Chapter 1 Network Security
You are the Chief Information Security Officer (CISO) at a tech company. Your company is facing issues with silos between the development and operations teams, leading to inefficiencies and security vulnerabilities. Which approach should you adopt to encourage collaboration and integrate security considerations at every stage of software development and deployment?
Adopting a Development and Operations (DevOps) approach
Which of the following is an example of a preventative control type?
An advanced network appliance
Which of the following security challenges refers to the rapid and broad spread of an attack, often affecting a large number of computers in a relatively short amount of time?
Attack scale and velocity
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security risks is MOST pressing?
Confidentiality
Which of the following are often identified as the three main goals of security? (Select three.)
Confidentiality Availability Integrity
A company moved its office supplies to another room and instituted a new security system for entry. The company implemented this after a recent server outage. What category of security control BEST describes the function of this recent implementation?
Corrective
Which type of control is used to discourage malicious actors from attempting to breach a network?
Deterrent
You are the Chief Information Security Officer (CISO) at a large corporation. Your company is expanding rapidly and the complexity of managing security across different business functions is increasing. You need a dedicated team to monitor and protect critical information assets across the organization. Which of the following would be the MOST effective solution?
Establishing a Security Operations Center (SOC)
Which type of control makes use of policies, DPRs, and BCPs?
Managerial
Which of the following is a method of implementing security controls?
Managerial controls
An acceptable use policy requires the system to encrypt confidential information while in transit. All employees must use secure email when exchanging proprietary information with external vendors. Which of the following describes this type of acceptable use policy?
Operational
Which of the following BEST describes compensating controls?
Partial control solution that is implemented when a control cannot fully meet a requirement.
After a recent server outage, the company discovered that an employee accidentally unplugged the power cable from the server while grabbing some office supplies from the nearby shelf. What security control did the company lack that led to the server outage?
Physical
You are the Chief Information Security Officer (CISO) at a large corporation. You have been tasked with implementing a new security control to protect sensitive customer data. The control must be able to automatically detect and prevent unauthorized access to the data. Which type of control should you implement?
Physical control
A company finds that employees are accessing streaming websites that are not being monitored for malware or viruses. Which type of control can the network administrator implement to protect the system and keep the employees from viewing unapproved sites?
Technical
You are the head of the cybersecurity team at a large corporation. You notice an increase in network traffic that appears to be legitimate but is causing a slowdown in your systems. Upon further inspection, you find that the traffic patterns vary each time, making it difficult to distinguish from normal traffic. What type of security challenge are you MOST likely facing?
Technical control
The security operations manager of a multinational corporation focuses on enhancing directive operational controls. Which of the following should the manager implement?
User awareness and training programs.
Your computer system is a participant in an asymmetric cryptography system. You've created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, which protection does the hashing activity provide?
Integrity
The chief security officer (CSO) at a financial organization wants to implement additional detective security controls. Which of the following would BEST represent this type of control?
Installation of surveillance camera.
A large multinational corporation has recently experienced a significant data breach. The breach was detected by an external cybersecurity firm, and the corporation's IT department was unable to prevent or detect the breach in its early stages. The CEO wants to ensure that such a breach does not happen again and is considering several options to enhance the company's security posture. Which of the following options would be the MOST effective in preventing and detecting future data breaches?
Implementing a dedicated Computer Incident Response Team (CIRT).
