ISC2 Certified in Cybersecurity Exam Questions (YouTube)

Which layer provides the services to the user? A. Application layer B. Session Layer C. Presentation Layer D. Physical Layer

A. Application layer

Mary is installing a new Data Loss Protection (DLP) solution for her organization. What category of control is she installing? A. Technical B. Operational C. Managerial D. Detective

A. Technical

Which of the following is a feature of the rule based access control? A. The use of profile B. The use of information flow label C. the use of data flow diagram D. The use of token

A. The use of profile Rule based access control is based on a specific profile for each user profile

What option is effective in safeguarding data integrity? A. CCTV B. Encryption C. Checksums D. RAID

B. Encryption

What is the purpose of a Security Information and Event Management (SIEM) System? A. Encrypting files B. Monitoring and analyzing security events C. Blocking malicious websites D. Managing user passwords

B. Monitoring and analyzing security events

What is the primary goal of network segmentation in cybersecurity? A. To increase network speed B. To isolate and protect critical assets C. To centralize data storage D. To expand the network's coverage

B. To isolate and protect critical assets

What is the primary goal of Identity and Access Management (IAM) in cybersecurity? A. To ensure 100% security against all threats B. To provide secure and controlled access to resources C. To eliminate the need for user authentication D. To monitor network traffic for performance optimization

B. To provide secure and controlled access to resources

What is the purpose of multi-factor authentication (MFA) in IAM? A. To simplify user access B. To eliminate the need for authentication C. To add an additional layer of security by requiring multiple forms of verification D. To grant unrestricted access o all users

C. To add an additional layer of security by requiring multiple forms of verification

What is the PRIMARY purpose of a web application firewall (WAF)? A. To protect the web server from DDoS attacks B. To monitor network traffic for intrusions C. To filter and block malicious web traffic and requests D. To manage SSL certificates

C. To filter and block malicious web traffic and requests

Which of the following layers supervises the control rate of packet transfers in an open systems interconnection (OSI) Implementation? A. Physical B. Session C. Transport D. Network

C. Transport It is responsible for maintaining the end-to-end integrity and control of the session.

Which type of authentication is something which you are expected to have? A. Type 1 B. Type 2 C. Type 3 D. Type 4

C. Type 3 CHECK ON THIS

How many keys would be required to support 50 users in an asymmetric cryptography system? A. 100 B. 200 C. 50 D. 1225

A. 100

Which of the following best describes the type of technology the team should implement to increase the work effort of buffer overflow attacks? A. Address space layout randomization B. Memory induction application C. Input memory isolation D. REad-only memory integrity checks

A. Address space layout randomization

You experienced a power outage that disrupted access to your data center. What type of security concern occurred? A. Availability B. Confidentiality C. Non-repudiation D. Integrity

A. Availability

Fred would like to implement a new security platform that can coordinate access policies across the many cloud providers used by his organization. What technology would best meet his needs? A. CASB B. SIEM C. NGEP D. NGFW

A. CASB A cloud access security broker (CASB) is an on-premises or cloud=based security policy enforcement point between cloud service consumers and providers.

Walmart has a large ecommerce presence in the world. Which of these solutions would ensure the LOWEST possible latency for their customers using their services? A. CDN B. SaaS C. Load Balancing D. Decentralized Data Centers

A. CDN Content Delivery Networks are referred as CDN

What type of authentication token is Google Authenticator? A. Dynamic token B. Static token C. Hybrid token D. Quantum token

A. Dynamic token

What encryption algorithm is BEST suited for communication with handheld wireless devices? A. ECC B. RSA C. SHA D. RC4

A. ECC One differing factor is ECC's efficiency.

What federal law requires the use of vulnerability scanning on information systems operated by federal government agencies? A. FISMA B. HIPAA C. GLBA D. FERPA

A. FISMA The Federal Information Security Management Act (FISMA) requires that federal agencies implement vulnerability management programs for federal information systems. The Health Insurance Portability and Accountability Act (HIPAA) applies only to organizations involved in healthcare. The Gramm Leach Bliley Act (GLBA) applies to financial institutions, so it also wouldn't apply to government agencies. Family Educational Rights and Privacy Act (FERPA) applies to educational institutions, not government agencies.

Which HTTP request method is considered safe and should only be used for retrieving data, not modifying it? A. GET B. POST C. PUT D. DELETE

A. GET

David is worried about distributed denial of service attacks against his company's primary web application. Which of the following options will provide the MOST resilience against large-scale DDoS attacks? A. Implement a CDN B. Increase the number of servers in the web application server cluster C. Contract for DDoS mitigation services via the company's IPS D. Increase the amount of bandwidth available from one or more ISPs

A. Implement a CDN A content delivery network or CDN, run by a major provider can handle large-scale DDoS attacks more easily than any of the other solutions.

Tanja is designing a backup strategy for her organization's file server. She would like to perform a backup every weekday that has the smallest possible storage footprint. What type of backup should she perform? A. Incremental backup B. Full Backup C. Differenctial Backup D. Transaction Log Backup

A. Incremental backup Incremental backups provide the option that includes the smallest amount of data. In this case, that would be only the data modified since the most recent incremental backup, making it the correct answer.

Which role holds the MOST significant functional responsibility for security? A. Info Sec security officer B. Auditor C. Users D. Data owners

A. Info Sec security officer

What cybersecurity principle focuses on granting users only the privileges necessary to perform their job functions? A. Least privilege B. defense in depth C. separation of duties D. need-to-know basis

A. Least privilege

What type of address uniquely identifies a network interface card (NIC) on a TCP/IP network? A. MAC address B. IP address C. DNS address D. Port address

A. MAC address

What are the primary approaches IDS takes to analyze events to detect attacks? A. Misuse detection and anomaly detection. B. Log detection and anomaly detection. C. Misuse detection and early drop detection. D. Scan detection and anomaly detection.

A. Misuse detection and anomaly detection. There are two primary approaches to analyzing events to detect attacks; misuse detection and anomaly detection. Misuse detection, in which the analysis targets something known to be "bad", is the technique used by most commercial systems. Anomaly detection, in which the analysis looks for abnormal patterns of activity

Which one of the following regulations provides strict, detailed procedures for the use of compensating controls? A. PCI DSS B. HIPAA C. GLBA D. FERPA

A. PCI DSS Compensating controls may be used for any control requirement, PCI DSS includes very detailed procedures for documenting, and approving acceptable compensating controls in credit card processing environments.

What is privacy in the context of Information Security? A. Protecting data from unauthorized access B. Ensuring data is accurate and unchanged C. Making sure data is always accessible when needed D. Disclosed without their consent

A. Protecting data from unauthorized access Data privacy is the protection of personal data from those who should not have access to it and the ability of individuals to determine who can access their personal information.

What steps constitute the identity and access management lifecycle? A. Provisioning, review, revocation B. Setup, review, auditing C. Creation, monitoring, termination D. Identification, authentication, authorization

A. Provisioning, review, revocation

John joined the ISC2 Organization, his manager asked him to check the authentications in security module. What would John use to ensure a certain control is working as he want and expect it to? A. Security testing B. Security assessment C. Security audit D. Security walkthrough

A. Security testing IF we want to ensure a certain control is working as expected, we would use security testing. Security assessments are internal assessment we do on systems, applications, and other environments. Security audits are similar to security assessments, but they are performed by external independent auditors. Security walkthroughs would most often not show control functionality.

Which of the following types of agreements is the MOST formal document that contains expectations about availability and other performance parameters between a service provider and a customer? A. Service Level Agreement (SLA) B. Operational Level Agreement (OLA) C. Memorandum of Understanding (MOU) D. Statement of Work (SOW)

A. Service Level Agreement (SLA) The service level agreement is between a service provider and a customer and documents in a formal manner expectations around availability, performance, and other parameters.

Which of these is the WEAKEST form of authentication we can implement? A. Something you know B. Something you are C. Something you have D. Biometric authentications

A. Something you know Type 1 Authentication: Passwords, pass phrase, PIN etc., also called Knowledge factors. It is the weakest form of authentication, and can easily be compromised.

Mike is configuring his organization's firewall to support the secure remote retrieval of email using the IMAPS protocol. What port should he allow? A. TCP Port 993 B. TCP Port 143 C. UDP Port 993 D. UDP Port 143

A. TCP Port 993

What is a security token used to authenticate a user to a web application typically after they log in? A. Captcha B. API key C. CSRF token D. Session token

A. To lure and detect attackers

What is the primary purpose of a honeytoken in cybersecurity? A. To lure and detect attackers B. To encrypt sensitive data C. to enhance network performance D. To manage user access

A. To lure and detect attackers

Duke would like to restrict users from accessing a list of prohibited websites while connected to his network. Which one of the following controls would BEST achieve his objective? A. URL filter B. IP Address Block C. DLP Solution D. IPS Solution

A. URL filter URL filtering is a way of "blocking" certain URLs from loading on a company network. If an employee would attempt to visit this URL, either by entering it manually or clicking a link in a search engine, they will be redirected to a page notifying them that this content is blocked. URL filtering blocks access to specific websites depending on predetermined URL restrictions. On the other hand, DNS filtering restricts access based on IP addresses, which makes it a more powerful but less flexible option.

What does the "Same-Origin Policy" help protect against in web security? A. Unauthorized access to a user's data B. SQL Injection attacks C. Clickjacking attacks D. Cross-Site Scripting (XSS) attacks

A. Unauthorized access to a user's data

Which of the following types of vulnerabilities cannot be discovered in the course of a routine vulnerability assessment? A. Zero-day vulnerability B. Kernel flaw C. Buffer overflow D. File and directory permissions

A. Zero-day vulnerability A zero-day vulnerability is one that has been discovered by a potential adversary but has not yet been publicly disclosed, and as such is being kept in "escrow". By this definition, it is a type of flaw that cannot be tested for by any technical means as part of a routine test, but rather must be discovered independently.

In the context of the CIA triad, which aspect ensures that data is accurate and reliable? A. Confidentiality B. Integrity C. Availability D. Authentication

B Integrity

Which of the following best describes a zero-day vulnerability? A. A vulnerability hat has been identified and patched by software vendors. B. A vulnerability that has not yet been discovered or publicly disclosed. C. A vulnerability that can only be exploited by experienced hackers. D. A vulnerability that affects only legacy systems.

B. A vulnerability that has not yet been discovered or publicly disclosed.

In what way do a victim's files get affected by ransomware? A. By destroying them B. By encrypting them C. By stealing them D. By selling them

B. By encrypting them

Natalia is concerned about the security of his organization's domain name records and would like to adopt a technology that ensures their authenticity by adding digital signatures. Select the MOST appropriate technology to use. A. DNSSIGN B. DNSSEC C. CERTDNS D. DNS2

B. DNSSEC DNSSIGN, CERTDNS, and DNS2 are not valid terms. So, they are not the correct answer. DNSSEC focuses on ensuring that DNS information is not modified or malicious. DNS Security (DNSSEC) adds digital signatures to traditional DNS records to provide the user with verification of the record's authenticity.

What does Personally Identifiable information (PII) pertain to? A. Information about an individual's health status B. Data about an individual that could be used to identify them C. Trade secrets, research, business plans and intellectual property D. The importance assigned to information by its owner

B. Data about an individual that could be used to identify them

Which type of database combines related records and fields into a logical tree structure? A. Relational B. Hierarchical C. Object-oriented D. Network

B. Hierarchical A hierarchical database combines related records and fields into a logical tree structure. A relational database uses columns and rows to organize the information. An Object-oriented database is considers much more dynamic than earlier designs because it can handle not only data but also audio, images, and other file formats. A network database is unique in that it supports multiple parent or child records.

What is the primary purpose of a firewall in network security? A. Encrypt data transmissions B. Prevent unauthorized access C. Monitor network traffic D. Backup critical data

B. Prevent unauthorized access A firewall is a security system designed to prevent unauthorized access into or out of a computer network. Firewalls are often used to make sure internet users without access are not able to interface with private networks, or intranets, connected to the internet.

What is the main purpose of using digital signatures in communication security? A. To encrypt sensitive data during transmission B. To verify the identity of the sender and ensure the integrity of the message C. To prevent unauthorized access o a network D. To compress data to reduce bandwidth usage

B. To verify the identity of the sender and ensure the integrity of the message

TCP and UDP reside at which layer of the OSI model? A. Session B. Transport C. Data Link D. Presentation

B. Transport *REFER TO OSI MODEL

Which type of network is set up similar to the internet but is private to an organization. Select the MOST appropriate? A. Extranet B. VLAN C. Intranet D. VPN

B. VLAN

What does the term "Two-factor Authentication" refer to in Cybersecurity? A. Using two different antivirus programs B. Verifying identity with two independent factors C. Accessing two different networks simultaneously D. Changing passwords every two weeks

B. Verifying identity with two independent factors

Which type of software testing focuses on examining the source code for vulnerabilities and security issues? A. Black-box testing B. White-box testing C. Functional testing D. User acceptance testing

B. White-box testing

How many bits represent the organization unique identifier (OUI) in mac addresses? A. 16 bits B. 48 bits C. 24 bits D. 32 bits

C. 24 bits

What is multi-factor authentication (MFA)? A. A type of authentication that used only one method B. A type of authentication that uses only two methods C. A type of authentication that uses more than two methods D. A type of authentication that uses only one factor

C. A type of authentication that uses more than two methods

Which encryption algorithm is commonly used to secure web communication (HTTPS)? A. RSA B. DES C. AES D HMAC

C. AES SEE "ENCRYPTION" CHART

Information security is not built on which of the following? A. Confidentiality B. Availability C. Accessibility D. Integrity

C. Accessibility

What security mechanism verifies the identity of a user or system attempting to access a network? A. Firewall B. Intrusion Detection System (IDS) C. Authentication D. Encryption

C. Authentication

Which aspect of cybersecurity is MOST impacted by Distributed Denial of Service (DDoS) attacks? A. Non-repudiation B. Integrity C. Availability D. Confidentiality

C. Availability

Which of the following elements do not apply to privacy? A. Confidentiality B. Integrity C. Availability D. None of the above

C. Availability Confidentiality is closely tied to privacy and is a key concern for protecting sensitive information. Integrity ensures that information is accurate, reliable and unmodified. While Integrity is critical for maintaining the trustworthiness of information. Availability while crucial for overall information security, is NOIT typically highlighted as a primary factor in addressing privacy concerns.

What is the term used to denote the inherent set of privileges assigned to a user upon the creation of a new account? A. Aggregation B. Transitivity C. Baseline D. Entitlement

C. Baseline A baseline is a minimum level of access that a system, network, or device must adhere to.

What characteristic contributes to the unreliability of UDP? A. Lack of connection establishment B. Low overhead C. Connectionless establishment D. Null sessions

C. Connectionless establishment

Which type of attack takes advantage of vulnerabilities in input validation? A. ARP spoofing B. Pharming attacks C. Cross-site scripting (XSS) D. DNS poisoning

C. Cross-site scripting (XSS)

Mike is concerned that users on his network may be storing sensitive information, such as Social Security numbers, on their hard drives without proper authorization or security controls. What third-party security service can be implemented to BEST detect this activity? A. IDS B. IPS C. DLP D. TLP

C. DLP Data loss prevention (DLP) systems may identify sensitive information stored on endpoint systems or in transit over a network. This is their primary purpose.

Shaun is planning to protect their data in all states (rest, motion, use), defending against data leakage. What would be the BEST solution to implement? A. End to end encryption B. Hashing C. DLP D. Threat Modeling

C. DLP We would implement DLP. DLP software can detect potential data breaches and/or data ex-filtration and prevents them from actualizing.

Natalia is concerned that users on her network may be storing sensitive information, such as social security numbers on their hard drives without proper authorization or security controls. What third party security service can she implement to best detect this activity? A. IDS - Intrusion Detection System B. IPS - Intrusion Prevention System C. DLP - Data Loss Protection D. TLS - Transport Layer Security

C. DLP - Data Loss Protection

Which one of the following cryptographic algorithms does not depend upon the prime factorization problem? A. RSA - Rivest-Shamir-Adleman B. GPG - GNU Privacy Guard C. ECC - Elliptic curve cryptosystem D. PGP - Pretty Good Privacy

C. ECC - Elliptic curve cryptosystem The elliptic curve cryptosystem (ECC) does not depend upon the prime factorization problem. The security of EDD depends upon the difficulty of finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point.

Which protocol would be most suitable to fulfill the secure communication requirements between clients and the server for a company deploying a new application? A. FTP B. HTTP C. HTTPS D. SMTP

C. HTTPS

Which of the following attacks can TLS help mitigate? A. Cross-site Scripting (XSS) Attacks B. Social Engineering Attacks C. Man-in-the-Middle (MiTm) Attacks D. SQL Injection Attacks

C. Man-in-the-Middle (MiTm) Attacks

Harry believes that an employee of his organization launched a privilege escalation attack to gain root access on one of the organization's database servers. The employee does have an authorized user account on the server. What log file would be MOST likely to contain relevant information? A. Database application log B. Firewall log C. Operating system log D. IDS log

C. Operating system log A privilege escalation attack takes place against the operating system and information relevant to this attack is most likely found in the operating system logs. It is unlikely that the database application itself would be involved, so that application's logs would not likely contain relevant information. The user has authorized access to the system, so the firewall and IDS logs would simply show that authorized access taking place.

Which of the following is the LEAST secure communications protocol? A. CHAP B. IPsec C. PAP D. EAP

C. PAP Password Authentication Protocol (PAP) is the least secure type of authentication listed. PAP is used by remote users for authentication. It is insecure because it sends credentials in plaintext.

Which of the following is responsible for the MOST security issues? A. Outside espionage B. Hackers C. Personnel D. Equipment failure

C. Personnel

A security engineer is performing a review of an organization's data center security controls. They document that the data center lacks security cameras for monitoring the facilities. What type of control does this represent? A. Administrative B. Technical C. Physical D. Logical

C. Physical

What category of physical control does a mantrap fall under A. Deterrent B. Corrective C. Preventive D. Detective

C. Preventive SEE CHART WITH TYPES AND THEIR FUNCTIONALITY

Tom would like to amend his organization's exit interview process to protect against former employees leaking sensitive information. Which one of the following approaches would best meet his needs? A. Asking employees to sign an NDA before departure B. Threatening employees with legal action if they violate the NDA C. Reminding employees of the NDA that they signed upon employment. D. No action is appropriate.

C. Reminding employees of the NDA that they signed upon employment. It is not appropriate to ask a former employee to sign an NDA, as they have no obligation or incentive to do so. So this is not the correct answer. Threatening an employee would likely be counterproductive. So this is not the correct answer. Tom should remind employees of their obligations under their existing NDA.

Mark is configuring an automated data transfer between two hosts and is choosing an authentication technique for one host to connect to the other host. What approach would be best-suited for this scenario? A. Biometric B, Smart Card C. SSH key D. Hard Coded Password

C. SSH key

Which of the following attacks cold be the MOST successful when the security technology is properly implemented and configured? A. Logical attacks B. Physical attacks C. Social Engineering attacks D. Trojan Horse attacks

C. Social Engineering attacks Social Engineering attacks - in computer security systems, this type of attack is usually the most successful, especially when the security technology is properly implemented and configured. Usually, these attacks rely on the faults in human beings.

Which type of encryption uses only one shared key to encrypt and decrypt? A. Public key B. Asymmetric C. Symmetric D. TCB key

C. Symmetric Symmetric encryption uses a single key to encrypt and decrypt.

Which TLS extension is used to optimize the TLS handshake process by reducing the number of round trips between the client and server? A. TLS Renegotiation B. TLS Heartbeat C. TLS Session Resumption D. TLS FastTrack

C. TLS Session Resumption

Which protocol should be disabled due to its transmission of usernames and passwords in plaintext? A. SSH B. HTTPS C. Telnet D. TFTP

C. Telnet Trivial File Transfer Protocol - Port 69

What is the primary goal of a risk management process in cybersecurity? A. To eliminate all cybersecurity risks B. To transfer all cybersecurity risks to a third party C. To identify, assess, and mitigate cybersecurity risks to an acceptable level D. To ignore cybersecurity risks and focus on incident response

C. To identify, assess, and mitigate cybersecurity risks to an acceptable level

What is the purpose of non-repudiation in information security? A. To ensure data is always accessible when needed B. To protect data from unauthorized access C. To prevent sender or recipient of a message from denying having sent or received the message. D. To ensure data is accurate and unchanged

C. To prevent sender or recipient of a message from denying having sent or received the message.

What is the primary goal of implement input validation in application security? A. To ensure all inputs are stored in a secure database B. To prevent unauthorize access to the application C. To validate and sanitize user inputs to prevent code injection attacks D. To encrypt sensitive data transmitted between the client and server

C. To validate and sanitize user inputs to prevent code injection attacks

Which of the following is a common security measure to prevent Cross-Site Scripting (XSS) attacks in web applications? A. Implementing strong password policies B. Using a firewall to block incoming traffic C. Validating and sanitizing user input D. Encrypting data during transmission

C. Validating and sanitizing user input

What kind of vulnerability is typically not identifiable through a standard vulnerability assessment? A. File permissions B. Buffer overflow C. Zero-day vulnerability D. Cross-site scripting

C. Zero-day vulnerability

What cloud deployment eliminates the potential risks associated with multitenancy in cloud computing? A. PaaS B. public cloud C. private cloud D. IaaS

C. private cloud

IDS can be described in terms of what fundamental functional components? A. Response B. Information Sources C. Analysis D. All of the choices

D. All of the choices

Which penetration testing technique requires the team to do the MOST work and effort? A. White box B. Blue box C. Gray box D. Black box

D. Black box

When a team is investigating a possible network intrusion, which of he following would be the BEST way for team members to communicate? A. Email B. VoIP phones C. Instant Messenger D. Cell phone

D. Cell phone

Which of the following is a DISADVANTAGE of a memory only card? A. High cost to develop B. High cost to operate C. Physically infeasible D. Easy to counterfeit

D. Easy to counterfeit

DevOps team has updated the application source code. Tom has discovered that many unauthorized changes have been made. What is the BEST control Tom can implement to prevent a recurrence of this problem? A. Backup B. File labels C. Security audit D. Hashing

D. Hashing For each source code file, compute a daily hash value and compare it to the previous day's value. If the hash value is different, Tom can review the list of approved changes to determine which files should have been changed.

When operating in a Cloud environment, what cloud deployment model provides security teams with the greatest access to forensic information? A. FaaS B. SaaS C. PaaS D. IaaS

D. IaaS

Which one of the following groups is NOT normally part of an organization's cybersecurity incident response team? A. Technical Subject Matter Experts B. Cybersecurity Experts C. Management D. Law Enforcement

D. Law Enforcement

Finance server and Transaction server has restored its original facility after a disaster. What should be moved in FIRST? A. Management B. Most critical systems C. Most critical functions D. Least critical function.

D. Least critical function. After the primary site has been repaired, the least critical components are moved in first. This ensures that the primary site is really ready to resume processing. By doing this, you can validate that environmental controls, power, and communication links are working properly. It can also avoid putting the company into another disaster. If the less critical functions survive, then the more critical components of the company can be moved over.

Which of the following is NOT one of the three main components of a SQL database? A. Views B. Schemas C. Tables D. Object-oriented interfaces

D. Object-oriented interfaces

Which type of application can intercept sensitive information such as passwords on a network segment? A. Log server B. Network Scanner C. Firewall D. Protocol Analyzer

D. Protocol Analyzer A protocol analyzer is a tool used to capture and analyze signals and data traffic over a communication channel. WireShark is a protocol analyzer.

Julie is listening to network traffic and capturing passwords as they are sent to the authentication server. She plans to use the passwords as [art of a future attack. What type of attack is this? A. Brute-force attack B. Dictionary attack C. Social engineering attack D. Replay attack

D. Replay attack A replay attack occurs when an intruder obtains and stores information and later uses it to gain unauthorized access. In this case, Julie is using a technique called electronic monitoring (sniffing) to obtain passwords being sent over the wire to an authentication server. She can later use the passwords to gain access to network resources. Even if the passwords are encrypted, the retransmission of valid credentials can be sufficient to obtain access.

When the ISC2 Mail server sends mail to other mail servers it becomes ___ A. SMTP Server B. SMTP Peer C. SMTP Master D. SMTP Client

D. SMTP Client

David's team recently implemented a new system that gathers information from a variety of different log sources, analyses that information, and then triggers automated playbooks in response to security events. What term BEST described this technology? A. SIEM B. Log Repository D. IPS D. SOAR

D. SOAR That is the realm of security orchestration, automation, and response (SOAR) platforms. Intrusion prevention platforms have a more limited scope, allowing the blocking of traffic based upon analysis performed by the IPS itself. Log repositories simply collect log information and do not perform analysis.

Communication between end systems is encrypted using a key, often known as ____. A. Temporary Key B. Section Key C. Public Key D. Session Key

D. Session Key

Which version of TLS is considered to be the most secure and recommended for use? A. TLS 1.0 B. TLS 1.1 C. TLS 1.2 D. TLS 1.3

D. TLS 1.3

What is the main purpose of using multi-factor authentication (MFA) in a security system? A. To prevent data breaches B. To protect against malware C. To ensure data integrity D. To add an extra layer of security to user authentication

D. To add an extra layer of security to user authentication

Dylan is creating a cloud architecture that requires connections between systems in two different private VPCs. What would be the best way for Dylan to enable this access? A. VPN Connection B. Internet Gateway C. Public IP Address D. VPC Endpoint

D. VPC Endpoint