Domain 1.0 General Security Concepts
A company is updating its standard operating procedures (SOPs). What type of policy should a company focus on to ensure compliance with data privacy regulations and outline the appropriate handling of customer data?
(not) Information security policy
An organization's IT department wants to implement a security model responsible for verifying user identities, determining access rights, and monitoring activities within a system. Which concept is MOST appropriate for the department to implement?
(not) Policy engine
In a cybersecurity operation where downtime is critical to its mission, a cybersecurity analyst incorporates allowlists and denylists restrictions. The objective is to guarantee high availability (HA) and safeguard against potential security threats. How would a cybersecurity analyst utilize these lists in this scenario? (Select the two best options.)
Allowlists can specify approved software, hardware, and change types that are essential for the operation's functioning. Denylists can block unauthorized software, hardware, and change types that pose high risk to the operation's availability and security.
The organization's engineering team observes a system failure during the implementation of new software patching. From a conceptual standpoint, what can the team use to restore the system to its original state?
Backout plan
A systems owner reviews permissions granted to a targeted team of employees and determines that some of the employees' accesses are outside their scope of work. After revoking the certificates, what log does the owner use to record the changes?
Certificate Revocation Lists (CRL)
An organization changes its security posture after a breach and wants to enhance encryption by putting measures in place to mitigate risk exposures that cannot be directly eliminated by the cyber security team. What type of control is being observed in this situation?
Compensating
After encountering a cyber attack, an organization uses a monitoring solution that automatically restarts services after it has detected the system has crashed. What type of functional security control is the company implementing?
Corrective
A user in a company wants a new USB flash drive. Rather than requesting one through the proper channel, the user obtains one from one of the company's storage closets. Upon approaching the closet door, the user notices a warning sign indicating cameras are in use. What is the control objective of the observed sign?
Deterrent
The IT department of a corporation evaluates its security mechanisms to identify areas lacking sufficient protection. Which of the following techniques should the IT department employ?
Gap analysis
A cyber technician reduces a computer's attack surface by installing a crypto-processor on a removable PCIe adaptor card. What type of cryptoprocessor can support this requirement?
Hardware Security Module (HSM)
A software organization has implemented a deception strategy to detect unauthorized data access attempts. An attacker, believing to have successfully obtained sensitive data, actually accessed a fabricated document designed to look like real sensitive information. This document was monitored, and upon access, it allowed the organization to capture the attacker's tactics and tools. What specific type of deception technology did the organization deploy?
Honeyfile
A senior analyst is purchasing new cybersecurity tools that enhance the ability to detect and defend against various types of attacks. What decoy system can support detection efforts by mimicking specific applications and gathering information on the attacker's tactics and tools?
Honeypot
A security specialist updates the organization's change management program after implementing software patching and system updates for the new quarter. In considering the various change management concepts, what is the process of identifying and assessing the potential implications of a proposed change?
Impact analysis
A software organization enhances its cyber security by using deception technologies to capture attacker tactics and tools. How can a honeytoken assist in the organization's strategy?
It creates false credentials, login credentials, or other data types to distract and gain insight into attackers.
An organization has tasked a cyber security technician with enhancing its framework after recently experiencing a cyber breach. What is the value associated with a public key infrastructure (PKI)?
It is the framework that establishes trust in using public key cryptography to sign and encrypt messages via digital signatures.
A software application firm is strengthening its cyber defense by incorporating deception technologies into its framework. How can the utilization of a honeynet benefit the software application firm's strategy?
It uses a network of decoy systems to simulate an entire network to capture attackers' tactics and tools.
An organization frequently implements changes, reconfigurations, and patches to enhance its IT infrastructure's security and efficiency. The cybersecurity analyst must carefully analyze dependencies between services, applications, and interfaces to avoid unintended outages and disruptions during service restarts or downtime events. How does understanding dependencies impact the change management process? (Select the three best options.)
Knowing dependencies helps avoid unintended outages and disruptions during service restarts or downtime events. Understanding dependencies guides the development of effective backout plans and downtime contingencies. Understanding dependencies supports the development of post-change performance monitoring to validate system functionality and quickly detect issues.
A corporation's IT department is integrating a new framework that permits, ascertains, and applies various resources in accordance with established company policies. Which principle should the department incorporate?
Policy-driven access control
A company installed a new locking cabinet in the computer room to hold extra flash drives and other supplies. Which type of security control did the company configure?
Preventive
After receiving the annual audit results from the Inspector General's office, a cyber specialist begins identifying points of contact to implement change management on numerous flagged processes. Understanding the various positions tied to change management, which roles would have ownership in the change management process? (Select the two best options.)
Project manager Team leader
The organization is implementing a significant software upgrade that necessitates application restarts. How can the cybersecurity analyst ensure a smooth transition without causing extended downtime?
Schedule the upgrade during nonworking hours to reduce the impact on users.
A cybersecurity analyst implements security measures for a financial institution's infrastructure. The analyst explores different technologies to enhance security and must select the appropriate technology to strengthen security within the organization's infrastructure. Which technology should the cybersecurity analyst choose to enhance security for executing sensitive operations and protecting critical data in the financial institution's infrastructure?
Secure enclave
Prior to implementing new software integrations on the organization's network, a software specialist evaluates the selected modifications in an environment to ensure the software works correctly and does not cause issues. What concept does the specialist observe with a desire to ensure everything works before implementation?
Test results
An organization has an established change management program that includes standard operating procedures (SOPs). It wants to implement changes consistently and effectively. What role do SOPs play in the change management process?
They define routine operations or changes, providing detailed instructions to implement them.
A cyber security analyst wants to reduce the attack surface for a computer that contains top secret data. The analyst installs a central processing unit (CPU) that contains a cryptoprocessor on the designated computer to accomplish this. What type of cryptoprocessor is the analyst installing?
Trusted Platform Module (TPM)
A network administrator for a technology company is introducing a new cybersecurity model to limit data breaches. They wish to enforce a strategy where every system or user inside or outside the network perimeter must prove their legitimacy before accessing resources. What principle would be MOST effective in implementing their new strategy?
Zero Trust
