt data-at-rest and data-in-transit
    • Migrate to a more secure cloud platform
    • Implement intrusion detection systems (IDS)

    Overall explanation:

    • Cyber liability insurance is designed to offset costs involved with recovering from a cyber breach or similar events. This will financially safeguard Dion Training Solutions against potential repercussions of future cyber incidents.
    • Migration might enhance security, but it doesn't shield the company from the financial implications of a cyberattack.
    • While IDS can alert and help prevent unauthorized access, it does not provide financial protection against the consequences of cyberattacks.
    • While encryption can secure data and prevent unauthorized access, it doesn't offer financial coverage against cyber breaches.

    Tags: Vulnerability Response and Remediations

Question 54

54. Which of the following statements represents the correct order of steps in the incident response process?

    Options:

    • Containment, Preparation, Detection, Eradication, Recovery
    • Preparation, Detection, Eradication, Containment, Recovery
    • Detection, Eradication, Containment, Preparation, Recovery
    • Preparation, Detection, Containment, Eradication, Recovery

    Overall explanation:

    • Preparation begins the process by creating an efficient incident management plan.
    • Detection is identifying potential security incidents.
    • Containment prevents the spread of the incident.
    • Eradication eliminates the cause of the incident.
    • Finally, recovery restores the systems back to their normal state.
    • This process starts with preparation. A well-structured incident response process begins by formulating an effective plan, not by containing an incident.
    • Eradication should be after containment, not before.
    • Detection should not be the initial step.

    Tags: Incident Response Process

Question 55

55. As a security analyst, you are investigating a suspicious file activity incident. While examining metadata associated with different files, which of the following pieces of information is NOT typically presented in metadata?

    Options:

    • File size
    • Date and time of last modification
    • File's creator
    • The file extension of the file

    Overall explanation:

    • Metadata does NOT normally include the file's extension.
    • The name of the user who created the file is often included as part of the file's metadata. This is crucial information during an investigation of unauthorized file access or alteration.
    • Date and time of last modification is an integral part of metadata. This can help establish timelines of activity and identify any unexpected changes, which is crucial during an investigation.
    • File size is a common piece of metadata. This could potentially be useful in an investigation if, for example, a file's size significantly changes without a clear reason.

    Tags: Metadata

Question 56

56. Which of the following refers to standardized guidelines that provide best practices for securing various technologies and platforms?

    Options:

    • Benchmarks by the Center for Internet Security.
    • PCI DSS payment processing procedures.
    • CIS-RAM evaluation tool.
    • Tombstone policy for quarantined files.

    Overall explanation:

    • CIS offers benchmarks for a plethora of aspects in cybersecurity, ranging from compliance with IT frameworks to specific product-focused benchmarks, guiding entities in securing their environments.
    • The CIS-RAM is a tool for assessing security posture and does not offer detailed guidelines for securing technologies, unlike the benchmarks.
    • A tombstone policy replaces quarantined files with a placeholder but is not a standardized guideline for broader cybersecurity practices.
    • While PCI DSS is a standard for payment card industry data security, it's not a broad guideline for multiple technologies and platforms like the benchmarks from CIS.

    Tags:

Question 57

57. Shels is a start up company. They don't have a big budget for devices. As a benefit of the job, they offer employees the option of using the computers and the phones that the employees already own.  This prevents Shels from having to spend money on computers and phones and the employees will get to use devices they like. Which of the following deployment models is Shels using?

    Options:

    • COPE
    • COBE
    • BYOD
    • CYOD

    Overall explanation:

    • BYOD stands for Bring Your Own Device, which is a deployment model that allows employees to use their personal devices, such as laptops, smartphones, or tablets, to access the company’s network and applications. This model can reduce the costs and risks associated with managing and securing these devices, as the responsibility is shifted to the employees. However, BYOD also introduces some challenges, such as ensuring compliance with security policies, protecting sensitive data, and supporting different types of devices and operating systems.
    • COBE stands for Corporate Owned Business Only, which is a deployment model that involves the company providing devices to its employees and restricting them to work-related use only. This model can ensure the highest level of security and compliance for these devices, but it also reduces the productivity and satisfaction of the employees, as they have to carry multiple devices for different purposes.
    • CYOD stands for Choose Your Own Device, which is a deployment model that allows employees to choose from a list of approved devices provided by the company. This model can offer some flexibility and convenience to the employees, while also enabling the company to enforce security standards and policies on these devices. However, this model can also limit the choices and preferences of the employees, as well as increase the costs and risks associated with procuring and supporting these devices.
    • COPE stands for Corporate Owned Personally Enabled, which is a deployment model that involves the company providing devices to its employees and allowing them to use them for both work and personal purposes. This model can give the company more control over the security and management of these devices, but it also increases the costs and risks associated with owning and maintaining them.

    Tags: Mobile Asset Deployments

Question 58

58. Which of the following technologies would be primarily utilized to detect unauthorized changes or potential breaches in computer hardware components, operating systems, and core services supporting applications?

    Options:

    • Network intrusion detection system (NIDS)
    • Security information and event management (SIEM)
    • Host-based intrusion detection system (HIDS)
    • Web application firewall (WAF)

    Overall explanation:

    • HIDS monitors and analyzes the internals of a computing system, looking for unauthorized activity or policy violations, making it apt for systems monitoring.
    • NIDS monitors and analyzes traffic on a network, focusing on the infrastructure, not the internals of a specific computing system.
    • WAFs are specifically designed to monitor HTTP traffic to and from web applications, making them ideal for application-based security, not necessarily system-level monitoring.
    • SIEM aggregates log data from various sources and uses this data for alerting, but it doesn't strictly focus on the internals of a computing system.

    Tags: IDS and IPS

Question 59

59. When evaluating a new security tool for automation and orchestration in the organization's infrastructure, which factor primarily addresses the potential financial impact over the tool's lifecycle?

    Options:

    • CAPEX
    • ROI
    • Operational Efficiency
    • TCO

    Overall explanation:

    • The TCO (Total Cost of Ownership) not only includes the initial purchase price of the tool but also the ongoing expenses related to maintenance, updates, and other associated costs over its lifecycle.
    • Operational Efficiency refers to the effectiveness and productivity of operations but doesn't directly address the financial impact of a tool over its lifecycle.
    • While ROI (Return on Investment) evaluates the profitability or benefit of a particular investment, it doesn't primarily focus on the entire financial impact over a tool's lifecycle.
    • CAPEX (Capital Expenditure) pertains to the initial costs to purchase the asset or tool, not the ongoing or total costs throughout its lifecycle.

    Tags: Automation and Orchestration

Question 60

60. Which term refers to the collection of publicly available information used to inform about an individual, organization, or application, often aiding in vulnerability assessments or security research?

    Options:

    • Proprietary/third-party
    • OSINT
    • Information-sharing organization
    • Dark web

    Overall explanation:

    • OSINT (Open-source intelligence) leverages publicly available data sources to gather intelligence on targets, providing valuable insights without breaching any laws.
    • The dark web is a part of the internet that isn't indexed by traditional search engines, often associated with illicit activities and hidden services.
    • Proprietary/third-party information is sourced from private or commercial databases, often available to paying subscribers or specific organizations.
    • Information-sharing organization are entities that facilitate the sharing of threat and vulnerability information among different organizations.

    Tags: Threat Intelligence Feeds

Question 61

61. Why might an organization be particularly concerned about introducing automation tools that become single points of failure during secure operations?

    Options:

    • Potential gaps in maintaining data integrity.
    • Challenges in upholding data confidentiality.
    • Issues related to system scalability and slow authentication.
    • Compromised availability leading to operational disruptions.

    Overall explanation:

    • A single point of failure can jeopardize the entire system's uptime, introducing potential security risks and halting processes.
    • Upholding data confidentiality is a primary security concern, but it isn't directly related to the risks of single points of failure.
    • Data integrity ensures data remains accurate and consistent over its lifecycle, but it doesn't directly link to concerns of single points of failure.
    • Scalability ensures systems can handle growth, but it isn't focused on the immediate availability risks associated with single points of failure.

    Tags: Availability

Question 62

62. Which of the following is MOST crucial when determining the ongoing supportability of a newly introduced security automation tool in the organization's environment?

    Options:

    • Vendor's market presence
    • Tool popularity in the market
    • Availability of skilled personnel
    • Integration capabilities

    Overall explanation:

    • Having team members with the necessary expertise to manage, troubleshoot, and update the tool is vital to ensure its ongoing supportability and secure operations.
    • A vendor's market status might provide insights into the tool's reliability, but it doesn't directly address the tool's supportability.
    • Although integration capabilities can enhance the functionality of a tool, they don't primarily address the tool's ongoing support considerations. While a tool's market popularity might hint at its effectiveness, it doesn't directly ensure the tool's ongoing supportability in a specific organizational environment.

    Tags: Automation and Orchestration

Question 63

63. Which of the following statements is NOT true regarding the security implications in the procurement process?

    Options:

    • Vendor reputation and capabilities should be thoroughly evaluated to ensure they meet the necessary security standards.
    • Once a vendor is selected for procurement, there is no ongoing need to periodically re-evaluate their suitability.
    • The procurement process must consider compatibility with existing infrastructure to maintain a similar level of security across all assets.
    • Procurement contracts should include clauses delineating liability if assets provided by vendors lead to a security breach.

    Overall explanation:

    • Vendors should be continually evaluated for suitability, even after initial selection. As an organization's security requirements change, or if there are alterations in the vendor's business practices, re-evaluation is critical to verify whether the vendor remains the best choice for the company’s needs.
    • Evaluating vendor reputation and capabilities is an integral part of the procurement process to ensure the selected vendor can meet the necessary security standards.
    • Compatibility with existing infrastructure is considered during the procurement process to ensure all assets maintain a consistent level of security.
    • Contracts should include clauses to cover any eventualities related to security breaches caused by assets provided by the vendor.

    Tags: Acquisition and Procurement

Question 64

64. Samantha, the IT head at PrimeTech Corp., recently conducted a security audit and found out that many employees use the password "Prime2023" for their official accounts. Concerned about the security implications, Samantha wants to improve the strength of passwords against potential attacks. What would be the MOST effective method to enhance the security of such passwords?

    Options:

    • Advise employees to use longer passwords.
    • Ask employees to change passwords monthly.
    • Implement a captcha on the login page.
    • Switch to a different hashing algorithm for storing passwords.

    Overall explanation:

    • A longer password with a mix of uppercase, lowercase, numbers, and symbols significantly improves security by increasing potential combinations.
    • While using a strong hashing algorithm is important, it doesn't guarantee the strength of the actual passwords used by employees.
    • While captchas can deter bots, they don't address the core issue of users choosing weak passwords.
    • While regular changes can help, without guidelines on password strength, users might still choose weak passwords.

    Tags: Password Security

Question 65

65. On completion of orientation, Reed, HR Manager at Kelly Innovations, LLC, gives Susan a company laptop. Who is primarily responsible for the laptop's security?

    Options:

    • Susan
    • Reed
    • Kelly Innovations, LLC
    • The Kelly Innovations, LLC security department

    Overall explanation:

    • Although the company owns the laptop, Susan is responsible for its security while in her possession.
    • The IT department ensures overall system security, but individual users are responsible for the assets they're given.
    • Kelly Innovations, LLC formulates policies, but it's up to users to adhere to them.
    • Managers, such as Reed, oversee teams and workflows, but the direct security of an asset falls on the user.

    Tags: Governance, Asset and Change Management

Question 66

66. A company allows its employees to use their personal mobile devices for work-related tasks, such as accessing company email and sensitive documents. The IT department is concerned about the security risks to company data when these devices are lost. Which of the following aspects of an MDM will address this concern effectively?

    Options:

    • Enabling remote wiping of devices
    • Requiring employees to use strong passwords for their personal email accounts
    • Enforcing full device encryption on all employee mobile devices
    • Installing anti-virus software on the company's network servers

    Overall explanation:

    • Enabling the MDM's ability to conduct a remote wipe of the device is the best solution to the issue of a lost or stolen device.
    • Although full encryption may slow down a determined thief who has access to the device, it will not guarantee that the data is not decrypted. A remote wipe of the data will restore the device to factory settings and prevent the data from being accessed. It is the best MDM feature to protect the data if the device is lost.
    • Requiring employees to use strong passwords for their personal email accounts is a good practice for improving security. However, given time, even a strong password can be cracked. This measure focuses on the security of personal email accounts, but it does not ensure the protection of work-related data and access on the devices.
    • Enforcing full device encryption on all employee mobile devices is a critical security technique for mobile device management. Encryption protects data stored on the devices, making it unreadable without the proper decryption key. In a scenario if someone finds the device and is determined to crack the password, they will be able to decrypt the data.
    • While installing anti-virus software on network servers is essential for protecting against malware and other threats, it is not directly related to mobile device management. This option focuses on server protection rather than addressing the security concerns related to personal mobile devices used for work.

    Tags: MDM

Question 67

67. Which standardized metric is widely used in the cybersecurity industry to score the severity of discovered vulnerabilities based on factors like exploitability, impact, and attack vector?

    Options:

    • CVE
    • CVSS
    • OSINT
    • Package monitoring

    Overall explanation:

    • CVSS (Common Vulnerability Scoring System) is an industry-standard metric for rating the severity of security vulnerabilities. Its scores help organizations determine the urgency and potential impact of each vulnerability, guiding remediation efforts.
    • Package monitoring involves keeping track of software packages to ensure they're secure and updated. It's crucial for maintaining a vulnerability-free environment but doesn't score vulnerabilities.
    • CVE (Common Vulnerability Enumeration) provides a reference method for publicly disclosed vulnerabilities and exposures, offering a consistent naming convention but not a severity rating.
    • OSINT (Open-source intelligence) leverages publicly available sources to gather information. While essential for gathering intelligence, it doesn't provide a standardized vulnerability score.

    Tags: Vulnerability Scans, Security Content Automation and Protocol (SCAP)

Question 68

68. Kelly Financial Services has been experiencing unauthorized access to its databases during non-business hours. They want to implement a control that only allows access to critical systems between 8:00 AM to 6:00 PM, Monday to Friday, to reduce the chances of unauthorized or malicious activity. Which of the following security measures can BEST address this concern?

    Options:

    • Implementing time-of-day restrictions
    • Mandating multifactor authentication
    • Implementing data masking protocols
    • Intrusion detection system (IDS)

    Overall explanation:

    • Implementing time-of-day restrictions ensures that access to systems or resources is only available during specified times, mitigating risks associated with unauthorized access attempts during off-hours.
    • Implementing data masking protocols protects sensitive data by replacing, encrypting, or scrambling original data to protect it from unauthorized access.
    • An IDS monitors and analyzes network traffic for signs of malicious activity or policy violations.
    • Mandating multifactor authentication requires two or more verification methods - something you know, something you have, or something you are.

    Tags: Access Control Models

Question 69

69. Reed, a cybersecurity specialist at Dion Training Solutions, is optimizing the company's IPS. He notes that while signature-based detection is highly effective against known threats, it has some limitations. Which of the following BEST describes a limitation of signature-based detection in an IPS?

    Options:

    • It requires substantial network bandwidth to operate.
    • It encrypts network traffic to hide malicious signatures.
    • It might not detect zero-day exploits.
    • It automatically updates with behavioral patterns of users.

    Overall explanation:

    • Signature-based detection relies on a database of known threat patterns. Therefore, it might not recognize or stop new threats or zero-day exploits because their signatures aren't in the database yet.
    • Automatically updating with behavioral patterns of users describes behavior-based or heuristic detection, not signature-based detection. Signature-based detection relies on predefined patterns of known threats.
    • Signature-based detection doesn't encrypt traffic. Instead, it matches traffic patterns against known threat signatures.
    • While an IPS does process traffic, the bandwidth consumption is not a direct limitation of signature-based detection. The bandwidth concern is more about the throughput of the IPS device itself.

    Tags: Zero-day Vulnerabilities

Question 70

70. Which of the following terms refers to an initiative where organizations incentivize external individuals or researchers to discover and report potential vulnerabilities in their software or systems, often with monetary rewards or recognition for valid findings?

    Options:

    • Vulnerability scanning
    • Dynamic analysis
    • Bug bounty program
    • Information-sharing organization

    Overall explanation:

    • A bug bounty program is an initiative where organizations offer rewards, often financial, to individuals who identify and responsibly disclose security vulnerabilities in their software or systems.
    • Dynamic analysis involves evaluating software during its runtime to uncover vulnerabilities that might not be apparent when the software is not running.
    • Vulnerability scanning are automated tools are used to probe systems and networks for known vulnerabilities, providing an assessment of potential security risks.
    • Information-sharing organizations are entities that enable groups to share data about threats and vulnerabilities, enhancing collective defense against cyber risks.

    Tags: Bug Bounty

Question 71

71. Why are CVE identifiers important for cybersecurity professionals?

    Options:

    • They assign severity scores to vulnerabilities.
    • They offer a standardized way to share vulnerability data.
    • They provide mitigation techniques for vulnerabilities.
    • They track software versions and updates.

    Overall explanation:

    • CVEs allow cybersecurity professionals to talk about vulnerabilities in a consistent manner, ensuring everyone is on the same page.
    • While CVEs detail vulnerabilities, they don't typically prescribe specific mitigation methods. Those come from other sources like vendor advisories.
    • Severity scores, like those from CVSS, evaluate the risk of vulnerabilities, whereas CVEs simply identify them.
    • CVEs identify vulnerabilities but don't serve as a versioning or software update system.

    Tags: CVE

Question 72

72. You are a security analyst tasked with investigating a suspected security breach on a company's Linux server. You decide to examine the Operating system-specific security logs. Which of the following pieces of information would be MOST valuable in these logs to investigate the incident?

    Options:

    • Information about the number of users added to the server in the past year.
    • Information about the latest patches and software updates installed on the server.
    • The amount of free storage space left on the server and whether the amount has changed recently.
    • Records of failed and successful system and user level authentications.

    Overall explanation:

    • Authentication logs can provide key evidence of unauthorized access attempts, timing of the event, and potential insider threats. They can identify when, and possibly how, the breach occurred; making it invaluable information for a breach investigation.
    • While the patch management details are important when checking for vulnerabilities in an OS, this information alone wouldn't be enough to help in a specific security investigation as it doesn't provide concrete details about the breach.
    • The amount of free storage space left on the server and whether the amount has changed recently is a system performance metric that, while important for system and network management, doesn't provide valuable information for a specific security breach investigation.
    • Knowing the number of users added over a period of time can provide general information about server usage, but it isn't directly relevant when investigating a specific security breach unless tied with more specific details like unauthorized user creation.

    Tags: OS-specific Security Logs

Question 73

73. What of the following terms describes a type of risk assessment carried out on an as-needed basis, often in response to new, immediate threats or significant changes within an organization?

    Options:

    • Recurring
    • One-time
    • Ad hoc
    • Continuous

    Overall explanation:

    • Ad hoc assessments are performed as necessary, often triggered by specific events or detected threats, providing flexibility in the risk management process.
    • Continuous assessments offer real-time monitoring but are part of an ongoing process rather than an as-needed response to particular events.
    • While one-time assessments provide a comprehensive snapshot at a specific point, they are not typically conducted in response to immediate or new threats.
    • Recurring assessments happen at regular intervals and, although they help maintain security posture, they are not specifically designed to respond to sudden incidents.

    Tags: Risk Assessment Frequency

Question 74

74. Which of the following terms refers to the specific laws and regulations set by a country's government that dictate how the personal data of its citizens should be collected, stored, and processed?

    Options:

    • National legal implications
    • Consent management
    • Data encryption
    • General Data Protection Regulation (GDPR)

    Overall explanation:

    • National legal implications are laws and regulations set at the country level that outline the requirements and boundaries for data protection and privacy.
    • Consent management is a process that ensures organizations obtain and manage the consent of individuals before collecting or processing their personal data.
    • The GDPR is a regulation enacted by the European Union to ensure data protection and privacy for all its citizens.
    • Data encryption is a method used to protect data from unauthorized access by converting it into a code.

    Tags: Data Sovereignty

Question 75

75. John is reviewing an assessment where it has been determined that a successful cyber attack could result in significant operational downtime and data recovery costs, totaling approximately $500,000. Which term BEST quantifies the severity of this potential event?

    Options:

    • Impact
    • Probability
    • Exposure factor
    • Likelihood

    Overall explanation:

    • Impact specifically refers to the magnitude of the consequences if a risk event occurs, typically assessed in terms of financial loss, operational disruption, or other forms of damage.
    • While probability quantifies the likelihood of a risk event occurring, it does not measure the severity of the consequences of the event.
    • The exposure factor (EF) is a component used to calculate the Single loss expectancy (SLE) by representing the percentage of loss an asset would suffer from a risk event. It does not, by itself, quantify the overall severity of potential consequences.
    • Similar to probability, likelihood assesses the chance of a risk event happening but does not directly quantify the severity of the event's consequences.

    Tags: Risk Management

Question 76

76. What term refers to an organization's predetermined level of acceptable risk exposure?

    Options:

    • Conservative
    • Risk appetite
    • Exposure factor
    • Risk tolerance

    Overall explanation:

    • Risk tolerance refers to an organization's predetermined level of acceptable risk exposure. It represents the extent to which an organization is willing to tolerate potential risks before taking action to mitigate or avoid them.
    • The exposure factor is a calculation that determines the amount of value that is lost if an event takes place. It doesn't measure an organization's level of acceptable risk exposure.
    • The term "conservative" is not directly related to risk management. In financial contexts, it may refer to a risk-averse approach or cautious decision-making.
    • While similar to risk tolerance, risk appetite refers to the amount of risk an organization is willing to take on to achieve its strategic objectives. It represents the organization's overall attitude toward risk-taking.

    Tags: Risk Register

Question 77

77. Which of the following terms refers to the method where an attacker directly interacts with computer systems to gather information, potentially alerting the target about the attempted intrusion?

    Options:

    • Open-source intelligence (OSINT)
    • Network enumeration
    • Active reconnaissance
    • Passive reconnaissance

    Overall explanation:

    • Active reconnaissance involves the attacker directly engaging with the target systems, like scanning ports or attempting direct network connections. It often leaves traces and can alert the target.
    • In passive reconnaissance, the attacker indirectly gathers information without directly touching the target system. Common methods include studying publicly available information.
    • While OSINT is a form of passive reconnaissance, it specifically involves collecting data from publicly available sources such as websites, forums, and social media.
    • Although it's an information-gathering technique, network enumeration typically occurs after reconnaissance and involves detailed identification of network resources that can be targeted for exploitation.

    Tags: Reconnaissance in Pentesting

Question 78

78. What security awareness practice involves conducting simulated email attacks to educate employees about recognizing and responding to phishing attempts?

    Options:

    • User guidance and training
    • Anomalous behavior recognition
    • Phishing campaigns
    • Reporting and monitoring

    Overall explanation:

    • This security awareness practice involves conducting simulated email attacks, often referred to as phishing simulations, to educate employees about recognizing and responding to phishing attempts. In these simulated attacks, employees receive fake phishing emails designed to mimic real-world phishing attempts. The goal is to test employees' ability to identify phishing emails, avoid falling for deception, and report suspicious messages.
    • User guidance and training in security awareness refer to the process of providing employees with information, policies, and best practices related to cybersecurity. This practice includes educating employees through policy handbooks, training sessions, and situational awareness exercises to promote a security-conscious culture.
    • Anomalous behavior recognition is a security awareness practice that focuses on educating employees about recognizing unusual or unexpected behavior that may indicate a security threat. It involves teaching employees to identify risky, unexpected, or unintentional actions that deviate from normal patterns of behavior within the organization.
    • Reporting and monitoring are key aspects of security awareness practices. It involves encouraging employees to report suspicious activities, potential security incidents, or phishing attempts. Monitoring is performed to assess the effectiveness of security awareness initiatives and to identify potential weaknesses or areas for improvement.

    Tags: Preventing Phishing Attacks

Question 79

79. Zenith Solutions is in the process of finalizing a contract with a potential vendor to provide IT services. As part of its security requirements, Zenith wants to conduct periodic security assessments on the vendor's systems and networks to ensure compliance and identify potential vulnerabilities. Which clause in the vendor contract will allows Zenith to perform security assessments on the vendor's systems and networks?

    Options:

    • Evidence of internal audits
    • Independent assessments
    • Supply chain analysis
    • Right-to-audit clause

    Overall explanation:

    • The right-to-audit clause in a vendor contract grants Zenith the authority to conduct audits and assessments of the vendor's security controls and practices. This clause ensures that Zenith can verify the vendor's compliance with security requirements and industry standards.
    • Independent assessments involve engaging a third-party security firm or auditor to evaluate the vendor's security posture. While this option is related to security assessments, it does not specifically address the clause in the vendor contract that grants Zenith's right to perform assessments themselves.
    • Evidence of internal audits refers to documentation provided by the vendor, showing the results of their own internal security assessments. While this information may be useful to Zenith, it does not grant Zenith the authority to conduct its own independent assessments.
    • Supply chain analysis is a process of evaluating the security risks associated with the vendor's supply chain and their third-party vendors. While important for assessing overall security risks, it does not address the specific clause in the contract allowing Zenith to perform security assessments on the vendor's systems and networks.

    Tags: Vendor Assessment

Question 80

80. Which of the following is a primary consideration when addressing local/regional legal implications when evaluating an organization's security compliance?

    Options:

    • Attestation of compliance for all global branches of an organization.
    • Assessing global data breach notification timelines.
    • Understanding specific jurisdictional regulations and requirements.
    • Automating the compliance monitoring process across all regions.

    Overall explanation:

    • Different local and regional jurisdictions often have unique laws and mandates related to data protection and security, making it crucial for organizations to be knowledgeable about them to maintain compliance.
    • Attestation is about confirming compliance understanding, but local/regional implications primarily involve adhering to specific geographical rules or laws.
    • Automation can help with compliance tasks, but when considering local/regional legal implications, the primary concern is understanding and following specific area-based regulations.
    • While understanding global implications can be vital, the focus of local/regional considerations is on specific area-based regulations.

    Tags: Data Sovereignty

Question 81

81. Which set of standards and guidelines is developed by NIST and specifies requirements for cryptographic modules used within federal computer systems in the United States?

    Options:

    • ISO/IEC 27001
    • NIST Special Publication 800-63
    • FIPS
    • PCI DSS

    Overall explanation:

    • FIPS (Federal Information Processing Standards) are standards that provide important guidelines and requirements for cryptography used to secure federal information systems, except those related to national security.
    • While ISO/IEC 27001 is an important standard for information security management systems, it does not set specific requirements for cryptographic modules within federal computer systems.
    • PCI DSS relates to the protection of cardholder data and is not focused on the cryptographic requirements for federal information systems.
    • This publication provides guidelines for digital identity but does not specify requirements for cryptographic modules within federal systems.

    Tags: Standards

Question 82

82. Who is chiefly responsible for determining the purposes and means of processing personal data within an organization?

    Options:

    • Data Broker
    • Data Owner
    • Data User
    • Data Controller

    Overall explanation:

    • The data controller is the entity that determines the purposes, conditions, and means of processing personal data. They make decisions about how and why data is processed.
    • A data broker collects and sells data to other organizations, but they do not typically decide the purposes and means of data processing for another organization.
    • While data owners are responsible for the data's classification and ensuring it meets organizational policies, they do not typically decide on the purposes and means of data processing.
    • Data users access and use the data but typically don’t decide on its processing purposes and means.

    Tags: Data Ownership

Question 83

83. Kelly Innovations LLC is focusing on launching innovative products and is frequently entering new markets despite the high level of uncertainty and competition. This behavior is indicative of which type of risk appetite?

    Options:

    • Expansionary
    • Neutral
    • Risk register
    • Conservative

    Overall explanation:

    • The startup's willingness to embrace uncertainty for potential high returns or aggressive growth indicates an expansionary risk appetite.
    • A neutral risk appetite would look for a balance and only pursue risks that are aligned with strategic goals and can be managed.
    • A risk register is a tool for tracking identified risks and managing them.
    • A conservative risk appetite would avoid high levels of uncertainty and instead focus on stability and risk aversion.

    Tags: Risk Register

Question 84

84. Hair and There, an online beauty supply store, has conducted a comprehensive risk assessment and identified potential vulnerabilities in their network infrastructure. They recognize that another global pandemic would seriously harm their business and is a considerable risk. After careful analysis, they determine that they simply cannot control whether another pandemic occurs. They take measures to help reduce the types of damage a pandemic will cause and then hope that it doesn't happen. Which risk management strategy is are they employing?

    Options:

    • Mitigate
    • Accept
    • Avoid
    • Transfer

    Overall explanation:

    • Mitigating the risk means implementing measures or controls to reduce the potential impact or likelihood of the risk event occurring.
    • Avoiding the risk involves eliminating the risk entirely by refraining from activities or situations that could expose the organization to potential threats. They are not avoiding the risk since they are taking actions to minimize the impact. If they were avoiding the risk, they would probably close the business since avoiding involves not undertaking the activity that is risky.
    • Transferring the risk involves shifting the financial burden of potential losses to a third party, such as an insurance company. There is no mention of bringing in a third party to accept some of the financial burden for a pandemic.
    • Accepting the risk means the organization acknowledges the risk and does not take any specific actions to mitigate it. In the scenario above, they do take some measures to reduce the impact, so they are not just accepting the risk.

    Tags: Risk Management Strategies

Question 85

85. Which policy outlines the steps to be taken in response to data breaches?

    Options:

    • Playbook
    • Incident response policy
    • Disaster recovery policy
    • Business continuity policy

    Overall explanation:

    • The incident response policy outlines the steps and procedures to be taken in response to security incidents or breaches. It defines the roles, responsibilities, and actions required to detect, respond, and recover from security incidents effectively.
    • The business continuity policy focuses on ensuring the continued operation of critical business functions during and after disruptive events, such as natural disasters or significant system failures. While incident response may be a part of business continuity planning, it is not the primary focus of this policy.
    • The disaster recovery policy focuses on the processes and procedures for recovering IT systems and infrastructure after a significant disaster or failure. While security incidents may trigger disaster recovery procedures, this policy's primary objective is broader than just incident response.
    • Playbooks are comprehensive sets of instructions that outline predefined responses to specific situations or events. They are often used in incident response and cybersecurity for guiding actions during security incidents.

    Tags: Incident Response

Question 86

86. During a business process analysis (BPA) of a critical operation, which of the following components identifies the specific server or data center responsible for processing tasks?

    Options:

    • Staff and other resources
    • Inputs
    • Hardware
    • Process flow

    Overall explanation:

    • The hardware aspect of a BPA focuses on identifying the specific technological resources, like servers or data centers, that perform the processing for a mission essential function.
    • While staff and other resources includes the workforce and supplementary resources needed for the function, it does not refer to the technological processing equipment.
    • Process flow gives a sequential description of operational steps but does not specify the hardware used in the process.
    • Inputs pertain to the initial information sources needed for a function's execution, not the processing hardware.

    Tags: BPA

Question 87

87. Which of the following is a section in a vendor contract that allows an organization to conduct its own evaluation and verification of a vendor's security controls and practices?

    Options:

    • Independent assessments
    • Right-to-audit clause
    • Supply chain analysis
    • Evidence of internal audits

    Overall explanation:

    • A right-to-audit clause is a provision in a vendor contract that grants the organization the authority to conduct audits on the vendor's security controls and practices.
    • Evidence of internal audits refers to documentation or proof that the vendor has conducted its internal security audits to assess and maintain the effectiveness of its security measures. These audits would be done by the vendor, not by the organization using the vendor.
    • Independent assessments involve hiring a third-party organization to evaluate and assess the vendor's security measures and controls. In this case, the organization is doing its own audits, so it isn't an independent assessment.
    • Supply chain analysis is the process of assessing and understanding the security risks associated with a vendor's supply chain and the potential impact on the organization's security. It is more specific than a right-to-audit clause, which allows a broad range of audits.

    Tags: Vendor Assessment

Question 88

88. Which legislation mandates the implementation of risk assessments, internal controls, and audit procedures for ensuring transparency and accountability in financial reporting in the US?

    Options:

    • FISMA
    • SOX
    • Computer Security Act (1987)
    • GDPR

    Overall explanation:

    • The Sarbanes-Oxley Act is a US legislation that mandates various practices to protect investors by improving the accuracy and reliability of corporate financial statements and disclosures.
    • GDPR (General Data Protection Regulation) is a European Union regulation that pertains to the protection of personal data and its processing, ensuring that entities collect and use such data fairly and transparently. While this act focuses on the security of federal computer systems processing confidential information, it does not deal with financial reporting transparency.
    • FISMA (Federal Information Security Management Act) aims to govern the security of data processed by federal government agencies, but it doesn't specifically focus on financial transparency and accountability.

    Tags: Standards

Question 89

89. At Kelly Innovations LLC, an internal audit has highlighted some concerning practices. Employee Jason routinely ignores reminders to update his security software, contrary to the company's strict update policy. This procrastination could leave the network vulnerable to new threats that the updates would otherwise mitigate. Concurrently, Jamario, known for jotting down his passwords on post-it notes around his workspace, has inadvertently shared his credentials with several coworkers, breaching internal security protocols. On a separate occasion, sensitive information was uploaded to a public cloud service without a VPN, and a phishing email was clicked, triggering a malware alarm. Based on the audit findings at Kelly Innovations LLC, which of the following is the risky behavior that needs the MOST immediate attention to prevent potential security breaches?

    Options:

    • Ignoring security reminders and physical note-taking.
    • Accidental data exposure and phishing susceptibility.
    • Violation of VPN policy and interaction with phishing emails.
    • Postponing security software updates and poor password management.

    Overall explanation:

    • Delaying the installation of critical software updates, as Jason does, and managing passwords in an insecure manner, as Jamario does, are direct risky behaviors that significantly increase the vulnerability of the company's data and systems.
    • Ignoring security reminders to update software is part of Jason's risky behavior, but it doesn't capture the full scope of the issue. Similarly, while Jamario's physical note-taking of passwords is insecure, it doesn't convey the full risk of poor password management.
    • While accidental data exposure and phishing susceptibilityare serious security concerns, they are consequences of risky behavior rather than the risky behavior itself.
    • Violation of VPN policy and interaction with phishing emails are indicative of risky behavior, but they are specific instances that occurred as a result of the broader risky behaviors identified in the audit report.

    Tags:

Question 90

90. Which of the following involves a company evaluating their own security policies and procedures?

    Options:

    • Compliance
    • Attestation
    • Audit committee
    • Self-assessments

    Overall explanation:

    • Self-assessments involve internal evaluations conducted by the organization itself to assess its adherence to established compliance requirements. During self-assessments, the organization reviews its policies, procedures, and controls to identify areas of non-compliance and take corrective actions.
    • An audit committee is a group of individuals, usually members of the organization's board of directors, who are responsible for overseeing the financial reporting and internal control processes. While the audit committee plays a crucial role in the organization's governance and risk management, it is not directly related to evaluating compliance with established requirements.
    • Attestation refers to the process of affirming the accuracy and completeness of compliance reports. It involves providing formal statements or declarations about the organization's compliance with specific regulations or standards. Attestation can be done internally by the organization's management or externally by a third-party auditor.
    • Compliance, in the context of this question, does not refer to a specific internal process. Instead, it is the broader concept of adhering to regulations, laws, and industry standards. It involves ensuring that the organization operates within the legal and regulatory boundaries applicable to its industry.

    Tags: Governance and Compliance