C795 - Cybersecurity Management II - Tactical | Pre-Assessment

A company is concerned about securing its corporate network, including its wireless network, to limit security risks. Which defense-in-depth practice represents an application of least privilege? Implement mutual multifactor authentication Configure Wi-Fi-Protected Access for encrypted communication Disable wireless access to users who do not need it Implement an intrusion detection system

Disable wireless access to users who do not need it

Which type of backup solution should be incorporated in an organization that has high-capacity backup data requirements in the terabytes? Disk-to-disk Tape Optical media High-capacity CD-RW

Disk-to-disk

A penetration tester identifies a SQL injection vulnerability in a business-critical web application. The security administrator discusses this finding with the application developer, and the developer insists that the issue would take two months to remediate. Which defense-in-depth practice should the security administrator use to prevent an attacker from exploiting this weakness before the developer can implement a fix? Perform daily vulnerability scans Implement a web-application firewall Submit an urgent change control ticket Deploy an antimalware agent to the web server

Implement a web-application firewall

A company is concerned about unauthorized network traffic. Which procedure should the company implement to block FTP traffic? Install a packet sniffer Update the DNS Filter ports 20 and 21 at the firewall Decrease the network bandwidth

Filter ports 20 and 21 at the firewall

Which two data recovery components will back up a file and change the archive bit to 0? Choose 2 answers. Full backup Differential backup Incremental backup Copy backup

Full backup Incremental backup

A company needs to improve its ability to detect and investigate rogue WAPs. Which defense-in-depth practice should be used? Configure a captive portal to request information Configure MAC address filtering to control access Install a wireless IDS to monitor irregular behavior Install a stateful firewall to block network connections

Install a wireless IDS to monitor irregular behavior

Which RAID array performs striping and uses mirroring for fault tolerance? RAID 0 RAID 1 RAID 5 RAID 10

RAID 10

Which RAID array configuration is known as striping with parity and requires the use of three or more disks that spread the parity across all drives? RAID 0 RAID 1 RAID 5 RAID 10

RAID 5

How often should a business continuity plan (BCP) be reviewed? At least annually or when changes occur If and when the company gets audited When a disaster occurs Every five years or when a law changes

At least annually or when changes occur

A company wants to prevent cybercriminals from gaining easy access into its email server. The company wants to know which user is accessing which resources and to prevent hackers from easily gaining access to the server. Which defense-in-depth strategy should be used? Authenticate users and devices and log events within the network Deploy VLANs for traffic separation and coarse-grained security Place encryption throughout the network to ensure privacy Use stateful firewall technology at the port level and log firewall activity

Authenticate users and devices and log events within the network

A combined mail server and calendaring server environment contains no secure sockets layer (SSL) certificate. Which security principle of the CIA triad is affected by the lack of an SSL certificate? Confidentiality Integrity Authentication Availability

Confidentiality

The IT department of a large company uses a secure baseline image to deploy operating systems. Which type of management action is being implemented by using a secure baseline image? Patch Configuration Change Operations

Configuration

Which database disaster recovery strategy transfers copies of database transaction logs to another location? Electronic vaulting Remote journaling Disk mirroring Floating parity

Remote journaling

An organization wants to secure a wireless access point (WAP) and wants to force users to authenticate to the network before gaining access .Which security encryption protocol should be implemented on the WAP? WEP WPA 802.1i 802.1X

802.1X

A company's main asset is a physical working prototype stored in the research and development department. The prototype is not currently connected to the company's network. Which privileged user activity should be monitored? Accessing camera logs Adding accounts to the administrator group Running scripts in PowerShell Disabling host firewall

Accessing camera logs

A company is terminating several employees with high levels of access. The company wants to protect itself from possible disgruntled employees who could become potential insider threats. Which defense-in-depth practices should be applied? Account revocation and conducting a vulnerability assessment Account revocation and conducting a full backup of critical data A mandatory 90-day password change and conducting a full backup of critical data A mandatory 90-day password change and conducting a vulnerability assessment

Account revocation and conducting a vulnerability assessment

An organization is deploying a number of internet-enabled warehouse cameras to assist with loss prevention. A plan is put in place to implement automated patching. Which defense-in-depth measure will ensure that the patch images are as expected? All remotely installed software must be signed. Communications must use HTTPS. Device authentication must use digital certificates. All passwords must be salted and hashed.

All remotely installed software must be signed.

A company develops a business continuity plan in addition to an emergency communication plan. What should be included in the company's emergency communication plan? Choose 2 answers. Alternate means of contact Backup people for each role The best time to call each person Employee's phone service providers

Alternate means of contact Backup people for each role

An organization is creating a security policy that will be able to audit the use of administrative credentials. The company has decided to use multifactor authentication to allow for the accountability of administrative actions. Which multifactor authentication policy should be applied? Force administrators to have two accounts, one for normal tasks and one for elevated privileges Assign administrators individual accounts that require a password and a physical smart card Have all administrators use a different administrative account on each server in the network Change the default password on all service accounts and on all administrator accounts

Assign administrators individual accounts that require a password and a physical smart card

Which data recovery strategy should be used to mitigate the risk of a natural disaster? Perform a full local backup Store tapes in a secure room Hold backups on a shared drive Back up data to a remote cloud provider

Back up data to a remote cloud provider

An organization wants to secure WAPs and is developing deployment procedure guidelines. Which Wi-Fi security procedures should be included in the guidelines? Change the admin password Enable SSID broadcasting Disable MAC filtering Keep the default SSID

Change the admin password

A company's vulnerability management policy requires assessing a vulnerability based on its severity. Which standard should this company use to prioritize vulnerabilities? Common Vulnerability Scoring System (CVSS) Common Vulnerabilities and Exposures (CVE) Common Configuration Enumeration (CCE) Open Vulnerability and Assessment Language (OVAL)

Common Vulnerability Scoring System (CVSS)

A security professional for a midsize company is tasked with helping the organization write new corporate security procedures. One of the policies includes the use of multifactor authentication. Which defense-in-depth practice should the security professional apply? Create two unique accounts for each administrator and let the administrator set both passwords Create two unique accounts for each administrator and assign the other administrators the second password Create a unique administrator account for each person and configure a security token that provides a passcode every 60 seconds Create a unique administrator account for each person and let the administrator select a PIN that only the administrator knows

Create a unique administrator account for each person and configure a security token that provides a passcode every 60 seconds

A company is concerned that disgruntled employees are sending sensitive data to its competitors. Which defense-in-depth practices assist a company in identifying an insider threat? Data loss prevention (DLP) and audit logs Antivirus and intrusion detection systems (IDS) Data loss prevention (DLP) and intrusion detection systems (IDS) Antivirus and audit logs

Data loss prevention (DLP) and audit logs

A technician notifies her supervisor that the nightly backup of a critical system failed during the previous night's run. Because the system is critical to the organization, the technician raised the issue in order to make management aware of the missing backup. The technician is looking for guidance on whether additional actions should be taken on the single backup failure. Which role is responsible for making the final decision on how to handle the incomplete backup? Senior management Data owner Supervisor Application administrator

Data owner

A company has user credentials compromised through a phishing attack. Which defense-in-depth practice will reduce the likelihood of misuse of the user's credentials? Configure firewall rules Deploy multifactor authentication Deploy RADIUS authentication Configure encryption protocols

Deploy multifactor authentication

A company is moving its database backups from an off-site location to an alternate processing site warehouse using bulk transfers. Which type of database recovery is this company employing? Electronic vaulting Remote journaling Remote mirroring Mutual assistance

Electronic Vaulting

A government agency is at risk of attack from malicious nation-state actors. Which defense should the agency put on the boundary of its network to stop attacks? Deploy a honeypot Employ an intrusion detection system Use an internal security information and event manager Employ an intrusion prevention system

Employ an intrusion prevention system

It is suspected that someone is connecting to an organization's wireless access points (WAPs) and capturing data. Which boundary-defense method should be applied to reduce eavesdropping attacks? Enable 802.1X to require network authentication Disconnect unused LAN drops within the building Install a network monitor on the WAP Add a whitelist for all traffic coming from the ISP

Enable 802.1X to require network authentication

A company wants to reduce the risk of an employee with internal knowledge committing an act of sabotage once that employee is no longer with the company. Which control should the company implement to mitigate this risk? Deploy an intrusion detection system Monitor email for blackmail attempts Perform annual employee credit checks Enable an access termination procedure

Enable an access termination procedure

A malicious employee installs a network protocol scanner on a computer and is attempting to capture coworkers' credentials. Which policy, procedure, standard, or guideline would solve this issue? Encrypt all sensitive information in transit Encrypt sensitive information at rest Require long passwords with special characters Establish a process for revoking access

Encrypt all sensitive information in transit

A hacker is sitting between a corporate user and the email server that the user is currently accessing. The hacker is trying to intercept and capture any data the user is sending through the email application. How should a system administrator protect the company's email server from this attack? Encrypt network traffic with VPNs Add antimalware to the email server Implement a firewall Whitelist the sites that are trusted

Encrypt network traffic with VPNs

A company is concerned about loss of data on removable media when media are lost or stolen. Which standard should this company implement on all flash drives? Maximum password age Encryption Awareness training Layer 2 tunneling protocol

Encryption

An executive is using a personal cell phone to view sensitive data. Which control would protect the sensitive data stored on the phone from being exposed due to loss or theft? Encryption Antimalware Antivirus Backups

Encryption

A company hires several contractors each year to augment its IT workforce. The contractors are granted access to the internal corporate network, but they are not provided laptops containing the corporate image. Instead, they are required to bring their own equipment. Which defense-in-depth practice should be required for contractor laptops to ensure that contractors do not connect infected laptops to the internal corporate network? Enable command-line audit logging on contractor laptops Configure devices to not autorun content Configure antimalware scanning of removable devices Ensure antimalware software and signatures are updated

Ensure antimalware software and signatures are updated

A company's business operations are disrupted due to a flash flood. Which consequences to business continuity should be addressed in the disaster recovery plan? Evaluation of risk from possible flood damage Identify essential personnel and decision makers Provide flood-response training to the disaster recovery team Provision additional backup power sources

Evaluation of risk from possible flood damage

A company performs a data audit on its critical information every six months. Company policy states that the audit cannot be conducted by the same employee within a two-year timeframe. Which principle is this company following? Job rotation Two-person control Least privilege Need to know

Job rotation

A company has signed a contract with a third-party vendor to use the vendor's inventory management system hosted in a cloud. For convenience, the vendor set up the application to use Lightweight Directory Access Protocol (LDAP) queries but did not enable secure LDAP queries or implement a secure sockets layer (SSL) on the application's web server. The vendor does not have the ability to secure the system, and company management insists on using the application. Which defense-in-depth practices should the company implement to minimize the likelihood of an account compromise due to insecure setup by the vendor? Location-based access control and multifactor authentication Intrusion prevention system (IPS) and honeypot systems Antivirus and intrusion detection system (IDS) Password hashing and authentication encryption

Location-based access control and multifactor authentication

An attacker compromises the credentials that a system administrator uses for managing a user directory. The attacker uses these credentials to create a rogue administrator account. Which defense-in-depth practice would have helped a security administrator identify this compromise? Enforce two-factor authentication on VPN portals for administrative accounts Log and alert when changes to administrative group membership take place Document administrative password complexity requirements in corporate policy Require the use of dedicated administrative accounts

Log and alert when changes to administrative group membership take place

Which kind of disaster recovery site typically consists of self-contained trailers? Mobile Hot Warm Cold

Mobile

Which technique helps ensure user identity nonrepudiation? Multifactor authentication Intrusion detection sensors Strong passwords Role-based access controls

Multifactor authentication

A user is granted access to restricted and classified information but is supplied only with the information for a current assignment. Which type of authorization mechanism is being applied in this scenario? Need-to-know Constrained interface Duty separation Access control list

Need-to-know

A web server is at near 100% utilization, and it is suggested that several web servers run the same site, sharing traffic from the internet. Which system resilience method would this be? Network load balancing Failover clustering Electronic vaulting Remote journaling

Network load balancing

An organization needs to control the flow of traffic through intranet borders by looking for attacks and evidence of compromised machines. What should be implemented to enhance boundary protection so unwanted intranet traffic can be detected and prevented? Host-based intrusion detection system (HIDS) Host-based intrusion prevention system (HIPS) Network-based intrusion detection system (NIDS) Network-based intrusion prevention system (NIPS)

Network-based intrusion prevention system (NIPS)

A company is concerned about unneeded network protocols being available on the network. Which two defense-in-depth practices should the company implement to detect whether FTP is being used? Choose 2 answers. Install BIOS firmware updates Perform automated packet scanning Implement application firewalls Physically segment the network

Perform automated packet scanning Implement application firewalls

A company's main asset is its client list stored in the company database, which is accessible to only specific users. The client list contains Health Insurance Portability and Accountability Act (HIPAA) protected data. Which user activity should be monitored? Privilege escalation Changing system time Using database recovery tools Configuring interfaces

Privilege escalation

A member of a sales team receives a phone call from someone pretending to be a member of the IT department. The salesperson provides security information to the caller. Later, the salesperson's user account is compromised. Which strategy should be used by the company to mitigate accounts being compromised in the future? Provide training to all users on social engineering threats Report the employee to appropriate management Send an email to management detailing the attack Document the details of the attack for future reference

Provide training to all users on social engineering threats

A company does not have a disaster recovery plan (DRP) and suffers a multiday power outage. Which provisioning should the company perform to provide stable power for a long period of time? Purchase generators Purchase additional servers Create a RAID array Create a failover cluster

Purchase Generators

A company notices an automated attempt to access its system using different passwords and usernames. What can help mitigate the success of this attack? Require a CAPTCHA Block the IP address of the user Use user sessions after authentication Use cookie authentication

Require a CAPTCHA

A chief information officer (CIO) recently read an article involving a similar company that was hit with ransomware due to ineffective patch-management practices. The CIO tasks a security professional with gathering metrics on the effectiveness of the company's patch-management program to avoid a similar incident. Which method enables the security professional to gather current, accurate metrics? Review authenticated vulnerability scan reports Review reports from Windows Update Review patch history on nonproduction systems Review patch tickets in the change control system

Review authenticated vulnerability scan reports

A company relies exclusively on a system for critical functions. An audit is performed, and the report notes that there is no log review performed on the system. Management has been tasked with selecting the appropriate person to perform the log reviews in order to correct the deficiency. Which role is responsible for reviewing and auditing logs in order to detect any malicious behavior? Security administrator System user Database administrator Senior management

Security administrator

Which defense-in-depth practices allow an organization to locate an intruder on its internal network? Whitelisting applications and blacklisting processes Antivirus and intrusion prevention system (IPS) Security information and event management (SIEM) and intrusion detection system (IDS) Sandboxing applications and penetration testing

Security information and event management (SIEM) and intrusion detection system (IDS)

A company presents team members with a disaster recovery scenario, asks members to develop an appropriate response, and then tests some of the technical responses without shutting down operations at the primary site. Which type of disaster recovery test is being performed? Read-through Structured walk-through Simulation Full-interruption

Simulation

A company is hit with a number of ransomware attacks. These attacks are causing a significant amount of downtime and data loss since users with access to sensitive company documents are being targeted. These attacks have prompted management to invest in new technical controls to prevent ransomware. Which defense-in-depth practices should this company implement? Password resets and a log review Mandatory vacations and job rotation Spam filtering and antimalware Encryption and an internal firewall

Spam filtering and antimalware

Disaster recovery team members are requested to do more than just review the disaster recovery plan but not actually test the individual parts of the plan. Which type of test would suit this request? Read-through Structured walk-through Parallel Full-interruption

Structured walk-through

What is defined as the ability to maintain an acceptable level of operational status during events such as hardware failures or denial-of-service (DoS) attacks? Fault tolerance System resilience Trusted recovery Quality of service

System Resilience

A company wants to monitor the inbound and outbound flow of packets and not the content. Which defense-in-depth strategy should be implemented? The organization should use egress filtering on the network. Traffic and trend analyses should be installed on the router. The administrator should configure network data loss prevention. RADIUS authentication should be used on the bastion host.

Traffic and trend analyses should be installed on the router.

Senior executives report they are receiving emails about a legal issue that include a hyperlink. If the executives click the link, they are instructed to install a browser add-on to read the legal documents. It is later discovered that the add-on includes malicious code that captures executives' passwords. Which practice should be used to make the executives aware of mitigating future threats? Train the appropriate personnel on whaling attacks Block emails with hyperlinks from entering the company Send an email to the entire company detailing the attack Document the details of the attack for future reference

Train the appropriate personnel on whaling attacks

An employee is transferring data onto removable media. The company wants to reduce the likelihood of fraud, and transferring data onto removable media is limited to special cases. Which security principle should the company execute as a policy to reduce fraud? Two-person control Least privilege Need to know Job rotation

Two-person control

Which two hardening features apply to a host-based intrusion detection system (HIDS)? Choose 2 answers. Updated definition files Static private IP addresses Reserved scope options Encrypted log files

Updated definition files Encrypted log files

An organization needs to improve the security of the systems it is monitoring. It has determined that the systems need regularly scheduled vulnerability scans. Which action will enable the organization to satisfy this requirement? Use Nessus to perform system scans Use Wireshark to perform system scans Implement an intrusion detection system Implement an intrusion prevention system

Use Nessus to perform system scans

A security analyst observes that an unauthorized user has logged in to the network and tried to access an application with failed password attempts. Which defense-in-depth tactic should the security analyst use to see other activities this user has attempted? Brute-force attack the application to see if a user can get in Check application logs for events and errors caused by the user Use a packet sniffer to analyze the network traffic Use SIEM to collect logs and look at the aggregate data

Use SIEM to collect logs and look at the aggregate data

A company is concerned about unauthorized programs being used on network devices. Which defense-in-depth strategy would help eliminate unauthorized software on network devices? Develop an acceptable use policy and update all network device firmware Use application controls tools and update AppLocker group policies Limit administrative access to devices and create DHCP scope options Upgrade to a 64-bit operating system and install an antimalware application

Use application controls tools and update AppLocker group policies

Company employees keep taking their laptop computers off-site without securing the laptop's contents. Which defense-in-depth tactic should be used by employees to prevent data from being stolen? Contact the security office when taking property off-site Carry laptops close to themselves when going off-site Use forced encryption via a group policy Take laptops home only on weekends

Use forced encryption via a group policy

A company has identified a massive security breach in its healthcare records department. Over 50% of customers' personally identifiable information (PII) has been stolen. The customers are aware of the breach, and the company is taking actions to protect customer assets through the personal security policy, which addresses PII data. Which preventive measure should the company pursue to protect against future attacks? Require cognitive passwords Employ password tokens Use network-based and host-based firewalls Install auditing tools

Use network-based and host-based firewalls

A company's database administrator requires access to a database server to perform maintenance. The director of information technology will provide the database administrator access to the database server but will not provide the database administrator access to all the data within the server's database. Which defense-in-depth practice enhances the company's need-to-know data access strategy? Using compartmented mode systems and least privilege Using compartmented mode systems and two-person control Using dedicated mode systems and least privilege Using dedicated mode systems and two-person control

Using compartmented mode systems and least privilege

Which wireless encryption protocol is the least secure? WEP WPA CCMP PEAP

WEP

A company's vulnerability management policy requires internet-facing applications to be scanned weekly. Which vulnerability scanning technique meets this policy requirement? Discovery Network Web Connect

Web

When should formal change management be used to manage updates to a disaster recovery plan? When the IT infrastructure changes, all related disaster-recovery documentation should be changed to match the environment. When personnel changes, all related disaster-recovery documentation should be changed to match the staffing. When regulations change, all related disaster-recovery documentation should be changed to match the regulations. When management changes, all related disaster-recovery documentation should be changed to match the structure.

When the IT infrastructure changes, all related disaster-recovery documentation should be changed to match the environment.

A company is implementing a defense-in-depth approach that includes capturing audit logs. The audit logs need to be written in a manner that provides integrity. Which defense-in-depth strategy should be applied? Write the data to a write-once, read-many (WORM) drive Write the data to an encrypted hard drive Write the data to an encrypted flash drive Write the data to an SD card and store the SD card in a safe

Write the data to a write-once, read-many (WORM) drive