Domain 4.0 Security Operations Assessment
A company has added several new assets and software to its system and is meeting to review its risk matrix. It wants to ensure risk management efforts focus on vulnerabilities most likely impacting its operations significantly. What is this commonly referred to as?
A. Prioritization
The IT department at a medium-sized company is exploring ways to enhance its authentication methods to improve security. They want to choose an authentication approach that balances security and user convenience. Which authentication method eliminates the need for passwords and provides a secure way of verifying a user's identity?
Passwordless authentication
A cyber architect explores various automated methods for managing access for newly hired employees or employees moving into new roles. Which of the following best represents the benefit of this approach to managing user accounts? (Select the two best options.)
A. It can create, modify, or delete individual user accounts. B.It can create, modify, or delete individual users' access rights across IT systems.
In a medium-sized company, the IT security team is enhancing security measures by implementing Privileged Access Management (PAM) tools. The team is considering the adoption of just-in-time (JIT) permissions as part of their strategy. How do JIT permissions support the objectives of PAM tools?
A. JIT permissions reduce unauthorized access risk by granting temporary access only when necessary.
Which of the following statements is correct regarding user account provisioning and de-provisioning? (Select the two best options.)
A. Provisioning and de-provisioning of user accounts involve creating, modifying, and removing user accounts to maintain appropriate access levels. B.The principle of least privilege guides the assignment of permissions, ensuring users have only the necessary access for their job roles.
A system administrator frequently encounters false positive vulnerability alerts. What are the most effective actions the administrator can take to resolve this issue? (Select the two best options.)
A.Adjust scanner config based on log review B.Use different scanners ? C. Use threat feeds ( wrong)
An organization is enhancing its security measures to combat email-based threats after being targeted in a whaling attack. Regarding email security, what uses tenets from authentication methods and encryption features to define rules for handling messages, such as moving messages to quarantine or spam, rejecting them entirely, or tagging them?
A.DMARC
A cybersecurity responder covertly monitors a hacker's activities to prepare a containment and eradication plan. What threat-hunting technique does this describe?
A.Intelligence fusion (wrong) B.Maneuvering?
The IT department of a medium-sized company explores various mobile solutions to improve productivity and enable employees to work efficiently on their mobile devices. What is considered a critical strategy that IT departments can use to manage, secure, and enforce policies on smartphones, tablets, and other endpoints?
A.MDM
The IT team of a medium-sized business is planning to enhance network security. They want to enforce minimum security controls and configurations across all network devices, including firewalls, routers, and switches. What should they establish to achieve this objective?
A.Network security baselines
An auditor performs a compliance scan based on the security content automation protocol (SCAP). Which of the following elements represents best practice configuration checklists and rules?
A.Security content automation protocol (Wrong) C.Extensible configuration checklist description format ?>
Which MFA factor relies on the use of a smart card or key fob to support authentication?
A.Something you have
An organization is creating a quick reference guide to assist team members when addressing common vulnerabilities and exposures across the enterprise. What vulnerability metric uses a score from 0 to 10?
B. CVSS
A senior security analyst is reviewing the effectiveness of a Security Information and Event Management (SIEM) system. During a cybersecurity incident simulation, the analyst observed that the SIEM system generated several false positive alerts. What should the analyst focus on to improve the alert response and remediation process?
B. Increasing the number of correlation rules in the SIEM system (wrong) D. Enhancing the validation processes in the alert response?
A network security specialist is investigating a large and sustained spike in alerts from their Security Information and Event Management (SIEM) system. Which data source should the specialist investigate first to try and determine the cause of the spike in alerts?
B. Log Data.
A healthcare organization is retiring an old database server that housed sensitive patient information. It aims to ensure that this information is completely irretrievable. What key process should the organization prioritize before disposing of this server?
B. Secure destruction of all data stored on the server
You are a cybersecurity analyst using a Security Information and Event Management (SIEM) system. You notice the SIEM is flooding your team with too many alerts, many of which are false positives. You decide to adjust the SIEM settings to improve its efficiency. What is the BEST first step to reduce false positives from the SIEM system?
B.Adjust the SIEM's alert thresholds and rules based on past false positives
A cyber technician is enhancing application security capabilities for corporate email accounts following a breach. Which of the following options leverages encryption features to enable email verification by allowing the sender to sign emails using a digital signature?
B.DKIM
Which of the following options is NOT a challenge typically encountered while implementing web filtering solutions in an enterprise?
B.Decrease in network latency
The network administrator of a small business needs to enhance the security of the business's wireless network. The primary goal is to implement Wi-Fi Protected Access 3 (WPA3) as the main security measure but recognize the need to adjust other wireless security settings to effectively complement WPA3 and create a robust network for all employees to access critical company resources securely. What considerations should the network administrator consider when implementing WPA3 and adjusting wireless security settings? (Select the two best options.)
B.Ensuring backward compatibility with older devices C. Understanding best practices for implementing WPA3 security features? A. Enabling media access control address filtering to restrict access to authorized devices(wrong)
After finding some of the company's confidential data on the internet, a software team is drafting a policy on vulnerability response and remediation. What remediation practice refers to measures put in place to mitigate the risk of a vulnerability when the team cannot directly eliminate it?
C. Compensating controls
A financial institution plans to repurpose several older servers to expand the resources available in its test environment. The servers contain sensitive customer data. Which of the following represents the appropriate action for repurposing the servers in this manner?
C.Carry out a sanitization process that includes multiple passes of overwriting and degaussing.
As a digital forensics analyst, you've been tasked with investigating a suspected data breach in your organization. You need to collect evidence from various compromised digital devices. Proper procedures are crucial to ensure that the evidence is admissible in court. Which step is MOST critical when beginning the collection of digital evidence to ensure its admissibility in court?
C.Documenting the scene and creating a chain of custody form
You are the security analyst overseeing a Security Information and Event Management (SIEM) system deployment. The CISO has concerns about negatively impacting the system resources on individual computer systems. Which would minimize the resource usage on individual computer systems while maintaining effective data collection?
C.Implementing an agentless collection method on the computer systems
A multinational bank is working with a third-party security company to develop a real-world scenario designed to evaluate incident response effectiveness. What type of testing scenario does this represent?
C.Simulation
The IT team at a medium-sized company is upgrading its wireless network security to protect sensitive data and ensure secure communication between devices. They have decided to implement Wi-Fi Protected Access 3 (WPA3). What is the primary purpose of implementing WPA3 on the company's wireless network?
C.To enhance wireless network security with the latest encryption standards
A small software company's development team has created an application that handles sensitive user data using a static code analysis tool to support their development efforts. How does static code analysis support software application development processes?
C.To identify potential security vulnerabilities in the application's source code
A financial services company is decommissioning many servers that contain highly sensitive financial information. The company is committed to environmental sustainability and seeks to minimize waste wherever possible. What is the company's best course of action when decommissioning its servers?
D. Degaussing the servers, then reselling or recycling them
A regional bank is facing increased cyber threats and is concerned about the security of its servers. As a security analyst, you have been asked to provide a recommendation designed to improve the security of the servers while maintaining full operation. Which of the following options is the MOST effective?
D. Implement a secure baseline, consistently apply updates and patches, and adhere to hardening guidelines.
In the context of enterprise web management, which method specifically involves the creation and enforcement of criteria—such as specific URLs, domains, IP addresses, content categories, or keywords within the web content—to block access to certain web resources proactively?
D.Block rules
A cybersecurity manager receives an email from the company's attorneys stating a subpoena has been issued for specific data records to be retained. Which of the following best describes this request?
D.Legal hold
