Sec Plus Practice Test
f a company's server has an estimated Single Loss Expectancy (SLE) of $15,000 due to an operational failure, and the Annual Rate of Occurrence (ARO) of these failures is expected to be 0.1 times per year, what is the Annual Loss Expectancy (ALE)?
$1,500 ($15,000 * 0.1 = $1,500).
Reed & Jamario Security Services has recommended your company use a port based system to prevent unauthorized users and devices. Which of the following are they recommending? IDS Fail-closed (Incorrect) Fail-open 802.1X (Correct)
802.1X (standard developed by the IEEE to govern port-based network access. When used with a RADIUS based authentication server it provides authentication services, checking user credentials to ensure that the user is a legitimate part of the organization and granting access to only those areas of the system that the user is allowed to access. Fail-open refers to what happens when a network encounters errors and exceptions. Fail-open means that when errors occur or exceptions are encountered, the system continues allowing access rather than denying access. Fail-open allows a website to continue offering services even after an error has occurred. The emphasis is, therefore, keeping the website up while the error is addressed, hoping that the error is a minor issue. An intrusion detection system (IDS) monitors network traffic for malicious activities. It alerts to the potential activity but does not prevent it from passing through the network. In this way, it provides a layer of protection without slowing down network performance. Fail-close refers to what happens when a network encounters errors and exceptions. Fail-close means that when errors occur or exceptions are encountered, the system denies further access. This prevents any further network traffic until the error or exception are dealt with. While this provides greater security, it means that a website can't be accessed even if the error encountered is minor or doesn't pose a security threat.)
Alex, a network administrator, reviews logs from the company's main database server. He finds that every night at 3 AM, a backup process runs which generates a series of logs. However, on scanning through last week's data, he finds that logs from two nights are missing entirely. On further investigation, Alex discovers a new, unauthorized user account was created on one of those nights. What might Alex reasonably infer from these observations?
An attacker gained access, created the unauthorized account, and removed logs.
Which of the following mitigation techniques can help enforce compliance with security standards and policies on a system or network by designating programs that are allowed to run and blocking all other programs from being run?
Application allow list
At Kelly Innovations Corp., Sarah noticed that their core business application, which tracks customer orders, was not updating inventory levels accurately. A recent update seemed to have introduced a bug. Which of the following would offer the BEST solution?
Application rollback (Reverting an application to a previous state or version from a backup to correct issues caused by updates or changes. In this scenario, restoring the application from a backup taken two days earlier is an example of an application rollback and would be the most effective solution. Patch management is the process of managing updates for software applications. While the issue arose from an update, Jason is not suggesting another patch but is recommending reverting to a previous state. Application restart involves stopping and then starting an application, often to apply changes or ensure updates have taken effect. While it may be a part of many troubleshooting processes, it wouldn't address the bug introduced by the update. Dependency check refers to ensuring that all required components, libraries, or modules needed by an application are present. The scenario doesn't suggest any missing dependencies; rather, it's a problem with the application's function.)
Dion Training has recently implemented a new web portal for their customers. During a routine security review, the IT team notices that some suspicious activities have been logged. An unknown user attempted to access the system with a strange pattern: when requesting a particular user file, instead of the usual URL structure ( /users/[username]/profile ) the system registered requests like ( /users/../admin/config ). Within a short span of time, several such patterns were identified, each trying to reach different sensitive files and directories. Given this information, which of the following types of attack is the user MOST likely attempting?
Attempting to access files outside of intended directories.
Which of the following terms BEST describes the validation of the accuracy and thoroughness of compliance-related reports?
Attestation (Attestation is the term that refers to the process of affirming the accuracy and completeness of compliance reports. It involves providing formal statements or declarations about the organization's compliance with specific regulations or standards. Attestation can be done internally by the organization's management or externally by a third-party auditor. An independent third-party audit involves an external and unbiased assessment conducted by an independent auditor or a third-party organization. The purpose of this audit is to provide an objective evaluation of the organization's compliance status. Independent third-party audits are often used to validate and verify compliance claims made by the organization and can offer more credibility to compliance reports. Internal assessment involves the organization's internal evaluation of its adherence to established compliance requirements. This process may include self-assessments, internal audits, and reviews conducted by the organization's compliance team to ensure that it meets the necessary regulatory and security standards. A regulatory examination is an external evaluation conducted by a government agency or a regulatory body to ensure that an organization is complying with specific regulations or industry standards. During a regulatory examination, the organization's compliance practices, controls, and processes are thoroughly reviewed to assess their alignment with the applicable rules and requirements.)
An HR department for a large corporation is looking to streamline the onboarding process for new employees. How can scripting contribute to this goal in terms of system access?
Automates the provisioning of account credentials.
Which of the following BEST explains the difference between an Agent-based and Agentless NAC?
Both involve monitoring network traffic without the need for additional software, but Agent-based NACs collect more data.
Travid is evaluating an attack that has occurred on his organization's system. He sees that the attacker entered a lot of data into the the area of memory in the API that temporarily stores user input. What type of attack did Travid discover?
Buffer overflow
Florence is the CEO of a company. She has the final say over all decisions made regarding the business, IT, accounting, and other departments. What type of governance does Florence's company have?
Centralized governance
Before disposing of old computers at Kelly Innovations LLC, Sasha receives a document that confirms all data has been securely removed. What is this document known as?
Certificate of Sanitization(serves as a formal assurance that a device has undergone a thorough data cleansing process, ensuring all information has been securely and permanently erased. It is essential for maintaining data privacy, especially when disposing of or repurposing equipment. A service agreement is a formal contract that sets out terms and conditions between a service provider and a client. While it might specify various services, including data-related ones, it isn't a confirmation of data removal from a device. A Data Retention Policy defines the duration for which data should be stored and when it should be disposed of. While it addresses data management, it doesn't certify the secure erasure of data from a device. Typically used to authorize the purchase of goods or services. While it's an essential record in procurement processes, it doesn't have any relevance to the secure erasure of data from devices.)
A software development company regularly releases software updates to its global customer base. Recently, some customers reported receiving unauthorized and potentially malicious software updates. The company wants to implement a security technique to ensure the authenticity and integrity of its software updates when delivered to customers.
Code Signing (security technique that allows software developers to digitally sign their software updates before distribution. By using cryptographic signatures, code signing ensures the authenticity and integrity of the software updates. When customers receive the updates, their systems can verify the signature to confirm that the update came from a trusted source and that it has not been altered during transmission. Code signing is an effective way for the company to guarantee the legitimacy of its software updates and protect customers from potentially malicious or unauthorized modifications. An Intrusion Detection System (IDS) is a security solution that monitors network traffic and system activities to detect suspicious or malicious behavior)
In regards to automation and orchestration, which of the following terms accurately captures the challenges faced when dealing with a system characterized by its intricate web of interconnected components and varied functionalities, potentially hindering seamless integration, effortless management, and straightforward comprehension?
Complexity
Why might an organization be particularly concerned about introducing automation tools that become single points of failure during secure operations?
Compromised availability leading to operational disruptions. (A single point of failure can jeopardize the entire system's uptime, introducing potential security risks and halting processes. Upholding data confidentiality is a primary security concern, but it isn't directly related to the risks of single points of failure. Data integrity ensures data remains accurate and consistent over its lifecycle, but it doesn't directly link to concerns of single points of failure. Scalability ensures systems can handle growth, but it isn't focused on the immediate availability risks associated with single points of failure.)
Which group is MOST likely to possess the funding and resources to recruit top talent, including skilled strategists, designers, coders, and hackers?
Criminal syndicate
Jamario, a security analyst at Dion Training, has just completed a vulnerability assessment on a company's internal web application. One of the vulnerabilities detected has a high likelihood of being exploited and, if successful, could expose sensitive customer data. Based on severity and potential impact, how should this vulnerability be classified?
Critical
Reginald, an IT Manager, is the owner of a file on a server and wants to grant his colleagues access to the file. He is the only one who can decide who is allowed access to the file and what actions they can perform on it. Which authorization model is being used in this scenario?
DAC (Discretionary Access Control (DAC) is an authorization model where the owner of the resource decides who is allowed to access it. Mandatory Access Control (MAC) is an authorization model where access to resources is determined by a set of rules defined by a central authority. Role-Based Access Control (RBAC) is an authorization model that assigns permissions to roles, rather than individual users. Attribute Based Access Control (ABAC) determines access through a combination of contexts and system wide attributes.)
At Kelly Innovations LLC, Susan has been entrusted with determining the purposes and means of processing personal data for the organization's new marketing campaign. She decides what data to collect, how long it will be retained, and with whom it will be shared. Which of the following BEST describes the role Susan is playing?
Data Controller (individual or entity that determines the purposes and means of processing personal data. They have primary responsibility for ensuring the data's protection and compliance with privacy regulations. An identifiable person whose personal data is being processed by a data controller or processor. A Data Processor is an individual or entity that processes personal data on behalf of the data controller, without deciding the purposes or means of the processing. The Data Custodian typically responsible for ensuring the safety and maintenance of data assets through its various stages of storage, but doesn't decide on processing methods.)
Which of the following motivations refers to any act of stealing information from a system or network?
Data exfiltration
Which of the following BEST describes an organizational structure that allows for autonomous decision-making in separate departments or sectors within the company?
Decentralized governance
Georgina, a lawyer, needs to send a contract to their client for signature. She want to ensure that their client cannot later deny signing the contract. Which of the following methods can they use to prevent them from denying that they have signed contracts?
Digital signatures
Which mitigation technique involves shutting off specific entry and exit points in a system to prevent potential vulnerabilities or unauthorized access?
Disabling Ports
Kelly Innovations LLC is redesigning its network infrastructure to support its expanding R&D team. Which of the following strategies will MOST effectively lessen the attack surface?
Disabling unnecessary services and protocols.
Which asymmetric encryption technique provides a comparable level of security with shorter key lengths, making it efficient for cryptographic operations? Diffie-Hellman DSA RSA (Incorrect) ECC (Correct)
ECC (Elliptic curve cryptography) is a type of trapdoor function that is efficient with shorter key lengths. For instance, ECC with a 256-bit key provides roughly the same security as RSA with a 2048-bit key. The primary advantage is that ECC has no known shortcuts to cracking it, making it particularly robust. Diffie-Hellman is an algorithm primarily for secure key exchange, not directly comparable to the encryption efficiency offered by ECC's shorter key lengths. Digital Signature Algorithm (DSA) is an algorithm used for digital signatures, but it doesn't inherently offer the same efficiency in terms of key length as ECC. While a foundational asymmetric algorithm, RSA generally requires longer key lengths than ECC to achieve comparable security levels.
Which of the following terms emphasizes the mathematical structure used to scramble data so that only a specific key can unscramble it?
Encryption algorithm (provides a structured method for converting plaintext into ciphertext. A good algorithm ensures data remains confidential and secure from unauthorized access. Digital signatures validate the authenticity and integrity of a message or document, ensuring it hasn't been tampered with since being signed. A cipher block refers to a fixed-size portion of data that an encryption algorithm processes. It doesn't define the mathematical method itself. A hash function takes input and returns a fixed-size string, typically used for verifying data integrity, but it does not encrypt data for the purpose of confidentiality.)
Which of the following hardware issues that results from products that are no longer being made or supported, but are still usable? Hardware tampering Hardware cloning Legacy vulnerability (Incorrect) End-of-life vulnerability (Correct)
End-of-life vulnerability (allow a hardware attack that involves exploiting vulnerabilities in devices that are no longer supported or updated by the manufacturer. It can allow an attacker to compromise the security or functionality of the device, or use it as a gateway to access other systems or networks. A legacy vulnerability may allow an attack that involves exploiting vulnerabilities in devices that are outdated or obsolete, but still in use. It can allow an attacker to compromise the security or functionality of the device, or use it as a gateway to access other systems or networks. Hardware tampering is a hardware attack that involves physically altering or damaging hardware devices to compromise their functionality, performance, or security. It can allow an attacker to install malware, backdoors, spyware, or vulnerabilities on the device. Hardware cloning is a hardware attack that involves creating unauthorized copies of hardware devices to counterfeit their functionality, performance, or security. It can allow an attacker to sell fake products, steal intellectual property, or bypass authentication mechanisms)
Which of the following statements BEST explains the importance of enforcing baselines when automating and orchestrating secure operations?
Enforcing baselines helps standardize configurations across systems, enabling efficient automation and reducing the risk of security incidents
Which of the following statements BEST explains the importance of environmental variables in regard to vulnerability management?
Environmental variables refer to the unique characteristics of an organization's infrastructure that can affect vulnerability assessments and risk analysis.(refer to the unique characteristics of an organization's infrastructure, business environment, and operational context that can impact vulnerability assessments and risk analysis. Understanding these variables is crucial to conducting effective vulnerability management and developing appropriate risk mitigation strategies. These variables are not specific conditions triggering automated responses; rather, they are factors related to an organization's infrastructure and business environment that impact vulnerability management processes. While vulnerability scanning tools may use various parameters, environmental variables refer to different aspects related to an organization's infrastructure and business environment. While physical security factors are important, environmental variables in this context have a different focus.)
Dion Training is considering a collaboration with a new IT service vendor. To ensure compliance and adherence to industry standards, Dion Training wishes to see verifiable evaluations of the vendor's security controls and practices. Which of the following would provide Dion Training with insights into the vendor's own internal evaluations of their security measures?
Evidence of internal audits
What element of backup strategy involves making data copies regularly at set intervals?
Frequency (refers to how often data backups are carried out. Regular backups at set intervals are crucial to minimize the potential loss of data. Replication is the copying of data from one system to another.)
Which of the following mitigation techniques can help protect a device from unauthorized network traffic solely by using software that can control network traffic based on predefined rules and policies?
Host-based Firewall (Using a Host-based firewall is a hardening technique that can help protect a system or device from unauthorized or malicious network traffic. Host-based firewalls by use software to filter and control incoming and outgoing network traffic by using predefined rules and policies. The policies and rules are based on criteria such as source and destination IP address, port number, protocol. Host-based firewall involves installing software on a system or device. Encryption is a mitigation technique that involves using mathematical algorithms to transform data into an unreadable format. Encryption can protect data from unauthorized access or modification, as only those who have the secret key or algorithm can decrypt the data. Encryption will not stop data from entering a host machine. Using a Host-based Intrusion Prevention System (HIPS) is a hardening technique that can help prevent attacks from occurring. It is software that is installed on a system or device to detect and prevent unauthorized actions like file modifications and registry changes. A HIPS may include a firewall, but will contain other features as well. Patching is a mitigation technique that can help prevent exploitation of known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements. Patching involves applying patches or updates to any software and systems.)
Which of the following BEST describes an approach where the foundational systems are set up and overseen using scripts and automated instruments instead of hands-on methods?
IaC (Infrastructure as code (IaC) allows infrastructure to be provisioned and managed using code, making it easier to manage, replicate, and scale. While serverless architecture reduces the complexity of deploying code into production, it doesn't involve defining the underlying infrastructure as code. An air-gapped network is a security measure that involves physically isolating a computer or network and ensuring it doesn't connect to unsecured networks, especially the public internet. It doesn't deal with infrastructure management methodologies. Microservices architecture is about designing software applications as suites of independently deployable services, but it doesn't directly address infrastructure provisioning through code.)
When a legal organization routinely communicates with clients via email containing sensitive case details, which strategy would be the MOST effective to secure the communications?
Implementation of end-to-end encrypted email
A drone manufacturer employs a real-time operating system (RTOS) to ensure timely task executions. While optimizing for real-time performance, which of the following security concerns might arise?
Inadequate buffer overflow protections.
A drone manufacturer employs a real-time operating system (RTOS) to ensure timely task executions. While optimizing for real-time performance, which of the following security concerns might arise?
Inadeuate buffer overflow
Kelly Innovations decides to manage its IT infrastructure within its physical location, retaining full control over its hardware, software, and data. Which of the following security implications is MOST directly associated with this approach?
Increased responsibility for physical security.
Clumsy Contraptions Engineering is seeking to change its security footing. In the past, they have found that too many pieces of malicious software have gotten past the system. Their Chief Security Officer believes they need a device which will actively evaluate traffic and reject or modify packets according to policies the company sets. What type of device is the CSO suggesting?
Inline (Inline devices are designed to interact with network traffic actively and can take actions such as accepting, rejecting, or modifying packets, making them the optimal choice for this scenario. Secure Access Service Edge (SASE) is a form of cloud architecture that combines a number of services as a single service. By providing services like Software-defined wide are network (SD-WAN), firewalls as a service, secure web gateways, and zero-trust network access, SASE will reduce cost and simplify management while improving security. The integrated nature of the architecture means the technologies used will work together efficiently. It may include a packet analyzer, but that isn't the focus of the architecture. Fail-close refers to what happens when a network encounters errors and exceptions. Fail-close means that when errors occur or exceptions are encountered, the system denies further access. This prevents any further network traffic until the error or exception are dealt with. While this provides greater security, it means that a website can't be accessed even if the error encountered is minor or doesn't pose a security threat. This is a response to errors and exceptions, it doesn't read and interact with packets. Remote access allows users to connect to a network or a device from a distant location, but it does not pertain to actively interacting with network traffic to reject or modify packets.)
Which of the following vulnerabilities is unique to cloud computing environments, posing risks related to unauthorized access and data manipulation? Side loading Buffer overflow Cross-site scripting (XSS) (Incorrect) Insecure Interfaces and APIs (Correct)
Insecure Interfaces and APIs (type of vulnerability that arises when the interaction between users and cloud services through interfaces and APIs is not secure, exposing systems to potential unauthorized access and manipulation of data. Cross-site scripting (XSS) is a security vulnerability typically found in web applications, enabling attackers to inject malicious scripts into websites viewed by other users, potentially leading to a variety of malicious activities. Buffer overflows occur when a program writes more data to a block of memory, or buffer, than it was allocated for, which can lead to various issues, including the potential execution of arbitrary code. Side loading refers to the practice of installing applications on a device without using the official app store, which can lead to various security concerns, including the installation of malicious software.)
Which of the following hardening techniques can help protect systems or devices from attacks by installing software like a firewall or antivirus directly on user devices to report and block potential attacks?
Installation of endpoint protection
As part of a new building initiative, Dion Training Solutions plans to connect two office buildings via a direct physical link. Which measure will BEST protect the physical infrastructure connectivity?
Installing the cable in a conduit buried underground. (Burying the connection underground within a protective conduit offers protection from environmental factors and unauthorized tampering. Laying cables on the ground without protection can expose them to damage and unauthorized access. Unencrypted wireless bridges can be susceptible to eavesdropping and interception. Overhead poles expose the connection to environmental factors and potential tampering, making it less secure.)
Which of the following BEST describes the Software Development Life Cycle (SDLC) in application security?
It emphasizes the integration of security in software creation and maintenance. (An SDLC ensures that security is a focal point in all stages of software development, from design to maintenance. While certain SDLC models, like Agile, prioritize quick deliveries, they don't overlook security. SDLC integrates security throughout its phases, not just during testing. Even with a robust SDLC, software may still require updates and patches post-deployment.)
While performing a digital investigation, which of the following statements BEST describes the role of preservation of evidence?
It maintains the integrity of digital evidence over time.
Reed, a cybersecurity specialist at Dion Training Solutions, is optimizing the company's IPS. He notes that while signature-based detection is highly effective against known threats, it has some limitations. Which of the following BEST describes a limitation of signature-based detection in an IPS?
It might not detect zero-day exploits. (Signature-based detection relies on a database of known threat patterns. Therefore, it might not recognize or stop new threats or zero-day exploits because their signatures aren't in the database yet. Automatically updating with behavioral patterns of users describes behavior-based or heuristic detection, not signature-based detection. Signature-based detection relies on predefined patterns of known threats. Signature-based detection doesn't encrypt traffic. Instead, it matches traffic patterns against known threat signatures. While an IPS does process traffic, the bandwidth consumption is not a direct limitation of signature-based detection. The bandwidth concern is more about the throughput of the IPS device itself.)
Kelly Innovations Corp, an IT company, is implementing a process of encryption where two parties establish a shared secret for communication purposes. Which of the following MOST describes this process?
Key exchange (process in which two communicating parties establish a shared secret key, typically used for symmetric encryption. This key is established in a manner so that eavesdroppers, even if they intercept the key exchange messages, cannot determine the shared key. The most common method for key exchange is the Diffie-Hellman protocol. Asymmetric encryption uses different keys for encryption and decryption, but it doesn't involve the exchange of cryptographic keys. Symmetric encryption the same key for both encryption and decryption, but it doesn't involve the exchange of cryptographic keys. Hashing involves converting input data (often called a message) into a fixed-length string of bytes. It's primarily used for data integrity checks and is not reversible, meaning you cannot retrieve the original input from its hash. Therefore, it isn't suitable for the purpose of exchanging cryptographic keys or establishing shared secrets for communication.)
Which of the following terms refers to critical predictive metrics that organizations monitor to foresee potential risks and their impact on operations?
Key risk indicators
Kelly Innovations LLC wants to implement a network appliance that focuses on filtering traffic based on source and destination IP addresses, and port numbers. Which layer of the OSI model is this appliance primarily operating at?
Layer 4 (Layer 4, or the transport layer, deals with protocols like TCP and UDP and is concerned with port numbers and connection-oriented communication. Network appliances operating at this layer filter and manage traffic based on source and destination IP addresses, as well as port numbers. Layer 3, the network layer, is primarily focused on routing data and IP addressing. Devices at this layer, like routers, aren't primarily concerned with port numbers. Layer 5, the session layer, establishes, maintains, and terminates connections between applications on different devices. It doesn't handle filtering based on IP addresses and port numbers. Layer 2, the data link layer, deals with frames and MAC addresses. Switches typically operate at this layer.)
Dion Training Solutions needs a network appliance capable of filtering traffic based on URL, HTTP headers, and specific web application functionalities. At which layer of the OSI model would this appliance primarily operate?
Layer 7 (the application layer, deals with end-user services, and appliances at this layer can make filtering decisions based on specifics like URLs, HTTP headers, and specific application functions. Layer 6, the presentation layer, is responsible for translating data between the application and transport layers. Layer 5, the session layer, manages connections between applications. It isn't focused on the content-specific criteria like URLs and HTTP headers. Layer 3 devices are concerned with IP addressing and routing.)
To improve security at their law firm, Norah, a security analyst wants to implement a system that will selectively block or allow traffic based on the nature of the communication. Which firewall type would be MOST effective for this purpose?
Layer 7 Firewall (operates at the application layer and can make more granular decisions about the traffic based on the application-payload, which makes it the most effective choice in this scenario. 802.1x is a standard developed by the IEEE to govern port-based network access. When used with a RADIUS based authentication server it provides authentication services, checking user credentials to ensure that the user is a legitimate part of the organization and granting access to only those areas of the system that the user is allowed to access. A Layer 4 Firewall operates at the transport layer which provides less granularity for blocking or allowing traffic based on the application-payload. A VPN provides a secure method for remote operations by creating an encrypted connection over the internet. It establishes a secure tunnel so that data can be securely transferred even over insecure networks.)
A power plant utilizes a specialized system to manage and monitor its daily operations, including machinery and sensor feedback. While these systems offer centralized control, what security concern is most associated with them?
Limited security update capabilities. (SCADA systems are often engineered for specific tasks and might not receive regular security updates, making them susceptible to vulnerabilities over time. While important for real-time systems, runtime efficiency is not a primary security concern for SCADA systems. Memory constraints are more pertinent to embedded or real-time systems, not inherently a SCADA security concern. SCADA systems are not typically deployed in containers; thus, this isn't a relevant security implication.)
Which of the following statements is NOT true about the importance of log aggregation?
Log aggregation increases the complexity of managing and interpreting security logs. (The primary purpose of log aggregation is to simplify the management and interpretation of security logs. It doesn't increase the complexity, rather it reduces it by consolidating logs from various sources, making them easier to analyze and interpret. Hence, this statement is NOT TRUE about the importance of log aggregation. Log aggregation can help in maintaining regulatory compliance by keeping a record of all system events, which might be a requirement for some regulations or standards Log aggregation enhances security by bringing together logs from different sources into a centralized location for easier analysis and monitoring. Detecting unusual activity that could indicate a security breach is one of the primary purposes of log aggregation. It helps in identifying patterns that could be missed if logs are analyzed separately.)
Which mitigation technique involves the use of tools like Nagios or Splunk to continuously observe and check the operation of a system or network?
Monitoring
Which of the following terms refers to the specific laws and regulations set by a country's government that dictate how the personal data of its citizens should be collected, stored, and processed?
National Legal implications (laws and regulations set at the country level that outline the requirements and boundaries for data protection and privacy. Consent management is a process that ensures organizations obtain and manage the consent of individuals before collecting or processing their personal data. Data encryption is a method used to protect data from unauthorized access by converting it into a code. The GDPR is a regulation enacted by the European Union to ensure data protection and privacy for all its citizens.)
The executive team at a software development firm decides that any project with a potential financial impact greater than $500,000 due to a security incident will require an immediate review and intervention. This financial impact figure represents which of the following in risk management?
Ownership
What type of encryption only affects a section of a storage device?
Partition encryption (matches the encryption affects a section of a storage device. Full-disk encryption encrypts all data on a physical or logical disk, not just a specific section of a storage device. File-level encryption encrypts individual files or folders on a storage device, not a specific partition. Database encryption encrypts data at the database level, not a specific partition.)
Which of the following statements BEST explains the importance of Patching in the context of vulnerability management?
Patching is the process of identifying and fixing security vulnerabilities in software, firmware, and operating systems to prevent potential exploits.
Which of the following ports, if left open and unmonitored, might allow database queries from unauthorized external sources?
Port 1433 (Port 1433 is the default for Microsoft SQL Server. Organizations typically restrict or monitor access to this port to prevent unauthorized database operations. Domain Name System (DNS) uses port 53 for resolving domain names into IP addresses. It isn't associated with database operations. Port 443 is used for secure web traffic through SSL/TLS. It's not directly related to database queries. File Transfer Protocol (FTP) uses port 21 for unencrypted data transfers, not for database operations.)
What is the name of a cryptographic key that can be freely distributed and used by others to encrypt messages?
Public key
When sending an encrypted message to Dion Training, a client would use which of the following to ensure only Dion Training can decrypt and read the message?
Public key
When sending an encrypted message to Dion Training, a client would use which of the following to ensure only Dion Training can decrypt and read the message? Key escrow Wildcard certificate Public key (Correct) Private key
Public key
When evaluating the introduction of automated systems in a security operations center (SOC), which of the following is a prominent time-related benefit that security professionals might expect?
Reduced response time to security incidents.
Which of the following BEST describes how automation and orchestration in cybersecurity operations influence employee satisfaction and retention?
Reduces repetitive and mundane tasks.
Horizon Security, a cybersecurity training company, experienced a data breach due to a vendor's negligence. This breach led to a significant loss of sensitive customer information and damage to the company's reputation. What type of consequence is Horizon MOST likely to face?
Reputational damage
Which of the following characteristics of a cloud architecture model describes a model that can quickly recover from failures due to adverse conditions?
Resilience in cloud architecture refers to the ability of the system to quickly recover from failures and maintain operational performance, crucial for ensuring availability during adverse conditions. Ease of Deployment means that new instances and the entire cloud environment can be easily created. Resilience is the ability to maintain operational performance and recover quickly from failures. Availability refers to guaranteeing a system will continue to operate so that the system can be used regardless of conditions. Resilience, like availability, refers to keeping a system functioning, but also directly addresses how quickly a system can recover after adverse conditions have led to a failure. Scalability means that the system can expand when more resources are needed without creating lags or problems for users. This expansion isn't consider an adverse condition. Increased business is seen as a positive attribute. Resilience is the ability of a system to quickly recover after failures due to adverse conditions.
After remedying a previously identified vulnerability in their systems, Kelly Innovations LLC wants to ensure that the remediation steps were successful. Which of the following the the BEST method that involves examining related system and network logs to enhance the vulnerability report validation process?
Reviewing event logs (Event logs can provide insight into system and process behaviors. By examining these logs, an organization can validate whether a vulnerability has been adequately addressed or if it's still causing issues. Rescanning is about running the vulnerability scan again to identify remaining vulnerabilities but doesn't provide insights from system and network logs.)
The executive team at a software development firm decides that any project with a potential financial impact greater than $500,000 due to a security incident will require an immediate review and intervention. This financial impact figure represents which of the following in risk management?
Risk Threshold
What term refers to an organization's predetermined level of acceptable risk exposure?
Risk Tolerance
Lexicon, an AI company, wants to implement a security measure to identify and evaluate potential threats to their systems and networks. Which of the following is an example of a managerial security control that the company could implement?
Risk assessments (Periodic evaluations, like risk assessments, are a managerial security control that involves regularly evaluating the threats to systems and networks. This can help the company identify potential threats and take steps to mitigate them. Security guards are considered operational controls, not managerial controls. Firewall is a technical security control that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Intrusion detection system is a technical security control that monitors network traffic for signs of security threats)
Within the IT department, Sarah has been designated to oversee the security measures for the new data management platform. She is accountable for the regular review of security protocols and responding to any breaches or vulnerabilities that may arise. Sarah's role would be BEST described by which of the following terms?
Risk owner (Sarah exemplifies a risk owner, as she is tasked with the ongoing management and mitigation of risks pertaining to the data management platform. A risk register would be the tool Sarah uses to track and assess the risks, not her role. A risk indicator would be a metric Sarah might monitor to assess risk levels, not her position. A risk assessor might be a role that Sarah takes on when evaluating risks, but it does not encapsulate her comprehensive management responsibilities.)
An investment firm allows a fluctuation of up to 10% in the value of its high-risk investment portfolio compared to the expected return on investment, but immediate action is required if this threshold is exceeded. This 10% fluctuation represents an example of:
Risk tolerance
Dion Training Solutions is aiming to optimize their wide-area network (WAN) while ensuring advanced network management and performance optimization. They are considering a solution that can be deployed both on-premises and in the cloud. Which of the following technologies would BEST match their requirements? SD-WAN (Correct) AH TLS SASE
SD-WAN
Dion Training Solutions is aiming to optimize their wide-area network (WAN) while ensuring advanced network management and performance optimization. They are considering a solution that can be deployed both on-premises and in the cloud. Which of the following technologies would BEST match their requirements?
SD-WAN (Software-defined wide area network) provides centralized network management, flexible routing, and traffic management capabilities. It can be hosted both on-premises and in the cloud, giving it an edge for comprehensive WAN optimization. TLS (Transport Layer Security) operates at the application layer and is primarily used for securing application-level communication
What is the primary difference between sanitization and destruction in the disposal process?
Sanitization involves erasing data so it cannot be recovered; destruction is total physical demolition of the asset.
Which of the following BEST describes a threat actor who primarily depends on commonly found tools, often easily accessible from the web or dark web?
Script kiddie
When considering user interactions with a web service, which of the following are the security measures that involve the secure creation and transfer of identifiers as well as enforcing inactivity limits to prevent unauthorized access?
Session management (These refer to the protocols that maintain the security of user interactions on the web, including the secure creation and transfer of unique identifiers or "cookies," and setting inactivity limits to automatically terminate the session if the user is inactive for a certain period. Timeout policies contribute to these practices by defining when an inactive session should end, but they do not include the secure transmission and generation of identifiers. Token handling involves managing security tokens within a system, but on its own, it doesn't cover all aspects of what is required to maintain the security of user interactions, including setting inactivity limits. While session cookies are a part of what is managed, this term alone does not encompass the full scope of practices like setting inactivity limits)
Which of the following threats is MOST likely to accidentally cause harm to the system?
Shadow IT (Shadow IT is a type of threat actor that is the result of unauthorized or unapproved IT systems or devices within an organization. Shadow IT can introduce security risks and compliance issues for an organization, but the damage is usually unintentional. It results from employees or insiders who bring in equipment or alter systems for their own convenience and without getting permission. Nation-state actors are a type of threat actor that is sponsored by a government or a country's military. They normally have high resources/funding and high level of sophistication/capability. Nation-state actors can launch advanced and persistent attacks against other countries, organizations, or individuals. They create harm on purpose. A hacktivist is a threat actor that is motivated by philosophical or political beliefs and often targets organizations or governments that they disagree with. Hacktivists may use unauthorized or unapproved IT systems or devices but the harm they cause is done on purpose An unskilled attacker is a type of threat actor that has little or no technical skills and has low resources/funding and low level of sophistication/capability. Unskilled attackers often launch simple and opportunistic attacks using tools or scripts developed by others. The damage they do might be minor, but they do intend to do damage.)
You are a security analyst at Dion Training and you discover that an unauthorized device has been connected to the company's network. As you investigate, you discover that the device was added so the employee could play video games during her breaks. What type of threat actor are you dealing with? Shadow IT (Correct) Nation-state Actor Insider Threat (Incorrect) Unskilled Actor
Shadow IT (threat actor that is the result of unauthorized or unapproved IT systems or devices within an organization. In this case, the device may introduce security risks and compliance issues for an organization, but the employee wasn't intending any harm to the company.)
During a network investigation, Aiden, a cybersecurity analyst, identifies two key irregularities: The CEO, who tends to work late, logged in from both Paris and Tokyo within five minutes, and there's an unexpected surge in emails from the HR department outside of recruitment season. Which of the following should the analyst be MOST concerned about based on these observations?
Simultaneous CEO logins from distant locations.
A tech company discovers that the firmware in some of their devices contains a hidden backdoor. Upon investigation, it's determined that the compromised firmware came from an overseas supplier they contracted with. The backdoor gave attackers remote access to devices without user knowledge. What type of attack vector has the company fallen victim to? Bluesnarfing On-path attack (Incorrect) Drive-by download Supply chain (Correct)
Supply chain (This scenario depicts a supply chain compromise where the threat originated from a supplier. By introducing the backdoor at the production level, attackers ensured widespread distribution of the vulnerability, making it a potent and stealthy attack. In an on-path attack, an unauthorized intermediary intercepts communication between two parties, potentially altering it. While deceptive, it doesn't stem from supply chain vulnerabilities. Drive-by download involves automatically downloading malicious software onto a user's system without their knowledge, typically when visiting a compromised website. It doesn't relate to supply chain threats. Bluesnarfing refers to exploiting vulnerabilities in Bluetooth connections to steal data from another device. It doesn't involve compromising products at the supply level.)
As a security analyst, you are reviewing application logs while investigating a suspected breach. Which of the following pieces of information is NOT typically documented in the application log data?
The physical location of the user accessing the application.
Susan, a security analyst at Kelly Innovations LLC, is reviewing alerts from the IPS. She recognizes a pattern of false positives from signature-based detections. Which of the following is the MOST likely cause for false positives in signature-based detection systems?
The signatures require tuning. (When signatures are overly broad or not precisely defined, they might incorrectly match legitimate network traffic, leading to false positives. Signature-based detection works by inspecting traffic patterns, whether encrypted or not. However, the encrypted nature of traffic isn't the primary reason for false positives in signature-based detection. While outdated signatures might miss newer threats, they aren't typically the cause of false positives. Instead, they might lead to false negatives. Where the signature database is stored does not influence the accuracy of the detection. It's the quality and precision of the signatures that matter most.)
In a meeting with the CEO, Burton has asked for guidance on developing the rules of engagement for an upcoming penetration test. The CEO doesn't think they need to create rules of engagement since they are hiring an experienced, well-respected company to do the penetration testing. Why is it important for the company to still establish rules of engagement?
They need to set boundaries and limitations during the penetration test.
Which of the following vulnerabilities BEST describes a situation where a threat actor can manipulate data after it has been verified by an application, but before the application uses it for a specific operation?
Time of check (TOC)
What is the purpose of a security analyst doing due diligence in the vendor selection process?
To ensure that the vendor's practices align with the organizations requirements
Which of the following BEST describes the primary purpose of archiving as a method to bolster security monitoring?
To provide historical insights into security incidents for future investigations. (Archiving in the context of security is essential for maintaining a record of all system logs. This not only ensures that historical data is available for audits or investigations but also provides valuable insights into past incidents, aiding in enhancing security measures. While real-time threat analysis is crucial in security, archiving is more focused on preserving past data for future reference and not immediate threat mitigation. Compliance with regulations often requires long-term data storage, so this statement is contradictory. While backups are essential for system recovery, archiving in the security context goes beyond this and is centered around preserving logs and alerts for investigative and compliance purposes.)
Dion Training is conducting a security awareness training program for its employees to enhance their cybersecurity knowledge. As part of this program, they have planned and executed phishing campaigns. Which of the following BEST describes the primary objective of phishing campaigns conducted during security awareness training?
To test employees' ability to recognize and report phishing attempts.
When considering the RSA algorithm, which description BEST captures its underlying mathematical property used for public key cryptography?
Trapdoor function (The RSA algorithm uses a trapdoor function, where encryption is easy to perform using the public key, but reversing the process (decryption) without the private key is challenging. RSA's principle is that certain mathematical operations are easy to perform, but their inverse operations are difficult without specific knowledge. Symmetric encryption is a type of encryption where the same key is used for both encryption and decryption, unlike RSA which uses a pair of public and private keys. A hash function is a process that converts an input (often a long string) into a fixed-size value, commonly used for verifying data integrity but not specifically tied to RSA's public key cryptography. A digital signature is a means to verify the authenticity of a digital message or document, using a combination of hashing and encryption, but it isn't the mathematical property of RSA.)
Enrique, the head of IT at Dion Training, is tasked with ensuring all deployed company systems adhere to a set of standardized configurations. He wants to reduce the attack surface as much as possible. Which of the following techniques would BEST reduce the organization's attack surface?
Turning off all unused services and closing unnecessary ports
Given the need for resilience and the ability to recover in a security architecture, which of the following devices ensures uninterrupted operation during a power outage?
UPS (ununterruptible power supply)
Which method accurately demonstrates the authentication process used in WPA2 Personal mode?
Using a passphrase to generate a pairwise master key (PMK).
Which of the following BEST describes the initial step to ensure a secure procurement process at Dion Training?
Verify the legitimacy of the software vendor.
For ensuring the security of an HTTP application like WordPress or Magento against threats like SQL injection or cross-site scripting, which monitoring tool or method would be MOST appropriate?
Web application firewall (WAF)
You are a cybersecurity analyst working for a software development company that develops mobile applications. The company wants to implement a secure and standardized method for users to grant third-party applications access to their account data without sharing their credentials. As a cybersecurity analyst, you recommend implementing OAuth for this purpose. Which of the following approaches would be the MOST effective way to implement OAuth in the given scenario?
implement OAuth in the given scenario? Providing third-party applications with unrestricted access to user account data without authentication or authorization. Implementing a central OAuth authorization server to handle user authentication and issue access tokens to third-party applications.
