Sec+ Practice Test 6

Question 1

1. A software application blocks access for a specific group of known malicious IP addresses. Which of the following terms BEST describes this type of configuration?

   Options:

   • Deny list
   • Allow list
   • Maintenance window
   • Impact analysis

   Overall explanation:

   • A deny list is a list specifying entities that are explicitly denied access or permissions.
   • An allow list is a list specifying entities, such as IP addresses, that are explicitly granted access or permissions.
   • Impact analysis is the process of assessing and predicting the potential consequences of a proposed change.
   • A Maintenance window predefined time frame during which system changes or updates are applied to minimize disruption to business operations.

   Tags: Technical Implications of Changes

Question 2

2. Which of the following statements BEST describes the Control Plane in the Zero Trust model?

   Options:

   • Employs security decisions based on user behavior.
   • Decides on access based on policies and threats.
   • Ensures efficient transmission of approved data.
   • Limits potential damage zones in a network.

   Overall explanation:

   • The Control Plane within the Zero Trust model is fundamentally responsible for deciding on access based on policies and threats, which is a dynamic and multifaceted task.
   • While it does consider user behavior as part of its decision-making process, employing security decisions based on user behavior is only one aspect of its function.
   • Although the Control Plane's decisions can indirectly limit potential damage zones by enforcing segmented access to network resources, its primary role should not be confused with the outcomes of its policy enforcement.
   • The Control Plane does not directly ensure the efficient transmission of data — this is a misconception, as that is the role of the Data Plane.

   Tags: Zero Trust

Question 3

3. Which of the following statements BEST describes Adaptive Identity within the Zero Trust framework?

   Options:

   • Manages data transmission after access is granted.
   • Dynamically adjusts access based on user behavior and context.
   • Sets up zones to contain potential threats.
   • Establishes and references strict access policies.

   Overall explanation:

   • Adaptive identity in the context of Zero Trust means that the system constantly evaluates the user's behavior and the context of their requests to ensure they still warrant the access level they've been granted. If suspicious behavior is detected, access can be modified or revoked in real-time.
   • Setting up zones to contain potential threats involves segmenting the network or creating isolated environments, often called "zones", to contain potential threats or limit the exposure of critical assets. This strategy can prevent lateral movement in the case of a breach.
   • Establishing and referencing strict access policies involves creating and enforcing specific rules and guidelines on who can access what resources under which conditions. It's a foundational element of any security framework, ensuring only authorized entities gain access to sensitive data.
   • Managing data transmission after access is granted refers to how data is handled or transmitted once a user has been authenticated and granted access. It might involve data encryption, segmentation, or other data protection mechanisms during transmission.

   Tags: Zero Trust

Question 4

4. In which symmetric encryption method is plaintext divided into equal-sized blocks, potentially requiring padding to fit the designated block size, and then subjected to complex operations based on a specific key value?

   Options:

   • Block cipher
   • AES
   • Stream cipher
   • Transposition

   Overall explanation:

   • Block ciphers process plaintext in equal-sized chunks, such as 128-bit blocks. If a plaintext doesn't align with this block size, it must be padded. The plaintext undergoes detailed transposition and substitution operations depending on the key value, ensuring secure encryption.
   • Transposition is a type of operation used within encryption processes, especially within block ciphers, but isn't a type of symmetric encryption on its own.
   • The Advanced Encryption Standard is a widely-adopted encryption cipher and is a type of block cipher. While it provides an encryption mechanism, it's not a general category of symmetric encryption.
   • Stream ciphers work by encrypting data one byte or bit at a time, making them ideal for scenarios where the total length of the message isn't known in advance.

   Tags: Symmetric Encryption

Question 5

5. Dion Training is rolling out a new security policy that mandates all users to update their passwords every 90 days, impacting various departments within the organization. Following the implementation of this policy, which of the following actions should Dion Training take to ensure its effectiveness and compliance?

   Options:

   • Test the results of the newly implemented policy to ensure compliance and effectiveness.
   • Disregard any concerns or feedback from employees regarding the new policy.
   • Inform only the IT department about the change, and let them handle telling other departments about the change.
   • Discontinue any prior password-related policies immediately without review.

   Overall explanation:

   • Testing the results helps the organization verify that the policy is working as intended and that users are complying with the mandate. This will provide insights into any potential issues and areas for improvement.
   • While it's essential to ensure there are no conflicting policies, immediately discontinuing prior policies without review can lead to potential security gaps and confusion among employees.
   • Communication is vital when implementing new policies, especially those that affect multiple departments. Relying on word-of-mouth or assuming departments will learn of changes can lead to non-compliance and potential security risks.
   • Employee feedback is crucial when rolling out new policies, as they can provide valuable insights and identify potential challenges in real-world application. Ignoring concerns can lead to resistance in adoption and potential security vulnerabilities.

   Tags: Password Security

Question 6

6. During a change management meeting, Lisa, a project manager, is presenting the impact of a proposed change on various departments. She also gathers feedback from representatives of those departments to ensure all viewpoints are considered. Which of the following terms BEST describes the representatives from the various departments?

   Options:

   • Backout plan
   • Approval process
   • Maintenance window
   • Stakeholders

   Overall explanation:

   • Stakeholders, who are individuals or entities that have an interest in a particular decision or project, often representing various departments or groups, and their feedback is critical for comprehensive decision-making.
   • An approval process is a formalized procedure to ensure changes are reviewed and approved before implementation.
   • A backout plan is a contingency plan detailing steps to revert changes in case of failure or unforeseen complications.
   • A maintenance window is a pre-defined time frame during which changes or updates are implemented, often chosen to minimize business disruption.

   Tags: Change Management

Question 7

7. Dion Training has implemented a Zero Trust model. Which of the following components of the data plane is responsible for the user or device being verified before it interacts with the network?

   Options:

   • Policy Enforcement Point
   • Subject !!!
   • Policy administrator
   • Policy engine

   Overall explanation:

   • The subject refers to the entity (user or device) that is requesting access to a resource, which needs to be authenticated before being granted access.
   • The policy enforcement point is responsible for enforcing the access control decisions made by the policy engine.
   • The policy administrator is responsible for defining and managing the access control policies used by the policy engine.
   • The policy engine is responsible for making access control decisions based on pre-defined policies and contextual information about the subject/system.

   Tags: Zero Trust

Question 8

8. Dion Training wants to secure only a specific section of their server's hard drive that contains sensitive client data. Which encryption method would be BEST suited for this requirement?

   Options:

   • Full-disk encryption
   • Partition encryption
   • Wildcard certificate
   • File-level encryption

   Overall explanation:

   • Partition encryption, like LUKS (Linux Unified Key Setup) on Linux systems, allows the encryption of a particular partition or volume. It's ideal for Dion Training's need to secure a specific section of their server's hard drive.
   • A wildcard certificate secures multiple subdomains of a main domain but is unrelated to disk encryption.
   • Full-disk encryption encrypts the entire hard drive, which might be overkill if only a specific section needs encryption.
   • While file-level encryption can encrypt specific files or folders, it doesn't necessarily target entire sections or partitions of a hard drive.

   Tags: Data Encryption Levels

Question 9

9. When entering his password online, Ivan notices that each letter is quickly replaced by a dot. He finds this annoying and wishes that it wouldn't happen.  It has resulted in him entering the wrong password because there are as many dots as the number of characters in his password. What is Ivan observing?

   Options:

   • Steganography
   • Data Masking
   • Encryption
   • Tokenization

   Overall explanation:

   • Data masking is a method to deidentify some or all characters in a sequence, but not changing the total number of characters that a field should contain. The masked version will be structurally the same, but the data will be hidden. Changing the letters or numbers entered into a password field with dots is an example of data masking.
   • Encryption is the process of converting information or data into a code to prevent unauthorized access. It often uses an algorithm to replace the original data with other data.  If a person figures out or acquires the algorithm, the data can be decrypted. It does not involve substituting data with other characters as placeholders.
   • Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. It does not involve substituting data with other characters as placeholders.
   • Tokenization is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token. The token and the data it substitutes are stored in a secure database. If the original data is needed, it can be accessed using the token and querying the database. The token will be a different size and have a different structure than the original data so the token can’t be used to decipher the original data. It does not involve substituting data with other characters as placeholders.

   Tags: Obfuscation

Question 10

10. Which characteristic of blockchain technology ensures that the risk associated with having a single point of failure or compromise is mitigated?

    Options:

    • Decentralization
    • Homomorphic encryption
    • Time-stamping
    • Digital certificate rotation

    Overall explanation:

    • One of the most important characteristics of blockchain is its decentralized nature, distributing the ledger across a peer-to-peer network, thus eliminating a single point of failure.
    • Digital certificate rotation is the practice of changing digital certificates at regular intervals.
    • Homomorphic encryption allows for computations on ciphertext, without the need for decryption first.
    • While blockchain blocks often include time stamps, this feature doesn't protect against a singular point of compromise.

    Tags: Blockchain

Question 11

11. At Kelly Innovations Corp., Sarah noticed that their core business application, which tracks customer orders, was not updating inventory levels accurately. A recent update seemed to have introduced a bug. Which of the following would offer the BEST solution?

    Options:

    • Patch management
    • Application restart
    • Application rollback
    • Dependency check

    Overall explanation:

    • Reverting an application to a previous state or version from a backup to correct issues caused by updates or changes. In this scenario, restoring the application from a backup taken two days earlier is an example of an application rollback and would be the most effective solution.
    • Application restart involves stopping and then starting an application, often to apply changes or ensure updates have taken effect. While it may be a part of many troubleshooting processes, it wouldn't address the bug introduced by the update.
    • Patch management is the process of managing updates for software applications. While the issue arose from an update, Jason is not suggesting another patch but is recommending reverting to a previous state.
    • Dependency check refers to ensuring that all required components, libraries, or modules needed by an application are present. The scenario doesn't suggest any missing dependencies; rather, it's a problem with the application's function.

    Tags: Application Security

Question 12

12. What type of the threat actor is motivated by beliefs about politics and often targets organizations they disagree with?

    Options:

    • Unskilled Attackers
    • Insider Threats
    • Nation-state Actors
    • Hacktivists

    Overall explanation:

    • A hacktivist is a threat actor that is motivated by philosophical or political beliefs and often targets organizations or governments that they disagree with. Hacktivists may use methods such as defacement, denial-of-service, or data leakage to achieve their goals. They hope defacement and data leaks will discredit the target organizations or governments. Denial-of-service attacks will prevent the organizations and governments from communicating and functioning.
    • Insider Threats are threat actors that have authorized access to an organization’s network, systems, or data. They are often current or former employees who are motivated by revenge, greed, or ideology. Insider Threats may abuse their privileges, leak information, sabotage operations, or collaborate with external actors in order to undermine an organization.
    • Unskilled Attackers are threat actors that have little or no technical skills and are motivated by curiosity, boredom, or personal gain. Unskilled Attackers may use tools or scripts developed by others to launch attacks without understanding how they work.
    • Nation-state Actors are a type of threat actor that is sponsored by a government or a military and are motivated by gaining information through espionage, conducting warfare, or gaining influence. Nation-state Actors may target other countries, organizations, or individuals that pose a threat to or have different interests than the government that sponsors the Nation-state Actors.

    Tags: Hacktivists

Question 13

13. What is the term for a type of open service port that is commonly used for email servers and can be exploited by attackers to perform spamming, spoofing, or phishing attacks?

    Options:

    • POP
    • IMAP
    • SMTP
    • HTTP

    Overall explanation:

    • Simple Mail Transfer Protocol (SMTP) port is a type of open service port that is commonly used for email servers. It is most commonly used to perform spamming, spoofing, or phishing attacks because it is used to send and email messages.
    • Post Office Protocol (POP) port is a type of open service port that is commonly used for email clients. It is most commonly used to perform eavesdropping, data theft, or malware delivery attacks because it is used to retrieve email messages from a server.
    • Internet Message Access Protocol (IMAP) port is a type of open service port that is commonly used for email clients. It is most commonly used to perform eavesdropping, data theft, or malware delivery attacks because it is used to retrieve email messages on a server.
    • Hypertext Transfer Protocol (HTTP) port is a type of open service port that is commonly used for web servers and can be exploited by attackers to perform injection attacks, such as SQL injection or cross-site scripting. It is the default port for HTTP, the protocol used to transfer web pages and data.

    Tags: Email Security, SMTP

Question 14

14. Which of the following types of threat actors are MOST likely to rely on commodity attack tools found on the web or dark web? (Select TWO.)

    Options:

    • Sophisticated cybercriminal
    • Insider Threat
    • Unskilled attacker
    • Script kiddie
    • Advanced Persistent Threat (APT)

    Overall explanation:

    • An unskilled attacker, often lacking specialized knowledge or resources, typically leans on readily available commodity attack tools found on the web or dark web. Their dependence on such tools underscores their limited capability. A script kiddie, similar to an unskilled attacker, tends to rely on pre-made scripts and tools available online, highlighting their reliance on basic methods without much customization.
    • APTs represent highly skilled and well-funded groups, often backed by nation-states. They possess the capability to craft zero-day exploits and deploy sophisticated cyber espionage tools, far surpassing the use of common commodity tools.
    • Insiders, be they disgruntled employees or careless staff, may pose security risks, but they typically leverage their internal access and knowledge, rather than relying heavily on external commodity tools. While these individuals or groups have more advanced methods compared to unskilled attackers, they often use a mix of customized and readily available tools, depending on their objectives and resources.

    Tags: Threat Actors

Question 15

15. Linaeka, a security analyst, is investigating a malware incident. The logs show that someone made 5 attempts to enter a password and username on each computer in the marketing department between 2:30 and 3:00 am. None of the marketing department employees were working at that time.  The attempts all came from the same IP address. Which of the following indicators of malicious activity most likely gave Linaeka the theory that this was an attempt at a brute force or dictionary attack?

    Options:

    • Account lockout
    • Concurrent session usage
    • Blocked content
    • Missing logs

    Overall explanation:

    • Account lockout is an indicator of malicious activity that shows that an attacker or malware has tried to guess or brute force a password for an account, exceeding the maximum number of attempts allowed by the system. The lockout settings allowed 5 incorrect attempts before locking the user out. At that point, the attacker tried the next computer account.
    • Missing logs is an indicator of malicious activity that shows that an attacker or malware has tampered with or erased the system’s event logs to avoid detection and analysis. There is no indication that any logs were missing.
    • Concurrent session usage is an indicator of malicious activity that shows that an attacker or malware has compromised an account and is using it simultaneously with the legitimate user, creating multiple sessions from different locations or devices. The attack came from the same IP address and no legitimate users had sessions running in the scenario above.
    • Blocked content is an indicator of malicious activity that shows that an attacker or malware has tried to access or deliver content that is prohibited by the system’s security policy, such as malicious websites, files, or emails. There is no indication in the scenario that the attacker was able to send anything.

    Tags: Indicators of Compromise (IoC)

Question 16

16. Which of the following mitigation techniques can help reduce the attack surface of systems by uninstalling unused applications ?

    Options:

    • Decommissioning
    • Disabling Ports and Protocols
    • Removal of unnecessary software
    • Patching

    Overall explanation:

    • Removal of unnecessary software is a hardening technique that can help reduce the attack surface of systems and devices by removing unused or unneeded. The more software that is on a system, the more exposure there is to vulnerabilities. If the software is not needed or used, there is no purpose in having extra exposure to vulnerabilities.
    • Patching is a mitigation technique that can help prevent exploitation of known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements. Patching involves applying patches or updates to software and systems. Patching software is good to do, but if you aren't using the software, removing it is more effective than patching it.
    • Decommissioning is a mitigation technique that can help reduce the risk of data breaches or theft by properly disposing of systems and devices that are no longer needed or used. Decommissioning involves following a set of procedures to erase or destroy any sensitive data stored on the systems and devices, and to physically dispose of them in a safe and environmentally friendly manner. It is used for hardware that is no longer needed, not for unneeded software.
    • Disabling ports and protocols is a hardening technique that can help reduce exposure to potential attacks. This can be done on firewalls, switches, routers, and hosts to close or block any network ports or protocols that aren’t needed for the normal operation of the systems and devices. Ports are numerical identifiers that specify the destination or source of network traffic, and protocols are rules or standards that define how network traffic is formatted or transmitted. This is a good practice, but doesn't involve removing software from the system.

    Tags: Hardening

Question 17

17. A company’s systems were compromised and sensitive data is stolen. Upon investigation, it is discovered that attackers gained access through a Trojan that was installed on one employee's mobile device. The Trojan was installed on the device when the employee installed a piece of software from a website instead of the official app store. Which of the following describes the source of the problem?

    Options:

    • Zero-day vulnerability
    • Mobile device management (MDM) failure
    • Side loading
    • Jailbreaking

    Overall explanation:

    • Side loading is the process of installing applications on a mobile device from sources other than the official app store, which can allow unauthorized applications to be installed.
    • A zero-day vulnerability is a vulnerability that is unknown to the vendor and can be exploited by attackers, but it does not directly relate to installing unauthorized applications from sources other than the official app store.
    • Jailbreaking is the process of bypassing the security restrictions on a mobile device, which can allow unauthorized applications to be installed, but it is not the only way to install unauthorized applications.
    • Mobile device management (MDM) failure can leave mobile devices vulnerable to unauthorized access or manipulation, but it does not directly relate to installing unauthorized applications from sources other than the official app store.

    Tags: Mobile Vulnerabilities and Attacks

Question 18

18. Which of the following mobile device vulnerabilities that is created by installing applications from sources other than the official app store?

    Options:

    • Memory injection
    • Side loading
    • Jailbreaking
    • Buffer overflow

    Overall explanation:

    • Side loading is a mobile device vulnerability that results from installing applications from sources other than the official app store, such as third-party websites, USB drives, or email attachments. It can expose the device to malware, spyware, or unauthorized access.
    • Memory injection is a technique that involves injecting code into a running process to alter its behavior or gain access to its memory. It can be used for malicious or legitimate purposes on mobile devices, such as debugging or hooking.
    • Buffer overflow is a type of memory corruption that occurs when a program writes more data than the allocated buffer can hold, causing it to overwrite adjacent memory locations. It can lead to crashes, code execution, or privilege escalation.
    • Jailbreaking creates a vulnerability on mobile device by bypassing the restrictions imposed by the manufacturer or provider of a device, such as an iPhone or iPad, to gain root access and install unauthorized applications or customizations. It can expose the device to malware, spyware, or unauthorized access.

    Tags: Mobile Vulnerabilities and Attacks

Question 19

19. Which mitigation technique ensures that different network components are separated to prevent potential breaches from spreading?

    Options:

    • Segmentation
    • Least Privilege
    • Isolation
    • Encryption

    Overall explanation:

    • Separating components or systems ensures that a breach in one part does not easily spread or affect other parts, maintaining the integrity of unaffected sections.
    • Encryption, the process of converting data into a code to prevent unauthorized access, doesn't inherently pertain to the separation of network components.
    • Dividing a network into separate parts or segments, often to improve performance and security, but not specifically focusing on completely isolating components from each other.
    • Least Privilege, ensuring that users have only the permissions necessary to perform their tasks, without granting them unnecessary access rights, which isn't directly about separating systems.

    Tags: Network Security

Question 20

20. Which of the following scenarios MOST exemplify a business email compromise?

    Options:

    • An email from a coworker asking to review an attached invoice.
    • A CEO's request to finance to wire money urgently.
    • Spotting a pop-up on a website asking for credit card details.
    • Receiving spam email about a lottery win.

    Overall explanation:

    • A CEO's request to finance to wire money urgently is a classic example of a business email compromise (BEC). In this type of attack, cybercriminals impersonate executives or other key personnel in an organization. They craft persuasive emails directed towards employees, often in financial departments, tricking them into transferring money or revealing confidential data.
    • A pop-up on a website asking for credit card details is type of threat is a web-based scam designed to trick users into divulging their personal or financial information. These malicious pop-ups can appear on compromised websites or be the result of malware on a user's system.
    • An email from a coworker asking to review an attached invoice might seem like a potential business email compromise, especially if the coworker doesn't typically send invoices. However, it's more indicative of a spear phishing attempt or malicious attachment scheme. The emphasis here is on the malicious payload in the attachment, rather than a deceptive request for funds or information typically seen in BEC.
    • Receiving spam email about a lottery win is a widespread form of email spam that casts a wide net, hoping to lure in gullible recipients. These messages often promise large financial rewards or incredible offers, but they don't typically target businesses specifically.

    Tags: Business Email Compromise (BEC)

Question 21

21. Dion Training has recently implemented a new web portal for their customers. During a routine security review, the IT team notices that some suspicious activities have been logged. An unknown user attempted to access the system with a strange pattern: when requesting a particular user file, instead of the usual URL structure (/users/[username]/profile) the system registered requests like (/users/../admin/config). Within a short span of time, several such patterns were identified, each trying to reach different sensitive files and directories. Given this information, which of the following types of attack is the user MOST likely attempting?

    Options:

    • Attempting to escalate their privileges on the system.
    • Attempting to access files outside of intended directories.
    • Seeking to exploit a buffer overflow vulnerability.
    • Trying to inject malicious scripts into the system.

    Overall explanation:

    • This scenario is a classic example of directory traversal. The described activities are consistent with an attacker trying to move up the directory structure and access files or directories they shouldn't. This often involves navigating directories in ways the system didn't intend.
    • Injection attacks usually involve inputting malicious data into a system with the intent that it will be executed. The scenario described does not suggest data is being executed or run; rather, it's an attempt to navigate to unintended areas.
    • Buffer overflow attacks involve overloading a system's memory buffer to cause it to crash or to insert malicious code. The activities described in the scenario are more about navigating the file system than overwhelming it.
    • Privilege escalation attacks aim to gain elevated access to resources that are normally protected from an application or user. While this might be an outcome or a motive, the method described here doesn't necessarily represent this type of attack.

    Tags: Directory Traversal Attack

Question 22

22. You are working on a project that requires you to use a software application that is not installed on your system. You find a website that offers a free download of the application and you click on the download button. However, instead of downloading the application, you download an PNG file which may contain malicious code. If it is malicious, what type of attack vector was used to deliver the code?

    Options:

    • Removable device
    • Image-based
    • Pretexting
    • File-based

    Overall explanation:

    • Image-based Image-based attacks use malicious images, such as JPEGs, PNGs, or GIFs, to exploit vulnerabilities in image processing software or embed malicious code in the image metadata.
    • Removable device attacks use devices such as USB drives, CDs, or DVDs to infect systems with malware or perform other malicious actions.
    • Pretexting uses a story to create a sense of trust with the victim. It makes it more likely that the victim will do what the attacker wants them to do. In the scenario, there is no fake story used.
    • File-based attacks use malicious files, such as executables, documents, or archives, to infect systems with malware or perform other malicious actions.

    Tags: Threat Vectors and Attack Surfaces

Question 23

23. Which of the following threats is MOST likely to accidentally cause harm to the system?

    Options:

    • Hacktivist
    • Shadow IT
    • Unskilled attackers
    • Nation-state actors

    Overall explanation:

    • Shadow IT is a type of threat actor that is the result of unauthorized or unapproved IT systems or devices within an organization. Shadow IT can introduce security risks and compliance issues for an organization, but the damage is usually unintentional. It results from employees or insiders who bring in equipment or alter systems for their own convenience and without getting permission.
    • Nation-state actors are a type of threat actor that is sponsored by a government or a country's military. They normally have high resources/funding and high level of sophistication/capability. Nation-state actors can launch advanced and persistent attacks against other countries, organizations, or individuals. They create harm on purpose.
    • An unskilled attacker is a type of threat actor that has little or no technical skills and has low resources/funding and low level of sophistication/capability. Unskilled attackers often launch simple and opportunistic attacks using tools or scripts developed by others. The damage they do might be minor, but they do intend to do damage.
    • A hacktivist is a threat actor that is motivated by philosophical or political beliefs and often targets organizations or governments that they disagree with. Hacktivists may use unauthorized or unapproved IT systems or devices but the harm they cause is done on purpose

    Tags: Shadow IT

Question 24

24. Jamario, while analyzing the network logs at BetaLabs, observed multiple requests originating from a single IP address targeting the company's login portal. These requests used different alphanumeric combinations in rapid succession. Furthermore, Jamario's review of the server health metrics revealed periods of intense processing demand during these login attempts. Which of the following activities is MOST likely causing the observations made by Jamario?

    Options:

    • Brute force attack
    • Replay attack
    • Password spraying
    • Phishing attack

    Overall explanation:

    • A Brute force attack is where every possible character combination is tried until the correct password or key is unlocked. Jamario's observation of rapid, varied login attempts from a single IP, coupled with intense processing demand on the server, is indicative of this type of attack.
    • A replay attack involves capturing valid data transmission and then fraudulently repeating or delaying it. It doesn't match Jamario's observations of varied login attempts.
    • A phishing attack tries to trick users into revealing sensitive information, usually by masquerading as a trustworthy entity. Jamario's observations of rapid, varied login attempts do not fit this profile.
    • Password spraying involves trying a single password against multiple usernames, rather than multiple passwords against one username. Jamario observed multiple varied login attempts from one IP, which doesn't align with this attack.

    Tags: Password Attacks

Question 25

25. Jamario, the network analyst at Kelly Innovations LLC, was analyzing the network traffic when he stumbled upon a peculiar pattern. He noticed that certain network packets seemed to be repeated verbatim at irregular intervals. These duplicate packets, when matched with the server logs, corresponded to prior legitimate requests made by users but were being resent without any user intervention. Which of the following BEST characterizes the type of attack Jamario detected on Kelly Innovations LLC's network?

    Options:

    • Replay attack
    • Spoofing attack
    • On-path attack
    • Port scanning

    Overall explanation:

    • In a replay attack, an attacker intercepts and stores legitimate data transmissions and then retransmits them later. The objective is to gain unauthorized access or perform an unauthorized operation by using the repeated or "replayed" data.
    • An On-path attack occurs when an attacker secretly intercepts and possibly alters the communication between two parties. While it involves interception, it's more about altering or eavesdropping on the communication rather than just retransmitting it.
    • In a spoofing attack, an attacker disguises themselves as a trusted source. This may involve altering packet headers or other data to appear as a legitimate source. While it's deceptive in nature, it's distinct from the act of retransmitting captured data.
    • Port scanning is an activity where an attacker sends packets to a range of port numbers on a host with the intent to find an active port and exploit known vulnerabilities. It doesn't involve retransmission of legitimate requests.

    Tags: Replay Attacks

Question 26

26. Which term relates to the complexity of a threat actor's methods and operations?

    Options:

    • Capability
    • Resources
    • Funding
    • Sophistication

    Overall explanation:

    • Sophistication refers to the intricacy and advancement of a threat actor's tactics, techniques, and procedures. More sophisticated threat actor groups possess customized attack tools and have access to skilled personnel, such as strategists and hackers.
    • Funding is the financial backing for threat actors, enabling them to secure resources. It doesn't signify the complexity of their operations.
    • Capability pertains to a threat actor's ability to devise new exploits and tools. It doesn't necessarily denote the intricacy of their methods.
    • Resources refer to tools and personnel that a threat actor can deploy. It doesn't indicate the complexity of their methods.

    Tags: Threat Actors

Question 27

27. Which attribute of a threat actor refers to their ability to develop unique exploit techniques and tools?

    Options:

    • Resources
    • Capability
    • Funding
    • Sophistication

    Overall explanation:

    • Capability pertains to a threat actor's proficiency in devising new exploit techniques and tools. It can range from using commonly found attack tools to creating zero-day exploits in various systems. Those with the highest capabilities can even deploy non-cyber tools, such as political or military assets.
    • While funding can boost a threat actor's capabilities by providing them the means to acquire resources, it doesn't specifically denote their expertise in developing unique exploits.
    • Sophistication relates to the level of intricacy and advancement of a threat actor's methods and tools, but does not directly address their skill in crafting novel exploits.
    • While resources can aid in bolstering a threat actor's capabilities, this term primarily refers to the tools and personnel that a threat actor can access or utilize.

    Tags: Threat Actor Attributes

Question 28

28. Mary purchased a new laptop. Upon booting it up for the first time, she noticed several pre-installed applications that she neither requested nor intended to use. These applications consumed a significant amount of system resources, causing noticeable slowdowns. Mary was annoyed because she felt she didn't need any of these programs and they were just taking up valuable space and resources on her new device. Which of the following types of malicious software is Mary MOST likely dealing with on her new laptop?

    Options:

    • Spyware
    • Bloatware
    • Trojan horse
    • Ransomware

    Overall explanation:

    • Bloatware refers to software that comes pre-installed on a device, which might be unnecessary or unwanted by the user, and can often consume system resources. Mary's experience aligns with typical bloatware characteristics.
    • A Trojan horse is malware disguised as legitimate software. Mary's concern is about pre-installed software, not software she mistakenly downloaded or installed.
    • Spyware covertly tracks user activities and can monitor local application activity. Mary's issue doesn't seem to revolve around any tracking or monitoring.
    • Ransomware locks files or systems and demands a ransom. Mary doesn't mention any encryption or demands related to her new laptop.

    Tags: Spyware and Bloatware

Question 29

29. Which of the following is a type of vulnerability where a malicious actor can potentially run arbitrary code when a program attempts to read or write an invalid or null storage location?

    Options:

    • Virtual machine (VM) escape
    • Buffer overflow
    • Memory injection
    • Malicious update

    Overall explanation:

    • Memory injection refers to a type of vulnerability where an attacker inserts or "injects" malicious code into a system's memory. The dereferencing of null pointers in C/C++ programming, if exploited, can lead to this.
    • Virtual machine (VM) escape is a vulnerability in which an attacker can break out of a virtual machine and interact with the host system, but it's unrelated to memory locations.
    • A malicious update refers to an unauthorized or unintended software update that introduces malicious code or behavior into a system.
    • Buffer overflow occurs when data written to a buffer exceeds its capacity, potentially allowing malicious code execution, but it's not specific to dereferencing null pointers.

    Tags: Buffer Overflow

Question 30

30. Which of the following BEST describes a threat actor whose primary motivation is to obtain unauthorized access to credit card data?

    Options:

    • Ethical belief
    • Financial gain
    • Chaos
    • War

    Overall explanation:

    • Threat actors motivated by financial gain primarily focus on obtaining valuable data, such as credit card information, with the intent of illegally monetizing it, often selling it on the dark web or using it for unauthorized transactions.
    • Some attackers aim to create chaos by deploying disruptive malware or launching widespread attacks, not necessarily to gain personally but to observe the resultant disorder.
    • Some hackers, often termed "hacktivists," are driven by a moral or ethical belief system, seeking to bring attention to perceived wrongs or injustices, rather than personal profit.
    • This motivation is often associated with state-backed groups or nation-states that deploy cyberattacks as part of a broader strategy, often tied to geopolitical objectives.

    Tags: Threat Actor Motivations

Question 31

31. Which of the following components provides code that allows a host to boot to an operating system, and can enforce boot integrity checks?

    Options:

    • Hardware Root of Trust (RoT)
    • Unified Extensible Firmware Interface (UEFI)
    • Network Access Control (NAC) server
    • Trusted Platform Module (TPM)

    Overall explanation:

    • UEFI provides the code that allows a host system to boot an OS and can enforce various boot integrity checks.
    • While RoT can provide attestation and verify the signatures of boot metrics and OS files, it doesn't provide the code to boot the OS.
    • The NAC server checks the reports from systems attempting to join a network, ensuring their integrity. It doesn't facilitate booting the OS.
    • TPM enhances security with hardware-based cryptographic functions but doesn't directly allow a host to boot to an OS.

    Tags:

Question 32

32. Which of the following characteristics of a cloud architecture model describes a model that can quickly recover from failures due to adverse conditions?

    Options:

    • Scalability
    • Availability
    • Resilience
    • Ease of Deployment

    Overall explanation:

    • Resilience in cloud architecture refers to the ability of the system to quickly recover from failures and maintain operational performance, crucial for ensuring availability during adverse conditions.
    • Ease of Deployment means that new instances and the entire cloud environment can be easily created. Resilience is the ability to maintain operational performance and recover quickly from failures.
    • Scalability means that the system can expand when more resources are needed without creating lags or problems for users. This expansion isn't consider an adverse condition. Increased business is seen as a positive attribute. Resilience is the ability of a system to quickly recover after failures due to adverse conditions.
    • Availability refers to guaranteeing a system will continue to operate so that the system can be used regardless of conditions. Resilience, like availability, refers to keeping a system functioning, but also directly addresses how quickly a system can recover after adverse conditions have led to a failure.

    Tags: Cyber Resilience and Redundancy

Question 33

33. Light Fantastic, a lamp manufacturer, has a factory that is in a floodplain. They have purchased additional flood insurance. Which of the following methods of dealing with risk has the company used?

    Options:

    • Risk avoidance
    • Risk mitigation
    • Risk transference
    • Risk acceptance

    Overall explanation:

    • Risk transference is a method that involves transferring some or all of the risk associated with an activity or asset to another party, such as an insurance company or a vendor. It can reduce the potential impact or liability for the original party.
    • Risk mitigation is a method that involves reducing the impact or likelihood of a risk by implementing controls or countermeasures, not transferring it to another party.
    • Risk avoidance is a method that involves eliminating the possibility of a risk by avoiding the activity or asset that causes it, not transferring it to another party.
    • Risk acceptance is a method that involves acknowledging the existence of a risk and deciding not to take any action to address it, not transferring it to another party.

    Tags: Risk Management

Question 34

34. A legal firm handles highly confidential client contracts that detail mergers and acquisitions. To protect these documents while stored on the company's servers, which of the following methods is BEST suited?

    Options:

    • Password protection
    • Data-at-rest encryption
    • Virtual private network (VPN)
    • Role-based access control (RBAC)

    Overall explanation:

    • Encrypting sensitive files while they're stored on hard drives or storage devices ensures they're protected and unreadable without the appropriate decryption keys.
    • Although RBAC can restrict who has access to the contracts, the actual data remains unencrypted, making it susceptible if there's a breach at the storage level.
    • VPNs are primarily used for secure communication over untrusted networks, not specifically for securing stored data.
    • While adding a password to a document provides a level of security, it is not as robust as full data-at-rest encryption, especially for highly confidential documents.

    Tags: Data States

Question 35

35. For creations of the mind, like novel designs or unique literary compositions, which strategy ensures creators maintain rights to their works and earn due recognition or monetary benefits?

    Options:

    • Conducting periodic security audits
    • Implementation of end-to-end encryption
    • Copyright protection
    • Activation of two-factor authentication

    Overall explanation:

    • Copyright protection provides a legal framework to shield creators' original works from unauthorized use, duplication, or distribution. By obtaining copyright protection, creators can also license their works, allowing them to stipulate how, where, and by whom their creations can be used.
    • Activation of two-factor authentication requires users to provide two different types of identification to access a system, adding an extra layer of security. It might prevent unauthorized access to digital assets but does not inherently protect a creator's rights to their intellectual property or their ability to monetize it.
    • While this security measure encrypts data as it moves from the source to the destination, ensuring that unauthorized parties cannot easily intercept or decipher it, it does not relate to the ownership or rights associated with intellectual creations. It's primarily about data privacy and security during transmission.
    • Conducting periodic security audits is the systematic evaluation of an organization's information systems. They can assess whether the entity is adhering to specific security policies, practices, and procedures. While they might uncover vulnerabilities or non-compliance, they don't directly ensure protection of intellectual creations from unauthorized reproduction or use.

    Tags: Compliance

Question 36

36. Dion Training is concerned with protecting data in transit. Which of the following BEST describes the primary method to secure data when it is being transmitted over a network?

    Options:

    • Implementing robust firewall rules and intrusion detection systems.
    • Storing data on encrypted hardware drives.
    • Using transport encryption protocols like IPSec.
    • Setting up ACLs on network devices.

    Overall explanation:

    • Data in transit refers to data that is actively being sent across a network, such as website traffic or data synchronizing between cloud repositories. To protect this data from potential eavesdropping or interception, it's essential to encrypt it using protocols such as TLS (Transport Layer Security) or IPSec (Internet Protocol Security). These protocols ensure that data remains confidential and integrity is maintained as it moves across the network.
    • ACLs (access control lists) define who can access certain resources on a network, but they don't encrypt the data itself.
    • While firewall rules and intrusion detection systems can help protect against unauthorized access and potential breaches, they don't inherently encrypt data in transit.
    • While encrypted hardware drives protect data at rest, they do not specifically address the protection of data while it's in transit over a network.

    Tags: IPsec

Question 37

37. Kelly Innovations LLC is looking to secure their web applications against various threats like cross-site scripting and SQL injection attacks. They also want to monitor and log HTTP/HTTPS traffic for malicious patterns. Given the requirement and the specific protocols mentioned, which of the following would be the MOST suitable solution?

    Options:

    • WAF
    • UTM
    • Proxy server on port 8080
    • EAP

    Overall explanation:

    • A WAF (Web application firewall) protects web applications by monitoring, filtering, and blocking HTTP/HTTPS traffic that can exploit any vulnerabilities in the application. Typically, it operates on Layer 7 (Application Layer) of the OSI model and can specifically defend against common web-based threats.
    • While a proxy server can act as an intermediary for network requests and offers some level of security by obscuring the true network addresses, it is not inherently designed to defend against specific web application threats like a WAF. The mention of port 8080, a common alternate port for HTTP, might make it seem relevant but doesn't specifically cater to the requirement described.
    • EAP (Extensible authentication protocol) is an authentication framework, not a specific protocol. While EAP offers several methods and supports authentication for wireless networks and point-to-point connections, it doesn't specifically filter or block malicious HTTP/HTTPS traffic targeting web application vulnerabilities.
    • A UTM (Unified threat management) is an all-in-one security solution that can include a WAF, but it also comprises other functionalities like anti-virus, anti-spam, VPN, and more. While a UTM can indeed monitor HTTP/HTTPS traffic, choosing a specific WAF might be more tailored to the described requirement.

    Tags: Firewalls for Security

Question 38

38. Which of the following concepts refers to the ability of a component to maintain its function under adverse conditions?

    Options:

    • Responsiveness
    • Availability
    • Resilience
    • Scalability

    Overall explanation:

    • Resilience is the ability of a system or component to maintain its function or performance under changing or adverse conditions, such as failures, errors, attacks, or disruptions. Resilience can improve the reliability, availability, and security of a system.
    • Responsiveness is the speed at which a system or component responds to requests or events. Responsiveness can affect the performance, usability, and user satisfaction of a system.
    • Availability is the degree to which a system or component is operational and accessible when required. Availability can be affected by factors such as downtime, maintenance, failures, or attacks. Availability is a measure of how often a system is functional, not how well it handles changes or challenges.
    • Scalability is the ability of a system or component to handle increasing or decreasing workloads or demands without compromising its performance or quality. Scalability can improve the efficiency, flexibility, and cost-effectiveness of a system.

    Tags: Availability

Question 39

39. A water treatment facility relies on SCADA systems for automation. This environment can introduce which of the following security vulnerabilities?

    Options:

    • Built for multicore processing.
    • Over-reliance on sandboxing.
    • Legacy protocols without encryption.
    • Frequent OS patching.

    Overall explanation:

    • Many SCADA systems utilize legacy communication protocols that lack modern security features, making them vulnerable to unauthorized interception or tampering.
    • Sandboxing is a method to run untrusted codes. This concern isn't directly associated with the innate vulnerabilities in SCADA systems.
    • SCADA systems tend to have infrequent updates, not frequent OS patching.
    • While multicore processing can improve performance, it's not a direct security concern linked to SCADA.

    Tags: ICS and SCADA

Question 40

40. Which of the following architecture models involves creating multiple instances of a system to handle increased demand?

    Options:

    • Ease of Deployment
    • Scalability
    • Responsiveness
    • Containerization

    Overall explanation:

    • Scalability is an architecture model that involves creating multiple instances of a system or service to handle increased demand or workload. Scalability allows for greater performance, availability, and responsiveness of a system or service.
    • Responsiveness is an architecture model that involves ensuring that a system or service responds quickly and efficiently to user requests or inputs. Responsiveness does not refer to the creation of multiple instances of a system or service, but rather to the optimization of latency and throughput.
    • Containerization is a method that involves packaging an application and its dependencies into a lightweight and portable unit, which can run on any platform that supports containers. Containerization can improve performance, scalability, and security of applications, but it's purpose isn't specifically to deal with increasing or decreasing demand.
    • Ease of deployment refers to the simplicity and speed of launching a system or service into production, which is an important consideration for designing and deploying applications and systems. Some factors that can affect ease of deployment are automation, configuration management, testing, and documentation.

    Tags: Security Architecture

Question 41

41. Which of the following terms refers to the characteristic of a system that ensures minimal disruption in service?

    Options:

    • Responsiveness
    • High availability
    • Ease of recovery
    • Scalability

    Overall explanation:

    • High availability refers to the characteristic of a system or service that ensures minimal downtime or disruption.
    • Ease of recovery refers to the ability to restore a system or service to its normal state after a failure or disruption. It does not refer to the characteristic of a system or service that ensures minimal downtime or disruption in the event of a failure.
    • Scalability refers to the ability of a system or service to handle increased workload without degrading performance or reliability. It does not refer to the characteristic of a system or service that ensures minimal downtime or disruption in the event of a failure.
    • Responsiveness refers to the speed at which a system or service responds to user requests or inputs. It does not refer to the characteristic of a system or service that ensures minimal downtime or disruption in the event of a failure.

    Tags: High Availability

Question 42

42. Kneading Dough, a retirement planning organization, wants to maximize network availability even if there are errors or intrusions on their system. They are confident that they can respond quickly enough to any event and prevent damage to the system. Which of the following will provide them with the level of availability they want?

    Options:

    • Fail-close
    • Load Balancers
    • IPS
    • Fail-open

    Overall explanation:

    • Fail-open refers to what happens when a network encounters errors and exceptions. Fail-open means that when errors occur or exceptions are encountered, the system continues allowing access rather than denying access. Fail-open allows a website to continue offering services even after an error has occurred. The emphasis is, therefore, keeping the website up while the error is addressed, hoping that the error is a minor issue.
    • Fail-close refers to what happens when a network encounters errors and exceptions. Fail-close means that when errors occur or exceptions are encountered, the system denies further access. This prevents any further network traffic until the error or exception are dealt with. While this provides greater security, it means that a website can’t be accessed even if the error encountered is minor or doesn’t pose a security threat. This doesn't address the company's needs.
    • An Intrusion Prevention System (IPS) will prevent any perceived intrusion. This can decrease availability which is the opposite of what the company wants.
    • A load balancer distributes network or application traffic across many servers. This optimizes the use of resources, maximizes throughput, and reduces latency. Load balancers aren't guaranteed to continue working in the event of errors or attacks.

    Tags: Infrastructure Considerations

Question 43

43. Which of the following ISO standards provides an overall framework for enterprise risk management (ERM), considering risks and opportunities beyond cybersecurity, including financial, customer service, competition, and legal liability factors, and establishes best practices for performing risk assessments?

    Options:

    • ISO 9K
    • ISO 14K
    • ISO 21K
    • ISO 31K

    Overall explanation:

    • ISO 31K soffers a comprehensive framework designed for enterprise risk management (ERM). It addresses a wide spectrum of risks, ensuring that organizations implement effective risk assessments and follow best practices to maintain resilience and adaptability.
    • ISO 21K is primarily centered on cybersecurity, this standard provides guidelines and structured processes that organizations should adopt to ensure the security of their digital assets, networks, and data. It encompasses various cybersecurity aspects, ensuring robust defense mechanisms are in place.
    • ISO 9K is tailored for quality management systems, this standard delineates criteria that organizations should meet to ensure consistent quality in their offerings and processes. The principles enshrined in this standard ensure continuous improvement and stakeholder satisfaction.
    • Targeting environmental management, ISO 14K aids companies in establishing, improving, and maintaining an environmentally friendly operational framework. By adhering to ISO 14K, companies can systematically reduce negative impacts on the environment, ensuring sustainable operations.

    Tags: Standards

Question 44

44. Dion Training wants to consolidate its network security services into a cloud-centric model to simplify its security operations. Which of the following is the BEST solution?

    Options:

    • Proxy server
    • Intrusion detection system (IDS)
    • Secure access service edge (SASE)
    • Virtual private network (VPN)

    Overall explanation:

    • SASE is a security model that converges multiple security services into a single cloud-based service, making it the prime option for the given scenario.
    • While an IDS monitors network traffic for potential incidents, it does not consolidate numerous network security services into a single cloud-based service.
    • A VPN is primarily used to encrypt internet connections and protect digital privacy but doesn't specifically consolidate multiple network security services into a single cloud-based model.
    • A proxy server can serve as an intermediary for requests but does not consolidate multiple network security services into a cloud-based model.

    Tags: SD-WAN and SASE

Question 45

45. Hakeem is a compliance officer at HLM Media.  He is creating a classification system for HLM's data. There is some data that laws require be handled in particular ways. What label should he give the data that is subject to strict compliance standards?

    Options:

    • Tokenization
    • Data at rest
    • Confidential
    • Regulated

    Overall explanation:

    • Regulated data implies that it's a category of data that adheres to specific compliance standards due to its sensitive nature.
    • Data at rest is a state of data, typically stored data. It doesn't designate whether the data adheres to specific compliance standards.
    • Tokenization is a method of protecting sensitive data but does not refer to a type of data.
    • Confidential data might require high standards for handling, but it does not specifically encompass data that adheres to regulatory compliance standards.

    Tags: Data Classification

Question 46

46. Dion Training is implementing a new remote working policy and is considering various connectivity options to ensure secure access to organizational resources. The company realizes that certain security principles may have limitations based on the available connectivity options. In this scenario, which of the following considerations demonstrates a limitation of applying security principles due to the constraints of connectivity options?

    Options:

    • Ensuring end-to-end encryption
    • Utilizing network-based intrusion detection systems
    • Implementing multi-factor authentication (MFA)
    • Relying solely on virtual private networks (VPNs)

    Overall explanation:

    • While VPNs enhance security, relying solely on them can limit connectivity options and might not address all security concerns, especially in diverse and dynamic remote working environments.
    • While critical, some remote connectivity options might not fully support robust end-to-end encryption, potentially leaving data transmissions vulnerable.
    • MFA is a universal security principle and does not typically face limitations based on connectivity options; it adds an extra layer of security regardless of the connection method used.
    • Utilizing network-based intrusion detection systems is essential for monitoring network traffic, but their effectiveness might be limited based on the connectivity options available and the location of the traffic flow, especially for remote workers.

    Tags: Remote Access VPN

Question 47

47. Which of the following will provide finer level detail in access control through classifying user roles and responsibilities?

    Options:

    • Obfuscation
    • Permission Restrictions
    • Masking
    • Data Classifications

    Overall explanation:

    • Permission restrictions pertain to how access to data can be controlled based on user roles and responsibilities, allowing organizations to define who can view or manipulate data.
    • Obfuscation is a technique that involves making data difficult to be understood. It generally does not involve assigning permissions based on roles or responsibilities.
    • Data masking is a method to de-identify some or all characters in a sequence, but not changing the total number of characters that a field should contain. The masked version will be structurally the same, but the data will be hidden. Changing the letters or numbers entered into a password field with dots is an example of data masking.
    • Data classifications deal with the sensitivity levels of data such as confidential, secret, and restricted. It isn't concerned with countries' laws.

    Tags: Access Control Models

Question 48

48. Which of the following is a process emphasizes the tracking and analysis of an organization's critical systems and components to make informed decisions and achieve business goals?

    Options:

    • RFID Tracking
    • Naming Conventions
    • Asset Management
    • IP Schema Planning

    Overall explanation:

    • An asset management process focuses on keeping an inventory of all critical systems and components in an organization, allowing personnel to make informed decisions to reach business objectives. It often involves the use of software suites and hardware solutions, and the data stored typically includes type, model, serial number, location, and more.
    • While standard naming conventions do provide a more consistent environment, making errors easier to spot and automation simpler, it doesn't fully encapsulate the broad spectrum of tasks under asset management.
    • RFID Tracking uses chips to program asset data and scanners to update an asset's location, making it primarily about theft prevention and real-time location tracking rather than holistic asset management.
    • IP Schema Planning refers to the structured planning and documentation of the IP address space into subnets. It aims for consistency in addressing, aiding in firewall ACLs application, and ensuring configuration errors are minimal.

    Tags: Asset Management

Question 49

49. StellarTech Corp has always been at the forefront of adopting cutting-edge security measures. Recently, the company started a pilot program where employees use a physical device that they plug into their computers. When they tap a button on this device, they are instantly granted access to company systems. Which passwordless authentication method is StellarTech Corp trialing?

    Options:

    • Cognitive authentication.
    • PIN-based authentication.
    • Hardware token-based authentication.
    • Biometric authentication.

    Overall explanation:

    • Hardware token-based authentication involves using a physical device (often a USB token) to gain access, eliminating the need for traditional passwords.
    • Cognitive authentication requires users to answer knowledge-based questions, and doesn't involve any hardware devices.
    • Biometric authentication uses unique biological traits of a user, like fingerprints or facial recognition, to grant access.
    • A PIN (Personal Identification Number) is still a form of password; it's just numeric.

    Tags: Multifactor Authentication (MFA)

Question 50

50. Which of the following statements is NOT true regarding the importance of Archiving?

    Options:

    • Archiving is crucial for providing historical context to help in future data analysis and investigations.
    • Archiving helps organizations store data safely for long-term retention and regulatory compliance.
    • Archiving can improve system performance by moving less frequently accessed data off primary systems.
    • Archiving is speeds up searches for older data, making the retrieval of data faster and more effective.

    Overall explanation:

    • Archiving doesn't function primarily as a method for searching older data. Enhanced searching could be built into the way in which archives are stored, but it isn't a feature of archiving.
    • Archiving can help improve system performance by moving rarely accessed data off the primary system, reducing data clutter and improving overall efficiency.
    • One important role of archiving is to ensure long-term, secure storage of critical data repositories which aids in maintaining regulatory compliance.
    • Archiving provides a historical context to data, which can be very useful for data analysis, audits, and investigations in the future.

    Tags: Alerting and Monitoring Activities

Question 51

51. At Kelly Innovations LLC, Susan is reviewing credential management practices for cloud services. Which approach is discouraged due to its inherent security risks?

    Options:

    • Assign a unique secret key for programmatic access.
    • Use MFA for all interactive logons at workstations.
    • Using the CSP root user for daily logon activity.
    • Transfer the generated secret key immediately to the host.

    Overall explanation:

    • Using the root user for daily tasks is a high-risk practice because it gives complete control over all resources in the cloud account, making it a lucrative target for attackers.
    • Delaying the transfer of a generated secret key might expose the key to risks, but immediate transfer ensures that the key is securely stored and ready for use.
    • Unique secret keys for programmatic access are crucial for ensuring that interactions with the cloud are secure and authenticated.
    • Using multi-factor authentication provides an additional layer of security by ensuring that users provide two or more verification factors to gain access.

    Tags: Risk Management

Question 52

52. During a digital investigation, which activity is MOST closely associated with the acquisition phase?

    Options:

    • Reviewing a detailed log of who handled the evidence and when.
    • Searching through electronic records to identify relevant emails for a court case.
    • Determining if cryptographic methods need to be employed to protect data during storage.
    • Imaging a hard drive to create an exact byte-for-byte copy for analysis.

    Overall explanation:

    • During the acquisition phase, the goal is to obtain data in a way that doesn't alter the original evidence. Imaging a hard drive is a standard practice to achieve this.
    • While safeguarding data is crucial, this activity is more relevant to the preservation stage.
    • Searching through electronic records to identify relevant emails for a court case is more aligned with e-discovery, where the aim is to locate specific electronic evidence.
    • Reviewing a detailed log of who handled the evidence and when relates to maintaining the chain of custody, which ensures the integrity and authenticity of digital evidence.

    Tags: Investigating an Incident

Question 53

53. Which of the following statements BEST explains the importance of DLP in the context of vulnerability management?

    Options:

    • DLP is a network security technology that monitors and analyzes network traffic to detect and prevent DDoS attacks.
    • DLP is a data encryption technique used to secure sensitive information stored in databases and cloud environments.
    • DLP is a cybersecurity tool that focuses on identifying and blocking malicious software and viruses to prevent data breaches.
    • DLP is a set of techniques and tools for preventing unauthorized transmission of data.

    Overall explanation:

    • DLP involves a set of techniques and tools designed to detect and prevent the unauthorized transmission of sensitive data outside an organization's network, helping to protect valuable data from being leaked or exposed to unauthorized entities.
    • While cybersecurity tools are essential for data protection, DLP specifically focuses on preventing data loss and unauthorized data transmission.
    • DLP is not primarily focused on monitoring network traffic for DDoS attacks but is related to data protection.
    • While data encryption is an important security measure, DLP is not specifically focused on encrypting data in databases and cloud environments but on preventing data loss.

    Tags: Data Loss Prevention (DLP)

Question 54

54. You are the security administrator for a company, and you are tasked with implementing password best practices to enhance the organization's identity and access management. Which of the following password policies BEST meets the recommended password practices?

    Options:

    • Passphrases with a minimum of 15 characters, changed annually.
    • Require 16 characters, upper/lowercase, numbers, change only after a breach.
    • Minimum 8 characters, must include a number and uppercase letter.
    • Require 12 characters, upper/lowercase, numbers, symbols, change every 90 days.

    Overall explanation:

    • This is a strong policy that combines complexity with regular updates, making passwords harder to crack but may lead to poor user practices like writing passwords down due to frequent changes.
    • The strongest policy in terms of password length and complexity; however, infrequent changes could pose a risk if breaches go undetected, leading to prolonged access for attackers.
    • This option meets the bare minimum of complexity requirements but is less secure due to its shorter length, making it easier for attackers to compromise.
    • Longer passphrases are often more secure due to their length and can be more user-friendly, but annual changes might allow for exploitation if compromised and undetected.

    Tags: Password Security

Question 55

55. Jamario is asked to perform a thorough check of all networked devices and software assets after a security incident to verify the total number and ensure no unauthorized assets are present. Which activity is he performing?

    Options:

    • Enumeration
    • Monitoring
    • Disposal
    • Classification

    Overall explanation:

    • Enumeration involves systematically counting or listing assets, ensuring they are all accounted for and no unauthorized assets are present.
    • While monitoring involves overseeing assets, it doesn't necessarily mean systematically counting or verifying them.
    • Disposal pertains to retiring or getting rid of assets, not counting or verifying them.
    • Classification involves determining the categories of assets, not systematically counting or verifying them.

    Tags: Asset Management

Question 56

56. Initech has always provided employees with devices. Recently, Gregory, the Initech security analyst, became aware that many employees have been able to use their own devices.  When he questioned the supervisors, he finds out they knew employees were using their own devices.  The employees said they need devices that worked with more innovative software packages.  None of the devices offered by Initech were robust enough to handle the software. Gregory says that having employees use their own devices isn't a possibility moving forward. He suggests that the company create a policy that prevents employees from putting their own software on devices and using their own devices. To address employee needs, he but suggests Initech provide a broader range of devices and purchase the software employees need. Initech will buy the devices for the employees. Which of the following deployment models is Gregory most likely suggesting?

    Options:

    • COBE
    • CYOD
    • COPE
    • BYOD

    Overall explanation:

    • CYOD stands for Choose Your Own Device, which is a deployment model that allows employees to choose from a list of approved devices provided by the company. This model can offer some flexibility and convenience to the employees, as they can select the device that best suits their needs and preferences. However, this model also enables the company to maintain some security standards and policies on these devices, as it can limit the types and models of devices that are allowed, as well as enforce security configurations and updates on them.
    • COPE stands for Corporate Owned Personally Enabled, which is a deployment model that involves the company providing devices to its employees and allowing them to use them for both work and personal purposes. This model can give the company full control over the security and management of these devices, as it can enforce security policies, install software updates, monitor usage, and wipe data remotely. However, this model also increases the costs and risks associated with owning and maintaining these devices.
    • COBE stands for Corporate Owned Business Only, which is a deployment model that involves the company providing devices to its employees and restricting them to work-related use only. This model can ensure the highest level of security and compliance for these devices, but it also reduces the productivity and satisfaction of the employees, as they have to carry multiple devices for different purposes.
    • BYOD stands for Bring Your Own Device, which is a deployment model that allows employees to use their personal devices, such as laptops, smartphones, or tablets, to access the company’s network and applications. This model can reduce the costs and risks associated with managing and securing these devices, as the responsibility is shifted to the employees. However, BYOD also introduces some challenges, such as ensuring compliance with security policies, protecting sensitive data, and supporting different types of devices and operating systems.

    Tags: Mobile Asset Deployments

Question 57

57. Which of the following statements BEST explains the importance of Netflow?

    Options:

    • Netflow is a protocol used for secure data transmission and encryption between devices on a network.
    • Netflow is a type of firewall that inspects network traffic and blocks malicious packets to prevent cyber-attacks.
    • Netflow is a hardware-based security appliance that monitors and filters network traffic to prevent unauthorized access.
    • Netflow is a network tool that provides visibility into network traffic and helps identify potential security threats.

    Overall explanation:

    • Netflow is a network monitoring and analysis tool that provides visibility into network traffic, allowing administrators to understand and analyze the flow of data across the network. This helps identify potential security threats and abnormal behavior.
    • While secure data transmission and encryption are essential, Netflow is not specifically a protocol used for these purposes.
    • Netflow is not a firewall, but it serves a different function related to network monitoring.
    • Netflow is not a hardware-based security appliance, but rather a network monitoring and analysis tool.

    Tags: Network and Flow Analysis, NetFlow

Question 58

58. Which of the following statements BEST explains the importance of SIEM?

    Options:

    • SIEM is an intrusion detection system that monitors and analyzes network traffic for potential security breaches.
    • SIEM is a security solution that uses a combination of tools to provide a mor complete view of an organization's security posture.
    • SIEM is a firewall technology that analyzes network traffic and blocks suspicious connections to protect against cyber threats.
    • SIEM is a network protocol used for secure data transmission between remote devices, ensuring data confidentiality.

    Overall explanation:

    • SIEM is a security solution that combines log management, event correlation, and real-time monitoring to provide a comprehensive view of an organization's security posture. It enables security teams to detect and respond to security incidents effectively.
    • SIEM is not a network protocol for data transmission; rather, it serves a different purpose related to security information and event management.
    • While firewalls are essential for network security, SIEM is not a firewall technology but a different security solution.
    • While intrusion detection systems are valuable for monitoring network traffic for security breaches, SIEM is not an intrusion detection system itself but rather a security solution focused on log management and event correlation.

    Tags: Security Information and Event Management (SIEM)

Question 59

59. You are the security administrator for a large organization that manages numerous online accounts and systems. To enhance security and reduce the risk of password-related incidents, you decide to implement password vaulting. Which of the following statements best describes the purpose and benefit of password vaulting in this scenario?

    Options:

    • Password vaulting eliminates the need for users to remember their passwords by automatically generating and assigning strong passwords to each account.
    • Password vaulting uses biometric authentication to grant access to stored passwords, ensuring only authorized individuals can retrieve them.
    • Password vaulting stores passwords in an encrypted database, providing a central, secure location for managing passwords, reducing the risk of password reuse and exposure.
    • Password vaulting requires users to use the same password for all accounts to simplify management and ensure consistency.

    Overall explanation:

    • Password vaulting stores passwords in an encrypted database, providing a centralized and secure location for managing passwords. This helps reduce the risk of password reuse and exposure since users can have unique and strong passwords for each account while only needing to remember a master password to access the vault.
    • While password vaulting can store and manage passwords, it does not necessarily generate or assign passwords automatically. Users should still create strong passwords, and the vault will securely store and manage them.
    • While biometric authentication can be part of the overall security strategy, it is not the primary purpose of password vaulting. Password vaulting focuses on secure storage and management of passwords rather than the method of authentication.
    • Reusing the same password for all accounts is a poor security practice and goes against the purpose of password vaulting. The vault aims to help users manage unique and strong passwords for each account securely.

    Tags: Password Managers

Question 60

60. Which of the following BEST explains the importance of exceptions and exemptions in vulnerability management?

    Options:

    • Exceptions and exemptions allow systems to completely bypass all security policies for maximum efficiency.
    • Exceptions and exemptions are official authorizations that allow specific deviations from established security policies or baseline controls.
    • Exceptions and exemptions are designed to eliminate the need for regular audits by providing an all-access pass to privileged users.
    • Exceptions and exemptions permit organizations to ignore all known vulnerabilities without any consequences from internal procedures but don't affect government compliance.

    Overall explanation:

    • Exceptions and exemptions grant official permissions for particular deviations from security policies or baseline controls, occurring under controlled conditions and ongoing monitoring. They are typically employed when compliance with a specific control isn't feasible but where alternate measures can manage associated risks.
    • Although exceptions and exemptions allow for deviations from some security policies, they don't permit an entire bypass of all security measures. The process is managed, and the security impact is assessed and accepted.
    • Although exceptions and exemptions allow some deviations from specific security controls, they don't authorize organizations to ignore known vulnerabilities without mitigating actions or risk acceptances.
    • Exceptions and exemptions don't eliminate the necessity for regular audits. They provide authorized deviation from specific policies or controls but still require appropriate oversight.

    Tags: Risk Management Strategies

Question 61

61. A company is concerned about the security risks associated with departing employees. How can scripting aid in mitigating these risks?

    Options:

    • Automatically deactivates accounts of exiting employees.
    • Generates a detailed exit interview questionnaire.
    • Ensures exiting employees receive farewell gifts.
    • Directly handles the physical exit procedures of an employee.

    Overall explanation:

    • A script can be set to instantly disable user accounts, revoke access to company resources, and even forward emails to a designated recipient upon an employee's departure.
    • While scripts can be powerful, they aren't typically used for creating interview content, which often requires a human touch.
    • Scripting focuses on automating technical tasks and doesn't concern itself with gestures like farewell gifts.
    • Scripting is digital and cannot manage physical processes such as escorting a departing employee or collecting company property.

    Tags: Automating Onboarding

Question 62

62. You are a cybersecurity analyst for a large organization that collaborates with several external partners, each having their own user authentication systems. The organization wants to simplify the user login experience for both internal employees and external partners while maintaining a centralized identity management system. As a cybersecurity analyst, you recommend implementing a federation solution for this purpose. Which of the following approaches would be the most effective way to implement federation in the given scenario?

    Options:

    • Sharing internal employee credentials with external partners to create more efficient access to all systems.
    • Restricting access to internal applications and resources solely based on the user's physical location or group identity.
    • Use a protocol, such as Security Assertion Markup Language (SAML), to facilitate the exchange of identity information among organizations.
    • Creating separate user accounts for external partners within the organization's identity management system.

    Overall explanation:

    • Implementing a federation protocol, such as Security Assertion Markup Language (SAML), is the most effective approach for achieving a seamless user login experience for both internal employees and external partners. SAML allows for the secure exchange of authentication and authorization data between different organizations, enabling users to log in using their own organization's credentials while accessing resources and applications from other federated organizations without the need for separate accounts. It simplifies identity management and enhances user experience while maintaining centralized control.
    • Creating separate user accounts for external partners within the organization's identity management system would result in a complex and difficult-to-maintain system. It would require managing multiple accounts for the same users, leading to duplication of effort and potential inconsistencies in access permissions. Federation is designed to avoid such complexities by enabling the secure exchange of identity information without the need for additional user accounts.
    • Restricting access based on the user's physical location is a form of access control, but it does not address the scenario's requirement of simplifying user logins for both internal employees and external partners while maintaining centralized identity management.
    • Sharing internal employee credentials with external partners poses significant security risks and violates the principle of least privilege. It also exposes the organization to potential unauthorized access and data breaches.

    Tags: Federation

Question 63

63. Which email security protocol uses cryptographic signatures to verify the authenticity of an email's sender?

    Options:

    • DKIM
    • SPF
    • DMARC
    • MTA

    Overall explanation:

    • DKIM (DomainKeys Identified Mail) allows senders to associate a domain name with an email, thus vouching for its authenticity using a cryptographic signature.
    • While DMARC  (Domain-based Message Authentication, Reporting, and Conformance) builds upon DKIM and SPF, it itself doesn't directly use cryptographic signatures. Instead, it allows domain owners to specify policies on how to handle mail that doesn't authenticate with SPF or DKIM.
    • SPF(Sender Policy Framework) is used to specify which mail servers are permitted to send email for a domain. It doesn't utilize cryptographic signatures for this purpose.
    • MTA (Mail Transfer Agent) is responsible for transferring and routing emails between servers, but doesn't employ cryptographic signatures for sender authenticity.

    Tags: Email Security

Question 64

64. Which of the following tools is MOST known for agentless security monitoring/alerting?

    Options:

    • Security Information and Event Management (SIEM)
    • Web application firewall (WAF)
    • Intrusion detection system (IDS)
    • Antivirus software

    Overall explanation:

    • SIEM tools are essential for consolidating and analyzing logs and alerts from various sources within an environment. These tools are known for their agentless capabilities, where they can collect and process logs without needing a dedicated agent on the source system, providing flexibility in diverse infrastructure setups.
    • While an IDS can detect malicious activities, it typically requires agents or sensors to capture traffic or system activities.
    • Antivirus software is geared towards detecting and removing malicious software from a system and typically requires an agent for operation.
    • A WAF is designed to filter and monitor HTTP traffic to and from a web application, preventing web-based attacks. It doesn't specifically provide agentless monitoring/alerting at a better capacity of the options that are available.

    Tags: SIEM

Question 65

65. Which of the following is an aspect of asset management that ensures that each IT asset is clearly associated with a specific individual or department, providing clarity on responsibilities and access rights?

    Options:

    • Ownership
    • Monitoring
    • Decommissioning
    • Acquisition

    Overall explanation:

    • Ownership helps in determining who is responsible for the asset, ensuring clear lines of accountability and often helping in deciding the access rights.
    • Decommissioning pertains to the process of retiring assets and doesn't directly associate assets with specific entities.
    • Acquisition refers to the process of obtaining assets, not the association of assets with individuals or departments.
    • Monitoring involves keeping an eye on the performance and status of assets, rather than establishing responsibility.

    Tags: Asset Management

Question 66

66. During e-discovery, which activity is a key focus?

    Options:

    • Maintaining a detailed record of every individual who accesses the digital evidence.
    • Reviewing electronic files to extract relevant documents for a legal case.
    • Ensuring that evidence storage mediums are in tamper-evident bags.
    • Using forensic software tools to recover deleted files from a storage device.

    Overall explanation:

    • E-discovery revolves around the systematic search and retrieval of pertinent electronic data for legal purposes.
    • Maintaining a detailed record of every individual who accesses the digital evidence relates to the chain of custody, ensuring that evidence has been handled properly and remains credible.
    • Ensuring that evidence storage mediums are in tamper-evident bags is a preservation measure, designed to protect and authenticate the original evidence.
    • While data recovery is a common task in digital forensics, it isn't the primary activity in the e-discovery process.

    Tags: Digital Forensic Procedures

Question 67

67. Which of the following reasons MOST accurately describes the significance of implementing a data retention policy?

    Options:

    • They ensure compliance with legal and regulatory requirements.
    • They speed up data recovery processes by allowing faster incremental and differential backups.
    • They enhance system performance by regular data deletion.
    • They reduce storage costs over time by ensuring that too much data isn't kept.

    Overall explanation:

    • A proper data retention policy helps organizations maintain and dispose of data in accordance with laws, regulations, and industry standards, preventing potential legal consequences.
    • While removing extraneous data can enhance system efficiency, it isn't the most relevant choice among the given alternatives.
    • Data retention policies may streamline data structures, but the primary goal isn't necessarily to speed up recovery processes.
    • While a data retention policy can lead to cost savings by disposing of unnecessary data, its primary purpose is not usually financial.

    Tags: Compliance

Question 68

68. At Dion Training Solutions, Susan needs to allow only Jamario and Sasha to access the company's internal web application on port 8080. Jamario has an IP of 10.0.0.5, and Sasha has an IP of 10.0.0.6. After the configuration, Reed, with an IP of 10.0.0.7, is still able to access the application. Which of the following access list entries could have caused this?

    Options:

    • permit tcp host 10.0.0.5 eq 8080 any
    • permit tcp any host 10.0.0.0 0.0.0.255 eq 8080
    • deny tcp host 10.0.0.7 eq 8080 any
    • permit tcp host 10.0.0.6 eq 8080 any

    Overall explanation:

    • permit tcp any host 10.0.0.0 0.0.0.255 eq 8080 allows any external IP to access the company's internal application on port 8080 if it belongs to the 10.0.0.x range. This is why Reed can access the application.
    • permit tcp host 10.0.0.6 eq 8080 any specifically permits Sasha's IP to access port 8080, so it's not the problematic rule.
    • permit tcp host 10.0.0.5 eq 8080 any specifically permits Jamario's IP to access port 8080, so it's not the problematic rule.
    • Even though deny tcp host 10.0.0.7 eq 8080 any denies Reed's IP from accessing port 8080, there must be another rule permitting him. This alone wouldn't be the cause of the problem.

    Tags: Access Control Lists (ACLs)

Question 69

69. Which of the following statements BEST explains the concept of Log aggregation?

    Options:

    • Log aggregation is the monitoring network traffic and identifying potential security breaches.
    • Log aggregation is the collecting of data from a scan and making it available to security analysts.
    • Log aggregation is the analysis of wide varieties of log data to identify security breaches.
    • Log aggregation collects and normalizes log data from various sources to make it easier to analyze.

    Overall explanation:

    • Log aggregation is essential for collecting, normalizing, and centralizing log data from various sources, such as network devices, servers, and applications. This centralized approach enables comprehensive analysis and detection of security incidents, providing valuable insights into potential security threats and breaches.
    • Log aggregation doesn't involve the actual monitoring of network traffic. While log aggregation makes it easier for analysts to view the data, aggregation doesn't involve analysis, only collection and centralization.
    • Logging is the collection of data from a scan and making it available to security analysts.
    • Log aggregation is the collecting of log data from many sources and normalizing it so it can be more easily analyzed.

    Tags: Alerting and Monitoring Activities

Question 70

70. The New York Inquirer's main headquarters has a diverse IT infrastructure, including servers, workstations, and IoT devices. They have implemented a firewall to protect their internal network from external threats. The organization wants to modify the firewall rules to enhance security and minimize potential attack vectors. Which modification to firewall ports and protocols is NOT recommended for the organization to enhance security?

    Options:

    • Enabling Stateful Inspection for packet filtering
    • Allowing any outgoing traffic to any destination
    • Closing unused and unnecessary ports and protocols
    • Implementing port forwarding for remote access to internal servers

    Overall explanation:

    • Allowing any outgoing traffic to any destination is NOT recommended for enhancing security. Outbound traffic can carry sensitive information, and unrestricted access may lead to data leakage or unauthorized communication with potentially malicious external servers. It is essential to control outgoing traffic to prevent data exfiltration and ensure that only necessary outbound communication is allowed. By restricting outbound traffic to only approved and necessary destinations, the organization can improve security and prevent potential data breaches.
    • Enabling Stateful Inspection for packet filtering is a recommended security capability for firewalls. Stateful Inspection tracks the state of active connections and allows only the packets associated with an established connection to pass through. This helps prevent unauthorized traffic and ensures that only legitimate packets are allowed, enhancing the firewall's ability to protect against malicious activities.
    • Implementing port forwarding for remote access to internal servers may be necessary in certain scenarios, but it should be done with caution and only for specific services that require external access. While it may enable remote access to internal resources, improper configuration or unrestricted port forwarding can introduce security risks, making it less suitable for enhancing security in this scenario.
    • Closing unused and unnecessary ports and protocols is a highly recommended security practice. By doing so, the organization can reduce the attack surface and prevent potential threats from exploiting open ports or insecure protocols. Unused ports and protocols represent potential entry points for attackers, and closing them helps to limit unauthorized access and enhance overall security.

    Tags: Hardening

Question 71

71. Which of the following is a disadvantage of agentless posture assessment in Network Access Control (NAC) solutions?

    Options:

    • Less detailed information about the client is available.
    • Requires more storage space on the client device.
    • Inability to support smartphones, tablets, and IoT devices.
    • Increased risk of malware infection on client devices.

    Overall explanation:

    • Agentless posture assessment in NAC solutions, while beneficial for supporting a broad range of devices, often provides less granular data about the client compared to agent-based solutions. This can limit the depth of assessment and control.
    • The presence or absence of an agent doesn't directly correlate with an increased risk of malware. Malware protection is more related to the specific security mechanisms in place.
    • Agentless solutions are often chosen specifically because they can support a wider range of devices, including smartphones, tablets, and IoT devices.
    • Agentless solutions don't require storage on the client device for an agent, so this isn't a disadvantage of agentless posture assessment.

    Tags: Network Access Control (NAC)

Question 72

72. As a security analyst, you are reviewing firewall logs as part of an ongoing investigation into suspicious network activity. Which of the following pieces of information is NOT typically available in the firewall log data?

    Options:

    • Timestamps of firewall log entries
    • Destination port the traffic was trying to reach
    • Open ports on the destination device
    • Source IP address of the traffic

    Overall explanation:

    • Firewall logs typically do NOT contain information about open ports on the destination device. Firewalls focus on network information. They are likely to show the port that was used by the destination device, but not a list of open ports on the device.
    • Timestamps are a critical component of firewall log entries. They provide context and sequence to the events logged, which is essential for determining the timeline of a potential security incident.
    • The destination port is another vital data point captured in firewall logs. This can provide insights into the services being accessed or targeted by the traffic and can reveal potential vulnerabilities or unauthorized activities.
    • The Source IP address of the traffic is important to determine where the traffic has come from.

    Tags: Firewall Logs

Question 73

73. Which of the following legislation focuses on ensuring the privacy and security of patient health information in the US?

    Options:

    • HIPAA
    • Computer Security Act (1987)
    • GDPR
    • SOX

    Overall explanation:

    • HIPAA (Health Insurance Portability and Accountability Act) sets the standard for protecting sensitive patient data and mandates specific practices and measures for health institutions.
    • This act is aimed at securing federal computer systems processing confidential information, not specifically at health-related data.
    • SOX (Sarbanes-Oxley Act) primarily deals with financial transparency and accountability, without a focus on patient health data.
    • GDPR (General Data Protection Regulation), an EU regulation, focuses broadly on personal data protection but is not specific to the health sector or patient information.

    Tags: Standards

Question 74

74. Which policy outlines the steps to be taken in response to data breaches?

    Options:

    • Disaster recovery policy
    • Business continuity policy
    • Playbook
    • Incident response policy

    Overall explanation:

    • The incident response policy outlines the steps and procedures to be taken in response to security incidents or breaches. It defines the roles, responsibilities, and actions required to detect, respond, and recover from security incidents effectively. The business continuity policy focuses on ensuring the continued operation of critical business functions during and after disruptive events, such as natural disasters or significant system failures.
    • While incident response may be a part of business continuity planning, it is not the primary focus of this policy. The disaster recovery policy focuses on the processes and procedures for recovering IT systems and infrastructure after a significant disaster or failure.
    • While security incidents may trigger disaster recovery procedures, this policy's primary objective is broader than just incident response.
    • Playbooks are comprehensive sets of instructions that outline predefined responses to specific situations or events. They are often used in incident response and cybersecurity for guiding actions during security incidents.

    Tags: Incident Response Process

Question 75

75. Which set of standards and guidelines is developed by NIST and specifies requirements for cryptographic modules used within federal computer systems in the United States?

    Options:

    • NIST Special Publication 800-63
    • PCI DSS
    • ISO/IEC 27001
    • FIPS

    Overall explanation:

    • FIPS (Federal Information Processing Standards) are standards that provide important guidelines and requirements for cryptography used to secure federal information systems, except those related to national security.
    • While ISO/IEC 27001 is an important standard for information security management systems, it does not set specific requirements for cryptographic modules within federal computer systems.
    • PCI DSS relates to the protection of cardholder data and is not focused on the cryptographic requirements for federal information systems.
    • This publication provides guidelines for digital identity but does not specify requirements for cryptographic modules within federal systems.

    Tags: Standards

Question 76

76. Which of the following BEST describes the purpose of attestation and acknowledgement when it comes to effective security compliance?

    Options:

    • Determining the data retention period for compliance documents for an organization.
    • Automating the compliance and assessment reporting process.
    • Confirming understanding and adherence to compliance requirements.
    • Assessing the potential fines for non-compliance.

    Overall explanation:

    • Attestation and acknowledgement are processes that ensure individuals or entities recognize and agree to comply with specified rules or standards.
    • Attestation and acknowledgement do not relate to the evaluation of potential consequences specifically.
    • While data retention is an element of compliance, attestation and acknowledgement focus on affirming one's understanding and commitment to compliance mandates.
    • While automation can assist in various compliance tasks, attestation and acknowledgement primarily involve a declaration or confirmation, not automation.

    Tags: Attestation of Findings

Question 77

77. Which of the following BEST describes the primary objective of an integrated penetration test?

    Options:

    • To gauge the success of an organization's security training.
    • To evaluate solely the software layer's vulnerabilities.
    • To focus only on vulnerabilities of the external network.
    • To assess vulnerabilities across physical, software, and network layers.

    Overall explanation:

    • Integrated tests provide a comprehensive evaluation, covering various security domains from physical infrastructure to software applications and network configurations, ensuring a multi-faceted approach to uncovering potential vulnerabilities.
    • To evaluate solely the software layer's vulnerabilities highlights only one domain, neglecting the comprehensive nature of integrated testing.
    • While gauging the success of an organization's security training, this isn't the central focus of integrated penetration tests.
    • Focusing only on vulnerabilities of the external network is a narrower perspective, akin to external penetration tests.

    Tags: Penetration Testing

Question 78

78. Which of the following statements BEST describes the role of a data processor in data governance?

    Options:

    • Assesses and manages risks related to data security and compliance.
    • Directly responsible for classifying data and defining access permissions.
    • Sets the strategic direction and policies for organizational data management.
    • Processes personal data for controllers and ensures implementation of security measures.

    Overall explanation:

    • The processor is tasked with handling personal data in accordance with the controller's directions and must secure the data as per the established standards.
    • While the processor may contribute to assessing and managing risks related to data security and compliance, it is not their primary function; instead, it is more closely related to the roles of security and compliance committees.
    • Directly responsible for classifying data and defining access permissions typically fall under the purview of the data owner, not the processor.
    • Setting the strategic direction and policies for organizational data management is generally associated with the data owner or governance board, not the processor.

    Tags: Data Ownership

Question 79

79. Which of the following types of conflict of interest may occur when a vendor has a possibility of earning commissions that could influence their recommendations during vendor assessments?

    Options:

    • Financial interests
    • Competitive relationships
    • Insider information
    • Personal relationships

    Overall explanation:

    • A conflict of interest under "Financial Interests" arises when a vendor stands to gain financially from recommending certain products or services, which may lead to biased advice not aligned with the organization's needs.
    • Competitive relationships refer to a vendor's ties with other vendors or businesses that could affect their impartiality, not direct financial rewards from recommendations.
    • Having insider information can give a vendor an unfair advantage, but this type of conflict involves the misuse of proprietary or confidential data rather than financial incentives related to product suggestions.
    • While personal relationships can influence decision-making, it does not specifically involve financial gain from product or service recommendations.

    Tags: Vendor Assessment

Question 80

80. Which of the following entities is responsible for providing detailed analysis and recommendations to the governance board to aid in informed decision-making, particularly in areas requiring specialized knowledge?

    Options:

    • Advisory Councils
    • Executive Teams
    • Management Groups
    • Committees

    Overall explanation:

    • Committees are specialized groups that include subject matter experts who support the governance board with expert analysis and recommendations.
    • Management Groups typically handle day-to-day operational decisions rather than providing specialized support to the governance board.
    • Executive Teams individuals are part of the governance board with ultimate decision-making authority but may not focus on specific issues like committees do.
    • While Advisory Councils may also provide advice, they are not solely responsible for in-depth analysis and recommendations for the governance board.

    Tags: Governance Structures

Question 81

81. Hair and There, an online beauty supply store, has conducted a comprehensive risk assessment and identified potential vulnerabilities in their network infrastructure. They recognize that another global pandemic would seriously harm their business and is a considerable risk. After careful analysis, they determine that they simply cannot control whether another pandemic occurs. They take measures to help reduce the types of damage a pandemic will cause and then hope that it doesn't happen. Which risk management strategy is are they employing?

    Options:

    • Avoid
    • Transfer
    • Mitigate
    • Accept

    Overall explanation:

    • Mitigating the risk means implementing measures or controls to reduce the potential impact or likelihood of the risk event occurring.
    • Avoiding the risk involves eliminating the risk entirely by refraining from activities or situations that could expose the organization to potential threats. They are not avoiding the risk since they are taking actions to minimize the impact. If they were avoiding the risk, they would probably close the business since avoiding involves not undertaking the activity that is risky.
    • Transferring the risk involves shifting the financial burden of potential losses to a third party, such as an insurance company. There is no mention of bringing in a third party to accept some of the financial burden for a pandemic.
    • Accepting the risk means the organization acknowledges the risk and does not take any specific actions to mitigate it. In the scenario above, they do take some measures to reduce the impact, so they are not just accepting the risk.

    Tags: Risk Management Strategies

Question 82

82. When a cybersecurity expert categorizes the chance of a data breach as "high" due to recent similar incidents in the industry, which risk assessment term are they using?

    Options:

    • Risk rating
    • EF
    • Likelihood
    • Confidence level

    Overall explanation:

    • This term is used in qualitative risk analysis to subjectively describe how probable a risk event is, often expressed in terms such as "low," "medium," or "high."
    • A risk rating incorporates both likelihood and impact to give an overall score to a risk but is not the term used to express the chance of occurrence alone.
    • While a confidence level might inform the use of "high" in different contexts, it doesn't specifically refer to the qualitative measure of risk probability.
    • The exposure factor (EF) is the fraction of the asset value that is at risk in the event of a security incident.

    Tags: Risk Register

Question 83

83. Which type of external evaluation is carried out by a government agency to ensure companies are obeying laws?

    Options:

    • Assessment
    • Independent third-party audit
    • Regulatory examination
    • Attestation

    Overall explanation:

    • A regulatory examination is a specific type of external evaluation conducted by a government agency or regulatory body to assess an organization's compliance with specific regulations and legal requirements. Regulatory examinations are typically performed to ensure that the organization is adhering to the relevant laws and industry standards.
    • An assessment, in a general sense, refers to the process of evaluating or appraising something. However, in the context of compliance evaluations, the term "assessment" may not be as specific as "regulatory examination" or "independent third-party audit," which are more commonly used to describe formal evaluations for compliance purposes.
    • Attestation is the process of providing a formal statement of verification or confirmation. However, in the context of compliance evaluation, attestation typically involves a written statement from an external entity confirming that an organization has met specific compliance requirements. This statement could be from a third-party assessor, auditor, or the organization's management itself.
    • An independent third-party audit is an external evaluation conducted by an impartial entity that is not affiliated with the organization being assessed. The third-party auditor evaluates the organization's processes, controls, and compliance with applicable regulations. This type of audit provides an objective assessment and helps ensure transparency and credibility.

    Tags: External Audits and Assessments

Question 84

84. Which standard mandates specific security requirements for organizations that handle branded credit cards from the major card issuers, aiming to protect cardholder data?

    Options:

    • PCI DSS
    • ISO/IEC 27001
    • FIPS
    • NIST Special Publication 800-63

    Overall explanation:

    • The PCI DSS (Payment Card Industry Data Security Standard) is a widely-recognized security standard that imposes strict security measures for organizations handling credit cards from major card issuers to safeguard cardholder information against theft and fraud.
    • FIPS (Federal Information Processing Standards) are U.S. government standards that outline the requirements for cryptographic modules within federal computer systems and are not specifically related to credit card data protection.
    • ISO/IEC 27001 is an international standard for managing information security; it is not exclusive to the protection of credit card data.
    • NIST SP 800-63 offers guidelines for digital identity management, which includes general recommendations for access control but does not deal specifically with credit card data security.

    Tags: Standards

Question 85

85. The IT team at Abstract Simplicity, a technology training company, is reviewing their security policies to enhance credential security. They want to implement guidelines for creating and managing strong and secure credentials to protect their users' accounts and sensitive information. What set of standards should the team consult as they do their review?

    Options:

    • Access control standard
    • Physical security standard
    • Password standard
    • Encryption standard

    Overall explanation:

    • The password standard defines the guidelines and requirements for creating and managing strong and secure passwords within an organization. It typically includes rules regarding password complexity, length, expiration, and how often users should change their passwords. This will help ensure credentials are protected.
    • The physical security standard deals with protecting the physical assets and facilities of an organization. It is not directly related to password management or guidelines for creating secure passwords.
    • The encryption standard outlines guidelines for the proper use of encryption techniques to protect sensitive data in storage or transmission. While encryption plays a crucial role in data security, it does not specifically address password-related guidelines.
    • The access control standard focuses on the rules and procedures for granting and revoking access to resources and systems within an organization. While access control measures can contribute to password security, the standard itself does not specifically address password-related guidelines.

    Tags: Password Security

Question 86

86. Which of the following terms refers to an organization that maintains a balanced approach towards risk, willing to engage in risks that are aligned with strategic objectives and are within their capacity to manage?

    Options:

    • Expansionary risk appetite
    • Conservative risk appetite
    • Risk thresholds
    • Neutral risk appetite

    Overall explanation:

    • A neutral risk appetite reflects an organization's balanced stance on risk-taking, neither aggressively seeking high-risk opportunities nor being overly conservative, but taking on risks that are strategically aligned and manageable.
    • Risk thresholds indicate the points at which risk levels are considered to exceed acceptable levels.
    • An expansionary risk appetite is evident in organizations that take on more risk to achieve high returns or growth, typically through new initiatives like launching products or entering new markets.
    • A conservative risk appetite characterizes organizations that are risk-averse and prioritize stability and compliance over the pursuit of opportunities that carry more risk.

    Tags: Risk Register

Question 87

87. Sasha, the CEO of Dion Training is concerned about potential cybersecurity threats. She wants a systematic approach to managing security incidents, so she has had David, the CTO, develop an incident response policy. Which of the following BEST describes the purpose of an incident response policy?

    Options:

    • To address the acceptable use of IT resources.
    • To outline the steps for handling security incidents and breaches.
    • To maintain critical business operations during disruptions.
    • To ensure data encryption is implemented.

    Overall explanation:

    • The primary purpose of an incident response policy is to outline the predefined steps and procedures for effectively identifying, containing, mitigating, and resolving security incidents and breaches. It helps ensure a structured and organized approach to handling such incidents to minimize their impact.
    • While maintaining critical business operations during disruptions is an essential aspect of business continuity planning, it is not the primary purpose of an incident response policy. The incident response policy focuses on the immediate response to security incidents and breaches, while business continuity policies address the broader aspect of keeping critical operations running during disruptions.
    • The acceptable use policy (AUP) specifically deals with defining the acceptable and appropriate use of IT resources within the organization by employees and users. It is not directly related to incident response.
    • While data encryption is an important security measure, it is not the primary purpose of an incident response policy. Incident response policies focus on providing guidelines and procedures for detecting, responding to, and recovering from security incidents and breaches.

    Tags: Incident Response

Question 88

88. Kelly Innovations LLC is focusing on launching innovative products and is frequently entering new markets despite the high level of uncertainty and competition. This behavior is indicative of which type of risk appetite?

    Options:

    • Risk register
    • Expansionary
    • Neutral
    • Conservative

    Overall explanation:

    • The startup's willingness to embrace uncertainty for potential high returns or aggressive growth indicates an expansionary risk appetite.
    • A neutral risk appetite would look for a balance and only pursue risks that are aligned with strategic goals and can be managed.
    • A risk register is a tool for tracking identified risks and managing them.
    • A conservative risk appetite would avoid high levels of uncertainty and instead focus on stability and risk aversion.

    Tags: Risk Register

Question 89

89. At SecureTech Solutions, the IT team is developing a comprehensive disaster recovery plan to ensure business continuity in case of disruptions. As part of this plan, they need to determine the maximum amount of data loss the organization can tolerate in the event of a disruption. What measurement are they determining?

    Options:

    • RPO
    • MTBF
    • MTTR
    • RTO

    Overall explanation:

    • The recovery point objective (RPO) is the maximum amount of data loss an organization is willing to tolerate. It defines the point in time to which systems and data must be recovered after a disruption.
    • The mean time to repair (MTTR) is the average time taken to repair a system or component after a failure or disruption.
    • The mean time between failures (MTBF) is the average time interval between failures of a system or component.
    • The recovery time objective (RTO) is the maximum acceptable downtime for a system or process to be restored and functioning after a disruption.

    Tags: Risk Identification

Question 90

90. Which of the following objectives is primarily fulfilled by using questionnaires during vendor assessments?

    Options:

    • To obtain detailed insights into the vendor’s security posture and risk management. !!!!!!
    • To facilitate a comparative analysis of the financial aspects of vendor proposals.
    • To establish the groundwork for future contractual negotiations.
    • To assess the effectiveness of a vendor’s marketing and promotional tactics.

    Overall explanation:

    • Contract negotiations indeed require understanding of a vendor's practices, but questionnaires are specifically employed to gain a comprehensive understanding of their security and risk management, not as a basis for contract terms.
    • To obtain detailed insights into the vendor’s security posture and risk management is the primary goal of a questionnaire in the vendor assessment process, ensuring that the organization can ascertain the vendor's adherence to security policies, disaster recovery plans, and compliance with regulations.
    • Evaluating marketing strategies is not the purpose of security questionnaires; these tools are meant to delve into the vendor's security controls and procedures to manage and mitigate risks.
    • While financial considerations are important in vendor assessments, the questionnaires are tailored to extract security-related information rather than to compare costs directly.

    Tags: Vendor Selection and Monitoring