Security PLUS EXAM 701

What is the process of controlling access to resources such as computers, files, or printers called?

Authorization

You are a cybersecurity expert implementing a zero trust model in a large organization. You are tasked with designing the control and data planes. Which of the following strategies should you prioritize and why?

Balance your focus between the control and data planes, ensuring both are optimized for security and efficiency.

Which type of malware is software installed alongside a package selected by the user or bundled with a new computer system?

Bloatware

Which of the following algorithms are used in symmetric encryption? (Select two.)

Blowfish DES

Which of the following encryption mechanisms offers the least security because of weak keys?

DES

Which type of control is used to discourage malicious actors from attempting to breach a network?

Deterrent

You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?

Discretionary access control (DAC)

Which of the following types of encryption is specifically designed to allow data to be worked on without decrypting it first?

Homomorphic encryption

The chief security officer (CSO) at a financial organization wants to implement additional detective security controls. Which of the following would BEST represent this type of control?

Installation of surveillance camera.

Which of the following BEST describes spyware?

It monitors the actions you take on your machine and sends the information back to its originating source.

Which type of threat actor is MOST likely to engage in cyber espionage with strategic or political motivations?

Nation-state

Which of the following is the MOST common form of authentication?

Password

A leading online retail company wants to improve user experience and security for its customers. The security team aims to eliminate the need for users to remember or input complex passwords, reducing the risk of password breaches. Instead, they propose a solution where users can access their accounts seamlessly through a secure link sent to their verified email or via a push notification on a trusted device. This approach should not involve traditional passwords, fingerprint scans, or multiple validation steps. Which authentication method is the security team planning to implement for users?

Passwordless authentication

Which of the following algorithms are used in asymmetric encryption? (Select two.)

RSA Diffie-Hellman

Which kind of malware provides an attacker with administrative control over a target computer through a backdoor?

Remote Access Trojan (RAT)

The IT department at a large corporation noticed an unfamiliar software application running on its network. Upon investigation, they discovered that a team in the marketing department started using a new cloud-based project management tool to improve their workflow efficiency. The team did consult with the IT department before implementing this tool. In the context of cybersecurity threats, what does this situation BEST exemplify?

Shadow IT

What is the term for a phishing attack conducted through a voice channel, such as a phone call?

Vishing

Which of the following is an example of a social engineering attack?

A call from a threat actor posing as a remote sales representative to obtain the login credentials to a remote access server from the help desk.

Which of the following describes a logic bomb?

A program that performs a malicious activity at a specific time or after a triggering event.

As a cybersecurity expert, you are tasked with implementing a secure enclave in your company's new mobile banking application. Which of the following statements best describes the primary function and benefit of a secure enclave in this context?

A secure enclave is a separate, isolated environment within the device's processor where sensitive data can be securely stored and processed.

Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?

Access token

Which of the following is an example of a preventative control type?

An advanced network appliance

Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject?

Attribute-based access control (ABAC)

A company moved its office supplies to another room and instituted a new security system for entry. The company implemented this after a recent server outage.

Corrective

There are several block cipher modes of operation that can be utilized depending on the application or use. Which of the following block cipher modes of operation uses a nonce combined with a counter that is encrypted?

Counter Mode (CTR)

Which of the following functions are performed by a TPM?

Create a hash of system components

Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?

Development phase

Which of the following cryptographic attacks uses SSL exploitation as a common implementation of this attack?

Downgrade attack

You have installed antivirus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware? (Select two.)

Educate users about malware. Schedule regular full-system scans.

You want to implement an access control list in which only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control should the access list use?

Explicit allow, implicit deny

You are a cybersecurity analyst at a large corporation. You notice that a particular employee has been receiving emails from an unknown sender who claims to be a new colleague from a different department. The sender has been engaging in friendly conversation, asking about the employee's role, and subtly inquiring about certain company processes. Recently, the sender asked the employee to open an attachment that supposedly contains a funny meme. What phase of the social engineering process does this scenario represent and what should be your immediate action?

Exploitation phase - Isolate the employee's system and conduct a thorough security scan

Your financial planning company is forming a partnership with a real estate property management company. One of the requirements is that your company open up its directory services to the property management company to create and access user accounts. Which of the following authentication methods will you be implementing?

Federation

Which virus operates only in memory and usually exploits a trusted application like PowerShell to circumvent traditional endpoint security solutions?

Fileless malware

You are a security consultant tasked with implementing a biometric authentication system for a small business. The business owner wants a system that is cost-effective, non-intrusive, and relatively simple for employees to use. Which biometric authentication method would you recommend?

Fingerprint recognition

After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is assessing the company's security posture to identify deficiencies from the framework's recommendations. What process can the CISO run to get a better sense of what the company needs to improve upon?

Gap analysis

What is the main function of a TPM hardware chip?

Generate and store cryptographic keys

Which of the following objects identifies a set of users with similar access needs?

Group

A cyber technician reduces a computer's attack surface by installing a cryptoprocessor that a plug-in PCIe adaptor card can remove. What type of cryptoprocessor can support this requirement?

HSM

A prominent multinational corporation has experienced an unexpected spike in unauthorized network traffic aimed at its web servers. Upon investigation, the corporation discovered that the goal of this traffic was to disrupt its online services rather than gain unauthorized access or steal data. The attack started shortly after the corporation made a controversial policy decision that sparked a public backlash. Which type of threat actor is MOST likely responsible?

Hacktivist

Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?

Have Marcus log off and log back in.

The IT manager in your organization proposes taking steps to deflect a potential threat actor. The proposal includes the following: Create and follow onboarding and off-boarding procedures. Employ the principal of least privilege. Have appropriate physical security controls in place. Which type of threat actor do these steps guard against?

Insider

CloudSecure is facing a cybersecurity challenge where some of its critical software applications are no longer supported by vendors, making them vulnerable to potential exploits. The IT team is exploring various strategies to mitigate the risk posed by these unsupported apps. What is the MOST effective approach to enhance the security posture?

Isolating the unsupported apps from other systems to reduce the attack surface

You are a network administrator for a large multinational corporation. The corporation has offices in multiple countries and uses various software products from different vendors. The CEO wants to implement a system that stores information about users, computers, security groups/roles, and services, and allows for interoperability between different vendors' products. Which directory service would you recommend?

Lightweight Directory Access Protocol (LDAP)

Which of the following BEST describes compensating controWhich of the following BEST describes compensating controls?ls?

Monitors network actiWhich of the following BEST describes compensating controls?vity and informs the security team of a potential security event.

Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?

Need to know

An acceptable use policy requires the system to encrypt confidential information while in transit. All employees must use secure email when exchanging proprietary information with external vendors. Which of the following describes this type of acceptable use policy?

Operational

Which of the following identifies the type of access that is allowed or denied for an object?

Permissions

An employee receives an email from an unknown sender claiming to be from the IT department. The email states that there is a login issue on the network and that the user needs to run the file to resolve the problem. The executable file prompts the user to input a network password, which the threat actor records. What social engineering technique is the threat actor using in this scenario?

Phishing

After a recent server outage, the company discovered that an employee accidentally unplugged the power cable from the server while grabbing some office supplies from the nearby shelf. What security control did the company lack that led to the server outage?

Physical

A corporation's IT department is integrating a new framework that permits, ascertains, and applies various resources in accordance with established company policies.

Policy-driven access control

A multinational corporation recently fell victim to a series of cyberattacks, disrupting services and leading to significant financial losses. After an investigation, the corporation found that these attacks were part of a systematic campaign to undermine the corporation's market position. The highly sophisticated attacks suggest the involvement of a well-resourced entity with specific strategic objectives. Which of the following motivations BEST describes this scenario?

Political

The cybersecurity manager of a large organization is investigating a recent security breach that occurred during office hours. Investigatory research shows that the suspect convinced the janitor to let them inside the building because they had forgotten their badge at home. Once inside, the suspect pulled the fire alarm and accessed the building's network room amongst the chaos. The intruder then attached a monitoring device to a network port before escaping unnoticed. Which of the following is the social engineering technique the threat actor employed in this scenario?

Pretexting

What is the primary purpose of separation of duties?

Prevent conflicts of interest.

Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?

Private keys

Which of the following is a type of malware that prevents the system from being used until the victim pays the attacker money?

Ransomware

In which phase of an attack does the attacker gather information about the target?

Reconnaissance

Which of the following are characteristics of a rootkit? (Select two.)

Resides below regular antivirus software detection. Requires administrator-level privileges for installation.

You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is being used?

Role-based access control (RBAC)

Which of the following is an example of rule-based access control?

Router access control lists that allow or deny traffic based on the characteristics of an IP packet.

Which of the following is used by Microsoft for auditing in order to identify past actions performed by users on an object?

SACL

Mary wants to send a message to Sam in such a way that only Sam can read it. Which key should be used to encrypt the message?

Sam's public key

Which type of group can be used for controlling access to objects?

Security

The IT security team at a large tech company is strengthening its authentication methods to protect sensitive company data and systems. The team considered implementing various security measures and understood that each authentication method has distinct features and benefits. However, they must choose the MOST suitable option that aligns with the organization's security requirements and user convenience. Which authentication method utilizes a physical device or software to generate secure, unique codes and offers convenience and strong security?

Security keys

Lori, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages. However, she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system. What is MOST likely preventing her from accessing this system?

She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions. Incorrect answer:

Which of the following are examples of something you have authentication controls? (Select two.)

Smart card Photo ID

After finding a corporate phone unattended in a local mall, an organization decides to enhance its multi-factor authentication (MFA) procedures. What MFA philosophy applies a location-based factor for authentication?

Somewhere you are

Which of the following terms means a cryptography mechanism that hides secret communications within various forms of data?

Steganography

A group of hackers has been monitoring recent orders from a company involving new laptops and Universal Serial Bus (USB) thumb drives. The group infiltrated the shipping company and added malicious USB thumb drives to the order. The target company received the order without any concerns. What vectors made this attack successful? (Select two.)

Supply chain Removable media

Which form of cryptography is BEST suited for bulk encryption because it is so fast?

Symmetric key cryptography

A cyber security analyst wants to reduce the attack surface for a computer that contains top secret data. The analyst installs a cryptoprocessor as a module within the central processing unit (CPU) on the designated computer to accomplish this. What type of cryptoprocessor is the analyst installing?

TPM

A company finds that employees are accessing streaming websites that are not being monitored for malware or viruses. Which type of control can the network administrator implement to protect the system and keep the employees from viewing unapproved sites?

Technical

Which of the following defines the crossover error rate for evaluating biometric systems?

The point where the number of false positives matches the number of false negatives in a biometric system.

What is the primary function of crypto-ransomware?

To encrypt files on the infected system and demand a ransom for the decryption key.

Employees at CloudCom receive a suspicious email claiming to be from "CloudCom Support," informing employees that their passwords need to be reset urgently due to a security breach. The email includes a link to a login page that looks identical to CloudCom's official site. What type of social engineering attack does this scenario exemplify?

Typosquatting

Which security mechanism uses a unique list that meets the following specifications: The list is embedded directly in the object itself. The list defines which subjects have access to certain objects. The list specifies the level or type of access allowed to certain objects.

User ACL

The security operations manager of a multinational corporation focuses on enhancing directive operational controls. Which of the following should the manager implement?

User awareness and training programs.

Which of the following is a privilege or action that can be taken on a system?

User rights

Which of the following identification and authentication factors are often well known or easily discovered by others on the same network or system?

Username

As a cybersecurity analyst, you are tasked with reducing the supply chain attack surface in your organization. Which of the following areas should you focus on to MOST effectively mitigate this risk?

Vendor management

A representative at a company reports receiving numerous unsolicited phone calls seeking banking information for a credit report. Which social engineering variant is the finance director experiencing?

Vishing

Which of the following is a passive computer attack technique in which an attacker anticipates or observes the websites an organization uses often and infects them with malware?

Watering hole

To prevent malware infection in your network system, you decide that it's critical to prevent malware attacks, such as ransomware and phishing, by restricting access to sites that might be malicious. Which of the following BEST represents this type of prevention technique?

Web filters

An attack that targets senior executives and high-profile victims is referred to as what?

Whaling

Which type of control makes use of policies, DPRs, and BCPs?

Which type of control makes use of policies, DPRs, and BCPs?

You are a cybersecurity manager at a financial institution. Your team is responsible for managing the cryptographic keys used for secure transactions. Recently, there has been an increase in attempted cyber attacks on your institution. Which of the following key management strategies would be MOST effective in maintaining the security of your cryptographic keys under these circumstances?

You decide to set an expiration date for all current keys and inform users that they will need to renew their keys after this date.

ou are a cybersecurity architect at a tech company that is developing a new mobile payment application. The application will handle sensitive user data including credit card information and personal identification numbers (PINs). Which of the following strategies would best leverage the concept of secure enclaves to protect this sensitive data?

You decide to store all sensitive data in a secure enclave on each user's device, accessible only with the user's unique PIN.

You are a cybersecurity analyst at a large corporation. Your team has been tasked with securing sensitive data within the company's database. One of the strategies you are considering is obfuscation. Which of the following scenarios would be the most appropriate application of obfuscation?

You use obfuscation to hide employee personal data within a database field by substituting character strings with x.