Practice Test 6: CompTIA Security+ (SY0-701) #6

At Kelly Innovations Corp., during a routine audit, Alex discovered that the database supporting their CRM application was corrupted. He immediately informed Kevin, the senior database administrator. Kevin decided to restore the database from the most recent clean backup, ensuring that the CRM would be functional with minimal data loss. What action is Kevin taking to address the issue?

Application recovery OBJ: 1.3 - Restoring an application or its supporting components (like databases) from a backup to ensure its functionality after disruptions, errors, or corruptions. Kevin's decision to restore the database from a backup to ensure CRM functionality is an example of application recovery. Database defragmentation is the process of organizing the contents of a database to improve performance. While it can improve speed and efficiency, it doesn't address data corruption. Database indexing involves creating indexes to improve database search speeds. It's a performance optimization technique and doesn't address the corruption mentioned in the scenario. Data mirroring is a method of storing data in two places simultaneously for redundancy. While it can be a strategy for ensuring data availability, the scenario describes restoring from a backup, not mirroring.

Which of the following activities is MOST crucial for ensuring that known vulnerabilities in software or hardware are addressed before they can be exploited by attackers?

Applying security updates OBJ: 4.3 - Actively monitoring for and applying security updates is an essential activity in vulnerability management. It helps in addressing and rectifying known vulnerabilities in software and hardware, thereby reducing the chances of exploitation. While continuously observing system activities is essential for detecting anomalies or potential threats, regular system monitoring doesn't directly deal with addressing known vulnerabilities in systems. Although penetration testing can help identify vulnerabilities by simulating cyber-attacks, the act itself doesn't address the vulnerabilities that are already known. Setting a baseline configuration is vital for determining system changes and anomalies. However, it doesn't directly involve rectifying vulnerabilities in software or hardware.

When comparing and contrasting different architecture models, which of the following is a key consideration that can be impacted MOST by the chosen architecture?

Availability OBJ: 3.1 - Availability is a fundamental consideration in different architecture models. It ensures that services and resources are accessible and operational when needed, providing uninterrupted access for authorized users. The level of availability can be significantly impacted by the chosen architecture, with some models offering higher redundancy and fault tolerance than others. Integrity is important, but shouldn't be the primary consideration here. It involves maintaining the accuracy and consistency of data, preventing unauthorized alterations. Although architectural choices do impact data integrity, it is not the most impacted consideration given a chosen architecture. Authentication is essential for verifying identities but isn't the main consideration in this context. It ensures entities are who they claim to be. The impact of architecture on authentication is less direct compared to other considerations. While confidentiality is crucial, it isn't the most impacted consideration. Confidentiality safeguards data from unauthorized access and disclosure. Different architecture models do address confidentiality differently, but there are other considerations that take priority based on the given architecture.

A security analyst is performing a security assessment of an application that processes sensitive data. He uses a tool that injects random data into the application's input fields and monitors its behavior. He notices that when he injects a long string of characters into one of the input fields, he gets an error message that indicates a memory address and some hexadecimal values. What type of application-based attack is he potentially able to perform?

Buffer overflow OBJ: 2.3 - Buffer overflow is an application-based attack that exploits a vulnerability in a program that does not properly check the size of the input data. The attacker can overwrite the memory allocated to the program and execute arbitrary code on the system. The security analyst is potentially able to perform a buffer overflow attack by injecting a long string of characters into one of the input fields and causing an error message that reveals some memory information. Memory injection is an application-based attack that exploits a vulnerability in the memory of a process or application on a system. The attacker can execute malicious code, bypass security controls, or escalate privileges. The security analyst is not able to perform memory injection by injecting random data into one of the input fields, as he does not have control over what code is executed. A Malicious update is an application-based attack that involves replacing a legitimate update for a program with a malicious one. The attacker can compromise the application, steal data, or perform other malicious actions. The security analyst is not able to perform a malicious update by injecting random data into one of the input fields, as he does not have access to the update server or the update file. Race condition is an application-based situation where two or more processes access or modify a shared resource at the same time, resulting in inconsistent or unpredictable outcomes. The security analyst is not causing a race condition by injecting random data into one of the input fields, as he does not have control over the ordering of the processes.

Jamario, after consulting with Mary at Dion Training, decided to standardize the software environment across all company workstations. He wanted a consistent and reproducible setup that could easily be deployed on any new workstation. Which of the following is the BEST technique for Jamario to maintain this consistent setup?

Creating a standardized system image OBJ: 4.1 - By using a standardized image, Jamario ensures every workstation starts with the same software setup, simplifying deployment and ensuring consistency. While implementing a patch management process ensures that all systems are updated with the latest security patches, it doesn't guarantee a standardized software setup across all new workstations. Audits can detect deviations from the standard, but they reactively address inconsistencies rather than proactively ensuring uniform setup. Though they help in maintaining consistent configurations, using configuration management tools is more complex and might not be as efficient as deploying a standardized image for ensuring the initial setup is consistent across all workstations.

While monitoring the company's encrypted data transmissions, Jamario noticed that certain data streams, which usually employed robust encryption protocols, were now using older, less-secure encryption standards. He recognized this could make the data more vulnerable to unauthorized decryption. Which of the following BEST captures the type of attack Jamario discovered affecting Kelly Innovations LLC's encrypted transmissions?

Cryptographic Downgrade OBJ: 2.4 - A cryptographic downgrade attack is where an attacker forces network participants to resort to a weaker encryption standard, making it easier to compromise the data. It deliberately reduces the security of encrypted communications. A CBC attack is a type of side-channel attack targeting implementations of block ciphers in CBC mode. It doesn't involve forcing the use of outdated or weaker encryption standards. Data obfuscation involves disguising original data to protect it from unauthorized users, without altering the data itself. This practice doesn't focus on the encryption standards employed. In a key exchange attack, the attacker aims to intercept or manipulate the key exchange process, potentially gaining access to the shared secret key. While related to encryption, it doesn't focus on forcing weaker encryption protocols.

Which of the following terms refers to a scenario where a potentially harmful or malicious event goes undetected by a system or tool, resulting in no alert or action being taken?

False negative OBJ: 4.3 - A false negative arises when a security system fails to detect a genuine threat or malicious action, allowing potentially harmful activities to continue without intervention. A false positive occurs when a security measure mistakenly identifies a legitimate action as malicious or a threat, potentially leading to unnecessary corrective actions or alerts. Leveraging publicly available data sources to gather information about targets, Open-source intelligence (OSINT) provides insights without violating any laws. A threat feed provides a continuous stream of data regarding potential threats, used to enhance and inform cybersecurity measures.

Sasha, the head of IT at Kelly Innovations LLC, has already implemented both SPF and DKIM. She now wants to ensure that if emails from her domain fail these checks at the receiver's end, the emails are quarantined and she also gets a report about such occurrences. Which additional protocol should she adopt?

DMARC OBJ: 4.5 - By implementing DMARC (Domain-based Message Authentication, Reporting, and Conformance, Sasha can set a policy for receivers on how to handle emails from her domain that don't pass SPF or DKIM checks. Additionally, DMARC provides feedback mechanisms for senders. SMTP (Simple Mail Transfer Protocol) is the standard for sending emails, but it doesn't inherently provide a cryptographic signing mechanism for email authenticity. POP3 is a protocol used for retrieving emails from a server, and it doesn't relate to specifying handling policies or feedback mechanisms for emails. IMAP (Internet Message Access Protocol) is utilized for retrieving emails from a server and isn't designed to specify authorized sending servers for a domain.

After infiltrating the secure servers of Dion Innovations, an organized crime group discreetly transfers massive amounts of proprietary data to an external location for later sale on the dark web. What is this action an example of?

Data exfiltration OBJ: 2.1 - Data exfiltration is the unauthorized act of transferring sensitive data from a target's network to a location controlled by the attacker. Organized crime groups often engage in this activity to obtain valuable data, which they can then monetize by selling it on the black market or using it for other malicious purposes. Revenge stems from a desire to retaliate against perceived wrongs or grievances. Someone motivated by revenge might target an organization that they feel has wronged them in some way. War, in a cyber context, refers to state-sponsored attacks that are aimed at achieving political, military, or ideological goals. While they can involve data theft, they are broader in scope and are driven by larger geopolitical strategies. Disruption centers on causing disorder, confusion, or disruption in the target's operations. While it might overlap with other motivations, the primary aim is to create disturbances rather than to extract specific value from the stolen data.

Kelly Investments LLC is preparing datasets for a third-party analytics company. They want to ensure that personally identifiable information (PII) of its customers remains confidential, while still keeping the structure of the data intact for analysis. Which of the following techniques would be MOST appropriate for the institution to employ?

Data masking OBJ: 3.3 - Data masking conceals original data with modified content (characters or other data) but retains the data's original structure. This ensures that sensitive information is not exposed, but the data remains usable for testing and analysis. While data encryption protects data by making it unreadable without the decryption key, it doesn't retain the data's structure in a form that's useful for analysis. Data deduplication eliminates redundant copies of data, optimizing storage. It doesn't obfuscate or protect the content of the data. Checksum validation ensures data integrity by checking for errors in data but doesn't hide or protect the actual content.

Which of the following BEST describes the primary purpose of establishing rules of engagement when conducting a security assessment for a third-party vendor?

Defining the boundaries and limitations during the assessment OBJ: 5.3 - Rules of engagement are essential to ensure that the security assessment is conducted within specified parameters and doesn't inadvertently harm the vendor's operations or reputation. Rules of engagement are focused on the assessment's conduct, not on contractual timelines or renewal processes. While listing the personnel who will be involved in the security assessment might be part of the overall planning, it's not the primary purpose of the rules of engagement. While the cost might be a consideration in the overall agreement, the rules of engagement are more about the technical and operational constraints of the assessment.

Reed, an employee at Dion Training, is angry about not receiving a promotion. He has decided to leave the company, but before he does, he applies a password to a number of important documents so that the company will not be able to easily access the documents. Which of the following terms BEST describes Reed's motivation?

Disruption OBJ: 2.1 - Reed's actions are designed to create disruption. While the password will likely eventually be cracked, it will take some time and disrupt the company for at least a little while. There is no indication that Reed is attempting to gain financially. Reed isn't taking the documents, so it isn't exfiltration. Most espionage is conducted by nation-state actors. While it can be used by businesses to gain an advantage in the marketplace, there is no indication that Reed is attempting to help another business with the data he is taking.

Dion Training's IT department decided to upgrade a Windows server's OS from Windows Server 2016 to Windows Server 2019. This required a scheduled outage for three hours during off-peak hours, where none of the services running on the server would be available. Which of the following terms BEST describes the state of the system?

Downtime OBJ: 1.3 - Downtime is a period when a system is unavailable or its performance is degraded, often due to planned maintenance or unforeseen incidents. In the scenario, the server's unavailability during the upgrade process is a clear example of downtime. A service restart is the act of stopping and then starting a service, often to apply changes or updates. While this can lead to downtime, the scenario specifically mentioned a system upgrade, not just a service restart. A maintenance window is a predefined time frame during which system changes or updates are applied to minimize disruption to business operations. This indicates when changes may occur but does not specifically define the period of system unavailability. Change management is a formalized procedure to ensure changes are reviewed and approved before implementation. This is a process but does not specifically define the time a system is unavailable.

Which of the following methods BEST ensures the security of data at rest?

Encryption and access control list (ACLs) OBJ: 3.3 - Data at rest, such as that found in databases, archived media, or configuration files, can be vulnerable to unauthorized access. To protect this data, organizations commonly employ encryption methods. This can range from whole disk encryption to database or individual file/folder encryption. Additionally, by setting up access control lists (ACLs), organizations can ensure that only authorized individuals can access or modify the stored data. While regular backups are essential for data recovery, they do not inherently provide protection against unauthorized access or modification. Storing data remotely might offer some physical security benefits, but it doesn't address the core concerns of unauthorized access or tampering. While passwords provide a level of security, they are not comprehensive methods for protecting data at rest, especially when compared to encryption and ACLs.

Mary, a network administrator at Dion Training, is discussing with Enrique ways to harden the company's mobile devices. Which technique would be the MOST effective for them to implement first?

Enforce full device encryption OBJ: 4.1 - Encrypting the entire device ensures that the data remains inaccessible even if the physical device is compromised. This is paramount for data protection. Enable Bluetooth discoverable mode makes pairing easier but increases vulnerability by allowing unsolicited connections. It doesn't contribute to overall security as much as the other answer options. Strong WiFi passwords protect against unauthorized network access but don't safeguard the device's stored data. A screen lock is essential to prevent unauthorized access, but a determined attacker could still extract data from the device directly.

An organization aims to elevate its security posture through improved system configurations. Which of the following BEST describes how automation supports this initiative?

Enforcing consistent baselines accross devices OBJ: 4.7 - Automated tools can apply predefined configurations across multiple devices, ensuring uniformity and adherence to security standards. While automation can streamline authentication processes, its primary role in terms of configurations isn't to enhance authentication methods. Automation can assist in software configurations and updates, but it doesn't directly speed up physical hardware upgrades. Automation of configurations doesn't primarily focus on team collaborations. Collaboration tools and platforms serve this purpose.

Sarah, a cloud engineer, often needs to perform maintenance on cloud resources. To ensure high security, her organization wants to grant her access credentials that last only for the duration of her maintenance task and then automatically expire. Which of the following methods is BEST suited for this scenario?

Ephemeral credentials OBJ: 4.6 - Ephemeral credentials are temporary and designed for short-lived purposes, thus reducing the risk of those credentials being misused or compromised. Static access tokens are long-lived and don't automatically expire after a short task, posing a higher security risk. While time-of-day restrictions limit access based on specific times, it doesn't ensure credentials are temporary. While the principle of least privilege ensures minimal access rights, it does not provide short-lived credentials.

Employees at Dion Training Solutions began to complain about extremely slow internet speeds. The network team noticed that a significant amount of bandwidth was being used up by a single IP address streaming high-definition videos non-stop. Which of the following BEST describes the issue faced by Dion Training Solutions?

Excessive resource consumption OBJ: 2.4 - When a single IP address uses a disproportionate amount of bandwidth, it can slow down the network for all users. This scenario highlights how an individual resource can adversely affect the entire network. Router issues can lead to network slowdowns, but the scenario points to a specific bandwidth-consuming activity from a single IP. While a DDoS attack can slow down a network, this scenario specifically mentions the excessive consumption by a single IP, not multiple sources of overwhelming traffic. While downloading large software updates can use a lot of bandwidth, this scenario focuses on the streaming of high-definition videos by a single IP.

Which set of standards and guidelines is developed by NIST and specifies requirements for cryptographic modules used within federal computer systems in the United States?

FIPS OBJ: 5.1 - FIPS (Federal Information Processing Standards) are standards that provide important guidelines and requirements for cryptography used to secure federal information systems, except those related to national security. While ISO/IEC 27001 is an important standard for information security management systems, it does not set specific requirements for cryptographic modules within federal computer systems. PCI DSS relates to the protection of cardholder data and is not focused on the cryptographic requirements for federal information systems. This publication provides guidelines for digital identity but does not specify requirements for cryptographic modules within federal systems.

Upon returning from vacation, Vanessa noticed that her workstation seemed slower than usual. Not only were applications lagging, but there were also instances when scripts would momentarily appear and vanish from her screen. Concerned, she ran her antivirus software, but it didn't detect any malicious files. Puzzled, she decided to consult her company's cybersecurity team. They initiated a deep dive and found that the system was running a series of unusual command line tasks, and there was evidence of unauthorized WMI queries. They also observed that some of the tasks appeared to be initiated by a host process, yet no associated files were detected on the disk. Which of the following types of malware is MOST likely responsible for the oddities on Vanessa's workstation?

Fileless malware OBJ: 2.4 - Fileless malware is characterized by its evasion techniques, utilizing legitimate system processes and tools, and running directly in memory without writing files to the disk. The evidence of command line tasks and unauthorized WMI queries, combined with the absence of suspicious files, points towards Vanessa's workstation being compromised by fileless malware. Rootkits aim to provide unauthorized access to a computer or areas of its software. While they can be stealthy, the primary symptoms Vanessa described don't match the typical signs of a rootkit infection. Adware primarily focuses on delivering unwanted advertisements to users. There's no indication in the scenario that Vanessa is being bombarded with ads. Ransomware typically locks up files or systems and demands payment for their release. Vanessa hasn't mentioned any encryption or ransom demands related to her workstation.

Which of the following legislation focuses on ensuring the privacy and security of patient health information in the US?

HIPAA OBJ: 5.1 - HIPAA (Health Insurance Portability and Accountability Act) sets the standard for protecting sensitive patient data and mandates specific practices and measures for health institutions. SOX (Sarbanes-Oxley Act) primarily deals with financial transparency and accountability, without a focus on patient health data. This act is aimed at securing federal computer systems processing confidential information, not specifically at health-related data. GDPR (General Data Protection Regulation), an EU regulation, focuses broadly on personal data protection but is not specific to the health sector or patient information.

To improve security on consumer passwords, Alpha Omega Funerals purchased software that will use an algorithm to create a new string of a specific length. The process is completed once. This will prevent the passwords from being transferred in plaintext. What is this method known as?

Hashing OBJ: 1.4 - Hashing is the process of converting an input of any length into a fixed size string of text, using a mathematical function. This matches the method being used in the scenario. Key stretching is a method used that repeatedly hashing the password to make it more random and longer than it originally appeared. This should make the key more time consuming to break. Since the scenario indicates that the hashing will only take place once, key stretching isn't the technique being used. Salting is a technique used in cryptography to add random data to the input of a hash function to increase security. This method does not convert an input of any length into a fixed size string of text. Digital signatures are a type of electronic signature that uses a specific type of encryption to ensure the authenticity and integrity of a digital message or document. This method does not convert an input of any length into a fixed size string of text.

Dion Training, an international streaming service, wants to ensure its content is only accessible in countries where it has distribution rights. To ensure compliance with content licensing agreements, which of the following methods would be the BEST solution?

IP geolocation filtering OBJ: 3.3 - By determining the geographic location of an IP address, this method restricts content access to users within specified regions. While DRM controls how content is used, accessed, and copied, it doesn't inherently restrict content based on a user's geographic location. Two-factor authentication (2FA) adds an extra layer of security during user authentication but doesn't consider geographic restrictions. Secure Hypertext Transfer Protocol ensures secure communication over the internet but doesn't handle geographic content restrictions.

Dion Training Solutions wants to implement a security system that can inspect incoming traffic in real-time, detect malicious activities, and then take action to block those activities immediately. Which of the following would be the MOST appropriate solution?

IPS OBJ: 3.2 - An IPS actively analyzes network traffic for signs of malicious activity. If it detects any threats, it can take immediate action, such as dropping the malicious packets or blocking traffic from the offending IP address. A DNS server translates domain names to IP addresses. While some advanced DNS servers can block malicious domains, they don't provide real-time analysis and blocking of traffic based on its content. While a WAF can inspect and block malicious web traffic, its scope is specifically geared towards web applications and doesn't necessarily cover all types of network traffic. A proxy server acts as an intermediary for requests from clients seeking resources from other servers. Its primary role is to forward web requests and may cache data, but it doesn't actively block malicious activities based on real-time traffic analysis.

To ensure compliance with international data protection laws and safeguard clients' confidential legal details, which of the following strategies would be BEST for a multinational law firm to adopt?

Implementation of GDPR-compliant data handling practices OBJ: 3.3 - Implementation of GDPR-compliant data handling practices ensures adherence to the European Union's privacy standards and respects client data rights. Adoption of local server storage systems allows in-house storage of data but lacks robust international data protection mechanisms. Utilization of end-to-end encrypted email platforms provides secure email communication but lacks a comprehensive approach to data handling compliance. ISO 27001 Certification is an international standard for information security management but doesn't address GDPR specific requirements.

At Dion Training Solutions, Susan, the network administrator, wants a solution that examines webpage addresses in real-time to ensure employees are only accessing safe websites. Which of the following would be the MOST effective method to achieve this?

Implementing URL scanning OBJ: 4.5 - URL scanning is a method that assesses URLs in real-time, helping organizations prevent access to malicious or inappropriate websites. A VPN provides encrypted communication and can hide user activity, but it doesn't evaluate URLs for safety. While a firewall can block certain IPs and ports, it doesn't inherently provide real-time scanning of individual URLs for content assessment. More bandwidth might improve network speed, but it doesn't assist in assessing the safety of URLs.

What key principle underpins the European Union's General Data Protection Regulation (GDPR) concerning personal data collection and processing?

Informed consent OBJ: 5.1 - GDPR mandates that personal data can only be collected and processed with the individual's informed consent, which means the purpose for data collection must be clearly communicated in plain language. Continuous monitoring is crucial for cybersecurity but is not the primary tenet of GDPR's approach to personal data. While GDPR does address the retention of personal data, its primary focus is on ensuring data subjects give informed consent for data collection and processing. While encryption is essential for safeguarding data, GDPR's core principle revolves around the individual's right to understand and consent to how their data is used.

At NovoTech, employees often use the same password for their email, CRM, and intranet platforms. The typical password format they use is "PlatformName123!" (e.g., "Email123!", "CRM123!"). Recognizing the security risk, what should NovoTech's cybersecurity lead recommend to address the issue of password reuse effectively?

Introduce unique password requirements for each platform OBJ: 4.6 - Diverse requirements discourage employees from reusing passwords. While 2FA increases security, it doesn't prevent users from reusing passwords. Educating employees is key, but without a structural change, employees might continue their existing habits. Passphrases are secure, but employees might still reuse them across platforms.

Which mitigation technique ensures that different network components are separated to prevent potential breaches from spreading?

Isolation OBJ: 2.5 - Separating components or systems ensures that a breach in one part does not easily spread or affect other parts, maintaining the integrity of unaffected sections. Dividing a network into separate parts or segments, often to improve performance and security, but not specifically focusing on completely isolating components from each other. Least Privilege, ensuring that users have only the permissions necessary to perform their tasks, without granting them unnecessary access rights, which isn't directly about separating systems. Encryption, the process of converting data into a code to prevent unauthorized access, doesn't inherently pertain to the separation of network components.

Carlos, a new security consultant at Dion Training Solutions, is tasked with identifying potential security vulnerabilities in the company's data center. He requests the latest server architecture diagram but receives one that's over a year old. Why is using this diagram potentially problematic for Carlos's task?

It might not reflect the current architecture, leading to overlooked vulnerabilities OBJ: 1.3 - An outdated diagram won't include recent changes, potentially missing out on identifying some vulnerabilities. The diagram's main goal is to depict the current structure, not necessarily future plans. The amount of detail is unrelated to the diagram's timeliness. Architecture diagrams focus on the system's structure, not employee access.

John is an IT administrator at Dion Training Solutions. Due to the dynamic nature of his job, he often requires access to various servers and systems on an as-needed basis. The organization wants to ensure that John is granted access only when required and for a short duration. Which security approach would be MOST suitable for John's role?

Just in time permissions OBJ: 4.6 - By granting access only when it's specifically needed and for a short duration, just-in-time permissions minimize the exposure of critical systems. MAC (Mandatory access control) assigns access based on labels and does not consider the specific timing or short duration for access needs. This method categorizes data based on its sensitivity, not the timing or duration of access. While RBAC (Role-based access control) assigns permissions based on job function, it does not consider the timing or duration of access needs.

Which of the following is a disadvantage of agentless posture assessment in Network Access Control (NAC) solutions?

Less detailed information about the client is available. OBJ: 4.4 - Agentless posture assessment in NAC solutions, while beneficial for supporting a broad range of devices, often provides less granular data about the client compared to agent-based solutions. This can limit the depth of assessment and control. Agentless solutions are often chosen specifically because they can support a wider range of devices, including smartphones, tablets, and IoT devices. Agentless solutions don't require storage on the client device for an agent, so this isn't a disadvantage of agentless posture assessment. The presence or absence of an agent doesn't directly correlate with an increased risk of malware. Malware protection is more related to the specific security mechanisms in place.

Dion Training Solutions is experiencing high volumes of web traffic, leading to delays and downtimes on their main website. They want a solution that distributes incoming web requests across multiple servers to ensure uptime and responsiveness. Which of the following would BEST address this concern?

Load balancer OBJ: 3.2 - A load balancer distributes incoming traffic across multiple servers to ensure no single server is overwhelmed. This helps in maximizing throughput, reducing latency, and ensuring fault-tolerant applications. While a network appliance sensor can monitor traffic and detect malicious activities, it is not designed to distribute web traffic across servers and therefore wouldn't address the concern of downtime or delays. A VPN creates a secure connection over the internet between a remote user and a network. While it provides security and privacy, it doesn't distribute traffic to prevent server overloads. A DNS server resolves domain names into IP addresses. It plays no direct role in balancing traffic loads across multiple servers.

Globex Corporation is looking to enter into a long-term business relationship with a vendor to provide IT services. They want to establish the general terms and conditions that will apply to future agreements with the vendor. Which type of agreement do they want to set up?

MSA OBJ: 5.3 - A Master Service Agreement (MSA) is precisely designed to establish the overall framework for a long-term business relationship between an organization and a vendor. It provides a foundation for future agreements and contracts by outlining general terms, conditions, and responsibilities. A Work Order (WO) or Statement of Work (SOW) is a document used to specify the specific tasks, deliverables, and timelines for a particular project or service. It is not intended to establish an overall framework for a long-term relationship. A Service-level Agreement (SLA) typically outlines specific performance metrics, service levels, and responsibilities for ongoing services, rather than establishing an overall framework for a long-term relationship. A Memorandum of Understanding (MOU) is a non-binding document used to express mutual understanding and intentions between parties. It is not typically suitable for establishing a formal framework for a long-term business relationship.

Which term is defined as the average operational period between the occurrence of two consecutive failures in a system or component?

MTBF OBJ: 5.2 - MTBF (Mean time between failures) represents the typical interval between failures for a system or component, used as a reliability indicator. Failure rate quantifies how often a system or component fails, which is different from the average time interval between failures. MTTR (Mean time to repair) measures the average time required to repair a system or component, not the time between failures. Operating time simply tracks the duration that a system or component has been in use, without measuring time between failures.

Which of the following is the MOST effective method to defend against unauthorized access to the memory of a physical server through VM escaping?

Monitoring and promptly patching hypervisor software. OBJ: 2.3 - Ensuring that the hypervisor software is always up-to-date with the latest patches and updates will help in safeguarding against vulnerabilities that can be exploited for VM escaping. Encryption is vital for protecting data at rest. However, if an attacker gains access to the encryption keys, especially via VM escape, encrypted data can still be compromised. Regularly updating credentials can prevent unauthorized access at the VM level, but it does not address the core issue of vulnerabilities at the hypervisor level that might enable VM escaping. While useful for guarding against malware on individual VMs, installing antivirus on each Virtual Machine doesn't address vulnerabilities at the hypervisor level that allow VM escaping.

Dwayne has told his friends to always turn off geolocation on their devices. What BEST explains why he would suggest his friends turn off geolocation data in applications?

The data can be used for tracking a persons movements Dwayne has told his friends to always turn off geolocation on their devices. What BEST explains why he would suggest his friends turn off geolocation data in applications?

Dion Training Solutions is deploying a new security system to monitor and detect malicious activities in real-time on their network. They want a device that can analyze network traffic without interfering or disrupting the flow. Which of the following would best meet this requirement?

Network appliance sensor OBJ: 3.2 - Network appliance sensors passively monitors network traffic, looking for signs of malicious or anomalous activity. Because it operates in a "listen-only" mode, it won't disrupt regular network operations. A VLAN (Virtual local area network) segments a network based on operational requirements, not necessarily security needs. It doesn't analyze traffic for signs of malicious activities. While a load balancer distributes incoming traffic to prevent server overloads, it does not provide detailed traffic analysis or threat detection functionalities. Though a proxy server can act as an intermediary for network requests and might offer some security features, it doesn't passively monitor all network traffic for malicious activities in the same way a dedicated sensor does.

Which of the following terms refers to an organization that maintains a balanced approach towards risk, willing to engage in risks that are aligned with strategic objectives and are within their capacity to manage?

Neutral risk appetite OBJ: 5.2 - A neutral risk appetite reflects an organization's balanced stance on risk-taking, neither aggressively seeking high-risk opportunities nor being overly conservative, but taking on risks that are strategically aligned and manageable. An expansionary risk appetite is evident in organizations that take on more risk to achieve high returns or growth, typically through new initiatives like launching products or entering new markets. A conservative risk appetite characterizes organizations that are risk-averse and prioritize stability and compliance over the pursuit of opportunities that carry more risk. Risk thresholds indicate the points at which risk levels are considered to exceed acceptable levels.

What kind of data typically requires processing by machines and specialized software?

Non-human readable OBJ: 3.3 - Non-human readable data typically refers to information that requires a machine or specialized software to interpret. Being critical, data might have significant importance to the running of a business or organization, but it does not determine whether it's readable by humans. Segmentation is a method of dividing a network into manageable parts. It's not a type of data. Geographic restrictions apply limitations based on data's location. This describes a security method, not the nature of data readability.

Which of the following terms refers to a comprehensive evaluation of risks within an organization that occurs at a specific moment, often to assess the impact of a new system implementation or gain an independent view of operational maturity?

One-time OBJ: 5.2 - One-time assessments are thorough evaluations conducted at a particular point, designed to establish a baseline or assess the state of risk at a specific time. Ad hoc risk assessments are conducted as needed and are not necessarily comprehensive or scheduled to assess the introduction of new systems or for an independent review. Risk identification involves the process of recognizing potential risks but does not pertain to the comprehensive evaluation at a particular point in time. Continuous assessments are ongoing and provide real-time risk analysis, unlike one-time assessments which are static and occur once.

Dion Training is researching cryptographic solutions that distribute transactional data across a peer-to-peer network, ensuring that no single entity controls the entire transaction history. What solution emphasizes this peer-to-peer distribution?

Open public ledger OBJ: 1.4 - An open public ledger, especially when associated with blockchain, is decentralized and distributed across a peer-to-peer network, ensuring no single entity has control over the entire transactional history. Hashing converts input data of any size into a fixed-length value, but doesn't specify how data is distributed. While digital certificates authenticate the identity of the certificate holder, they don't ensure a distributed transactional record. Asymmetric encryption involves using a pair of keys - a public key and a private key - for encryption and decryption, respectively.

A company's single-factor authentication system has failed. Which of the following would be an example of a compensating control that the company could implement to maintain security?

Requiring multi factor authentcation if single-factor authentication fails OBJ: 1.1 - Requiring multi-factor authentication if single-factor authentication fails is an example of a compensating control because it provides additional security when another control fails by requiring multiple factors for authentication. Conducting regular security awareness training for employees is also an example of a preventive control, which is used to prevent security incidents from occurring. Monitoring network traffic for signs of malware activity is an example of a detective control, which is used to detect security incidents. Installing antivirus software on all company computers is an example of a preventive control, which is used to prevent security incidents from occurring.

Which of the following statements BEST explains the importance and security implications of ownership concerning hardware, software, and data asset management?

Ownership establishes accountability, reducing insider threat risks. OBJ: 4.2 - Assigning ownership to specific individuals or departments is of utmost importance in the accounting process of hardware, software, and data assets. This ensures accountability for the security and appropriate use of assets, reducing the risk of insider threats. When specific individuals are responsible for assets, they are more likely to take security measures seriously and follow proper protocols. While proper labeling and tagging of assets are essential for asset management, it does not directly address the security implications of ownership in the accounting process. Asset identification aids in inventory management but does not significantly impact security concerns. Although ownership documentation is crucial for financial tracking and budget allocation, it does not primarily relate to the security implications of asset management. Financial tracking is necessary for budgeting but doesn't directly address security considerations. While determining the physical location of assets is part of asset management, it does not solely pertain to the importance of ownership in the accounting process. Physical security considerations are relevant but not the primary focus of ownership in the context of asset management and security implications.

Which standard mandates specific security requirements for organizations that handle branded credit cards from the major card issuers, aiming to protect cardholder data?

PCI DSS OBJ: 5.1 - The PCI DSS (Payment Card Industry Data Security Standard) is a widely-recognized security standard that imposes strict security measures for organizations handling credit cards from major card issuers to safeguard cardholder information against theft and fraud. NIST SP 800-63 offers guidelines for digital identity management, which includes general recommendations for access control but does not deal specifically with credit card data security. FIPS (Federal Information Processing Standards) are U.S. government standards that outline the requirements for cryptographic modules within federal computer systems and are not specifically related to credit card data protection. ISO/IEC 27001 is an international standard for managing information security; it is not exclusive to the protection of credit card data.

Dion Solutions, an e-commerce platform, has decided to overhaul its user authentication system. Instead of relying on traditional passwords, they want to provide users with an option where their online account credentials are proven only when they unlock their biometric-enabled laptops, all underpinned by public key cryptography. By doing this, users won't need to remember or enter passwords for their accounts. Which of the following BEST describes this authentication solution?

Passkey OBJ: 4.6 - The passkey system boosts sign-in security. It operates on the principle of public key cryptography, and proof of credential ownership is given only when the user unlocks their device. A hardware token is a physical device that generates or stores credentials for user authentication. CAPTCHA is a test to determine whether the user is human, often using distorted images of letters and numbers. A password vault is a software program that stores and manages users' passwords in an encrypted format.

Kelly Innovations LLC is launching a new mobile banking application. Their security team wants to leverage a more robust authentication mechanism that doesn't require users to remember complex passwords. Instead, when a user tries to sign in, they would just unlock their phone to prove their identity, with no need for entering a password on the application. This is achieved using a mechanism based on public key cryptography. Which of the following MOST describes this authentication solution?

Passkey OBJ: 4.6 - The passkey enhances security by using public key cryptography and only shows proof of credential ownership when the phone is unlocked, eliminating the need for passwords on certain applications. A One-time password (OTP) is a password that is valid for only one login session or transaction, typically sent via SMS or email. Biometric authentication uses unique physical characteristics, such as fingerprints or facial patterns, for user identification. Two-factor authentication (2FA) requires two types of credentials before granting access, like a password and a verification code.

Which of the following terms refers to the ability to obtain and apply security updates or fixes for software or systems?

Patch availability

Which of the following BEST describes data that is considered sensitive under the EU's General Data Protection Regulations (GDPR)?

Personal data that includes religious beliefs and political opinions OBJ: 3.3 - Under the EU's GDPR, sensitive personal data refers to specific categories of personal information that could harm an individual if made public. This includes, but is not limited to, religious beliefs, political opinions, trade union membership, gender, sexual orientation, racial or ethnic origin, genetic data, and health information. The intention behind categorizing such data as sensitive is to ensure its protection and prevent its misuse. Preferences like favorite movies or hobbies, while personal, are not considered as sensitive under the GDPR's specific criteria. Online purchase history is a form of personal data, but it isn't classified as sensitive in the context of the GDPR's specialized categories. While employment history and salary details are personal data, they are not specifically categorized as sensitive under the GDPR. However, they should still be protected, but they don't fall under the specially protected categories.

What is the main reason for implementing multi-cloud systems in security architecture?

Platform diversity OBJ: 3.4 - Multi-cloud systems increase platform diversity. Using different cloud providers and different platforms makes a system less vulnerable to platform specific attacks. In the event that one platform is made less secure or less functional, a different platform can be used. Parallel processing involves using multiple CPUs to process different parts of a bigger task. It requires the task to be broken into separate parts. The benefits of parallel processing include greater speed and greater fault tolerance. In addition, it can be cheaper because using several lower performance CPUs may mean that an expensive, higher performance CPU isn't needed. It isn't a feature of multi-cloud systems. Even though multi-cloud systems can enhance data security, but it can also make security systems more difficult to manage or more complex. The primary reason for multi-cloud implementation is to increase platform diversity. Load balancing distributes network or application traffic across many servers. This optimizes the use of resources, maximizes throughput, and reduces latency. It isn't part of a multi-cloud system.

Which sensor type is designed to measure the force or load applied on it, often used to detect presence or absence of objects?

Pressure OBJ: 1.2 - Pressure sensors measure the force or load applied to them and can be used in security systems to detect the presence or absence of objects. Motion detectors are triggered by movement. They usually use microwave radio reflection or infrared light. Microwave sensors send out microwave pulses which are reflected back when they reach obstacles. Ultrasonic sensors send out sound waves which are reflected back. This allows them to determine movement.

Which of the following techniques involves an attacker creating a scenario in order to deceive someone into providing sensitive information?

Pretexting OBJ: 2.2 - Pretexting is where attackers fabricate a scenario (a pretext) to deceive their target into providing information. This could involve posing as an HR representative needing to confirm some details, a survey agent, or any other invented role that would seem plausible to the victim. Cloning refers to the duplication of items such as badges, access cards, or even digital identities. It's about copying something authentic to gain unauthorized access, rather than fabricating a scenario. Tailgating, also known as "piggybacking," is a method where unauthorized individuals follow authorized personnel into secure locations by exploiting their courtesy or distraction. It relies on physical access rather than fabricated stories.Phishing involves attackers sending deceptive emails (or other forms of communication) to a broad audience, enticing recipients to click on malicious links, download malware, or provide sensitive information. The attacker's goal is to trick recipients into believing the message is from a trusted source.

Jason receives an email at his Kelly Innovations LLC account. The email seems to be from Reed, a coworker, and states that Reed urgently needs to see the invoice for a recent project. However, Reed specifies he needs it within the next 10 minutes as he is in a meeting with Sasha and top executives. Jason quickly sends over the invoice without double-checking with Reed. Which type of attack best describes this situation?

Pretexting OBJ: 2.2 - Pretexting involves creating a fabricated scenario, such as the described urgent meeting, to deceive the target into providing desired information or performing an action. The use of urgency and reference to known colleagues adds weight to the pretext, pressuring Jason into quick compliance. Cloning refers to the duplication of items such as badges, access cards, or even digital identities. It's about copying something authentic to gain unauthorized access, rather than fabricating a scenario. A brute-force attack involves attempting all possible combinations of passwords or encryption keys until the correct one is found. This scenario doesn't involve this kind of attack method at all. Whaling is a type of phishing attack that specifically targets high-profile employees, like executives or CEOs, to steal sensitive information. While this attack is personalized, it usually targets top executives, and not general employees like Jason. The scenario doesn't specifically mention Jason's rank or position, so whaling is not the most appropriate description.

To enhance the privacy of its users, Kelly Innovations LLC is considering a system that can act as an intermediary for internet requests, hiding the origin of the request from the destination server. Which solution would BEST fit this purpose?

Proxy server OBJ: 3.2 - A proxy server sits between a client and the destination server, forwarding requests and responses on behalf of the client. By doing this, it can effectively mask the client's IP address, providing a level of privacy and anonymity. While an IPS (Intrusion prevention system) monitors and blocks malicious traffic, it does not act as an intermediary for general internet requests or mask the origin of those requests. Routers forward data packets between computer networks and direct traffic on the internet. Though they can be configured for certain security tasks, they don't inherently mask the origin of internet requests like a proxy server does. A jump server facilitates administrative access to an environment but isn't designed to forward and mask internet requests from clients to destination servers.

Recently, the IT team at Dion Training Solutions noticed multiple instances of security mishaps by the employees. There were incidents involving weak passwords, improper data storage, and unreported phishing attempts. Management was concerned about these repeated mistakes and sought a method to educate and guide their employees about maintaining cybersecurity best practices. Which of the following solutions would BEST assist the organization in preventing future security incidents?

Publishing security policies, best practices, and training materials OBJ: 2.4 - Creating clear guidelines and sharing best practices along with comprehensive training materials ensures that employees are consistently informed about security standards and practices. While multi-factor authentication strengthens login processes, it doesn't holistically educate users on varied security practices. Advanced firewalls can enhance perimeter security, but they don't directly address user knowledge and behavior related to cybersecurity. Regular backups are essential for data integrity and recovery, but they don't necessarily guide employees on security protocols.

Which of the following cryptographic methods involves two distinct keys - one private and one public - ensuring that a message encrypted with one key can only be decrypted by its counterpart?

RSA OBJ: 2.5 - RSA (Rivest-Shamir-Adleman) is an asymmetric encryption algorithm that uses two keys. A message that's encrypted with the public key can only be decrypted with the private key, and vice versa. AES (Advanced Encryption Standard) is a symmetric encryption method where the same key is used for both encryption and decryption, not involving distinct public and private keys. HMAC (Hash-Based Message Authentication Code) is a specific construction for creating a message authentication code (MAC) involving a cryptographic hash function, but not a form of asymmetric encryption. 3DES (Triple Data Encryption Standard) is an evolved form of the older Data Encryption Standard (DES) which uses symmetric key algorithms for the encryption of electronic data, not involving public and private keys.

After resolving reported SQL injection vulnerabilities in their database, Dion Training wishes to confirm that these specific weaknesses have indeed been patched. Which action is MOST appropriate for this purpose?

Re-executing vulnerability scans of affected database endpoints OBJ: 4.3 - Re-scanning previously vulnerable endpoints is the direct approach to confirm if SQL injection flaws have been addressed. Real-time monitoring is about detecting ongoing threats, not confirming the resolution of a specific vulnerability. While enhancing protection, setting up additional firewall rules around the database doesn't provide direct confirmation that SQL injection vulnerabilities are fixed. While patch notes give an overview of updates, they do not directly validate the resolution of specific vulnerabilities.

Alexis, a network security specialist at DeltaCorp, was alerted to an unusual activity on the company's server. She discovered that software, appearing to be a legitimate control program, was installed without the IT department's knowledge. This software was covertly allowing an external entity to upload files, change configurations, and even execute commands, all without raising any immediate alarms. Which type of malware is MOST likely responsible for the activities on DeltaCorp's server?

Remote access trojan (RAT) OBJ: 2.4 - A RAT mimics legitimate remote control programs but operates covertly. It provides the threat actor unauthorized access to a host, enabling them to upload files, install software, or execute commands. Worms are malware that replicate themselves to spread to other computers. There's no evidence in the scenario of self-replicating software. Adware displays unwanted ads on a user's device. The events at DeltaCorp don't suggest any ad-displaying activities. A rootkit provides unauthorized access to a computer, but it doesn't specifically mimic legitimate remote control programs like the software at DeltaCorp.

During e-discovery, which activity is a key focus?

Reviewing electronic files to extract relevant documents for a legal case OBJ: 4.8 - E-discovery revolves around the systematic search and retrieval of pertinent electronic data for legal purposes. Maintaining a detailed record of every individual who accesses the digital evidence relates to the chain of custody, ensuring that evidence has been handled properly and remains credible. While data recovery is a common task in digital forensics, it isn't the primary activity in the e-discovery process. Ensuring that evidence storage mediums are in tamper-evident bags is a preservation measure, designed to protect and authenticate the original evidence.

A pharmaceutical company decides that while it will invest heavily in research and development for cutting-edge treatments, it will not pursue medical devices due to the different regulatory environment and company expertise. This decision is an example of:

Risk appetite OBJ: 5.2 - The pharmaceutical company's decision to invest in specific areas while avoiding others demonstrates its risk appetite, reflecting the level and type of risk the company is willing to pursue. Risk tolerance would be the amount of risk, specifically in terms of potential losses or deviations, the company is willing to accept within the areas it has decided to pursue. Risk assessment involves evaluating specific risks to understand their impact and likelihood, rather than the strategic decisions about which types of risks to take on. A risk register is a tool for tracking identified risks and managing them, not a policy decision regarding which risks to engage with.

At Dion Training, the risk management team has completed a comprehensive risk assessment and identified potential risks across various departments. To ensure proactive risk management and response, they want to establish a system for continuously monitoring and tracking these identified risks. Which element of the risk management process should the risk management team implement to monitor and track the identified risks over time?

Risk register OBJ: 5.2 - The risk register is a comprehensive record that lists all identified risks, their potential impacts, assigned risk owners, and current risk status. It serves as a central repository for tracking and monitoring risks over time. Risk assessment is the initial step in the risk management process, involving the identification, analysis, and evaluation of potential risks. Business impact analysis assesses the potential consequences of specific risks on critical business functions, helping prioritize risk response efforts. Risk reporting involves the regular communication and documentation of identified risks, their potential impact, and risk management strategies to relevant stakeholders.

At Dion Defenders, the risk management team has completed the risk assessment process and identified various risks to the company's information systems. They are now preparing to communicate the risk-related information to relevant stakeholders and management for informed decision-making. What part of the risk assessment process are they undertaking?

Risk reporting OBJ: 5.2 - Risk reporting is the element of the risk management process that involves communicating risk-related information, including risk assessment results, to relevant stakeholders and management. Risk identification involves identifying potential risks and vulnerabilities within an organization's environment. This is done before reporting to the stakeholders. Risk assessment involves evaluating the identified risks to determine their potential impact and likelihood of occurrence. This is done before reporting to the stakeholders. Risk analysis involves analyzing risks in terms of their potential financial impact and other factors. This is done before reporting to the stakeholders.

Good Sense Incense, a spice producer has hired a penetration tester. Before the testing begins, the two companies agree on the overall project to be completed, the deliverables, timelines, and costs and sign a formal document with the details included. Which of the following documents have they signed?

SOW OBJ: 5.3 - The Work Order (WO) or Statement of Work (SOW) is a document that provides detailed instructions and requirements for a specific task within a project to be carried out by the vendor. It may include information on deliverables, timelines, and costs. The Master Service Agreement (MSA) is a comprehensive document that establishes the overall framework for a long-term business relationship between companies. Since this agreement is about the specifics for the test, it isn't a MSA. The Memorandum of Understanding (MOU) outlines the terms of a partnership between two organizations and how they will collaborate on specific projects or initiatives. A MOU is informal, however. A Business Partner Agreement (BPA) sets up a long term partnership between two companies. It doesn't focus on a specific work project.

Elaborate You, a fashion design studio, is reviewing their security systems. Stanley, an IT manager, has explained the PKI system to his boss. Their boss is alarmed by the idea of public keys and wants to purchase a storage device to save symmetric and assymmetric keys. Stanley has explained that the Apple based devices the company uses have a storage system like this on a chip embedded in the devices. What is the name of the device that Stanley is referring to?

Secure enclave OBJ: 1.4 - Secure Enclave is a chip that is used only to secure encryption keys, hashes, and other important data. It is embedded in Apple and Android devices. TPM is a hardware-based storage system that contains keys, digital certificates, hashed passwords, and many other types of information used for authentication. It is embedded on device motherboards that use Windows operating systems. An HSM is a physical computing device that safeguards and manages digital keys for strong authentication. It can be a external device or on an expansion card, but it is not embedded on the motherboard. Key Management System is a process used to ensure that keys are kept secure by establishing standards of security. It is a set of policy decisions, not a chip or device such as TPM, HSM, and Secure Enclave.

Which of the following BEST emphasizes the critical role of sanitization in ensuring secure hardware, software, and data asset management?

Sensitization erases all data from a storage device rendering it unrecoverable. OBJ: 4.2 - Sanitization is a crucial process when dealing with hardware, software, and data asset management. It aims to achieve a specific outcome related to data protection, especially when devices are decommissioned or reused. This process ensures sensitive data is securely wiped, preventing unauthorized access or data breaches. Creating multiple data backups is an important data management practice, but it is not synonymous with sanitization. Sanitization focuses on a different aspect of data handling and security in the context of hardware, software, and data asset management. Sanitization cleans physical hardware components to remove dust and dirt and keep the system functional option refers to cleaning physical hardware components, which is indeed a necessary maintenance practice. However, it does not encompass the security implications of sanitization, which involves addressing data security concerns. Regularly updating software applications is essential for security, but it does not fully encompass the concept of sanitization. Sanitization involves something more specific related to data and its secure handling.

Which of the following mobile device vulnerabilities that is created by installing applications from sources other than the official app store?

Side loading OBJ: 2.3 - Side loading is a mobile device vulnerability that results from installing applications from sources other than the official app store, such as third-party websites, USB drives, or email attachments. It can expose the device to malware, spyware, or unauthorized access. Memory injection is a technique that involves injecting code into a running process to alter its behavior or gain access to its memory. It can be used for malicious or legitimate purposes on mobile devices, such as debugging or hooking. Buffer overflow is a type of memory corruption that occurs when a program writes more data than the allocated buffer can hold, causing it to overwrite adjacent memory locations. It can lead to crashes, code execution, or privilege escalation. Jailbreaking creates a vulnerability on mobile device by bypassing the restrictions imposed by the manufacturer or provider of a device, such as an iPhone or iPad, to gain root access and install unauthorized applications or customizations. It can expose the device to malware, spyware, or unauthorized access.

Enrique is making a detailed list of every application installed on Dion Training's server. Which of the following tasks BEST describes Enrique's task?

Software enumeration OBJ: 4.2 - Software enumeration focuses on identifying and cataloging every software component present on a particular system. It aids in understanding the software landscape and helps in making informed decisions related to software asset management. A comprehensive evaluation of potential threats and vulnerabilities in a system or process. While it may take into account the software present, its primary goal isn't to list them but to assess potential risks associated with them. Network mapping is the process of creating a visual representation or layout of the network infrastructure. While it provides a detailed overview of network connections and devices, it does not concern itself with listing individual software. Patch management centers around the practice of updating software components with patches to address vulnerabilities or bugs. It ensures that software is up to date and secure but does not involve creating a list of software installations.

On completion of orientation, Reed, HR Manager at Kelly Innovations, LLC, gives Susan a company laptop. Who is primarily responsible for the laptop's security?

Susan OBJ: 4.2 - Although the company owns the laptop, Susan is responsible for its security while in her possession. Kelly Innovations, LLC formulates policies, but it's up to users to adhere to them. The IT department ensures overall system security, but individual users are responsible for the assets they're given. Managers, such as Reed, oversee teams and workflows, but the direct security of an asset falls on the user.

Which of the following statements BEST explains the importance of a tabletop exercise in the incident response process?

Tabletop exercises are interactive discussions and role-playing exercises used to test and improve incident response plans and team coordination. OBJ: 4.8 - Tabletop exercises are interactive discussions and role-playing exercises used to test and improve incident response plans and team coordination. During these exercises, participants simulate the steps they would take in response to various incident scenarios, identify potential weaknesses in their response plans, and practice their decision-making and communication skills. Tabletop exercises provide a valuable opportunity for incident response teams to enhance their preparedness and effectiveness in handling real incidents without the actual risks associated with live attacks. Tabletop exercises do not involve directly confronting live cybersecurity threats and attacks. They are theoretical exercises designed to simulate incidents and allow incident response teams to discuss and practice their responses in a controlled, safe environment. Tabletop exercises are not about discussing personal preferences or strategies; instead, they focus on testing and improving incident response plans and coordination. Tabletop exercises are not physical simulations where incident response procedures are physically practiced in real-world scenarios. They are theoretical exercises that involve discussions and role-playing, not live simulations.

You are a security analyst tasked with investigating a suspected security breach involving leaked corporate documents. You decide to examine the metadata associated with these documents. Which of the following pieces of information would be MOST valuable in these metadata logs to investigate the incident?

The timestamps of the documents OBJ: 4.9 - The metadata of creation, modification, and last accessed timestamps can provide crucial information about when the documents were created, altered, or accessed, which may reveal details of the breach. The file extensions are not part of the metadata and would not help you in your investigation. Timestamps indicating when the documents were created, modified, or last accessed is more likely to provide you with information for your investigation. While the word count may give an indication of the scale of the documents involved, it doesn't provide specific details related to a potential security breach. Timestamps indicating when the documents were created, modified, or last accessed is more likely to provide you with information for your investigation. The security classification status is not found in the metadata of a document. Timestamps indicating when the documents were created, modified, or last accessed is more likely to provide you with information for your investigation.

Which of the following statements is NOT true regarding the role of Ticket Creation in the context of automation for secure operations?

Ticket creation fosters more security team cohesion and makes collaboration within the team more effective. OBJ: 4.7 - Ticket creation doesn't impact security team cohesion. Its primary purpose in IT operations centers around managing, tracking, and coordinating tasks, requests, and issues - not hiring or recruitment processes. Tickets create a channel of communication between IT teams, helping in coordinating tasks and managing workloads efficiently. By logging tasks and progress via tickets, better accountability of IT team performance is achieved. Response times, issue resolution, and team productivity can be measured accurately. Ticket creation in IT operations enables efficient tracking and management of issues, requests, or tasks raised by users, which is crucial in automation and orchestration.

Which of the following is a type of race condition that occurs when a process performs an action on a resource without verifying that it is still in the same state or value as when it was last checked?

Time-of-use (TOU) OBJ: 2.3 - Time-of-use (TOU) is a type of race condition that occurs when a process performs an action on a resource without verifying that it is still in the same state or value as when it was last checked. It can lead to incorrect or unauthorized actions based on invalid assumptions. Buffer overflow is a type of memory corruption that occurs when a program writes more data than the allocated buffer can hold, causing it to overwrite adjacent memory locations. It can lead to crashes, code execution, or privilege escalation. Memory injection is the insertion of malicious code into a system's memory, not the exploitation of a time gap between a check and use of a condition. Time-of-check (TOC) is a type of race condition that occurs when a process checks the state or value of a resource before using it, but another process changes it in between. It can lead to incorrect or unauthorized actions based on outdated information.

In the context of penetration testing, what is the purpose of passive reconnaissance?

To gather information without directly engaging in the target. OBJ: 5.5 - Passive reconnaissance involves gathering information about the target system or organization without directly interacting with it. This information can include publicly available data, domain information, and network details. The purpose of defensive penetration testing is to evaluate an organization's defensive capabilities against simulated cyberattacks. Passive reconnaissance is not directly related to this objective. To simulate real-world attacks and identify vulnerabilities does not accurately describe the purpose of passive reconnaissance. Simulating real-world attacks and identifying vulnerabilities are typically the objectives of offensive or offensive-oriented penetration testing. Penetration testing is the process of testing an organization's vulnerabilities in a simulated attack. Offensive capabilities are the abilities to launch an attack. Companies who engage in attacks are likely violating the law.

What is the primary purpose of an NDA in the vendor relationship?

To protect sensitive information and maintain confidentiality. OBJ: 5.3 - To protect sensitive information and maintain confidentiality is the primary purpose of a non-disclosure agreement (NDA). It is a legally binding contract that ensures the vendor keeps sensitive information confidential and doesn't disclose it to unauthorized parties. The rules of engagement define the scope, limitations, and rules for security assessments like penetration testing, but they are typically included in a separate document. To ensure the vendor meets specific service-level requirements is more aligned with a service-level agreement (SLA), which defines the level of service expected from the vendor, including performance metrics. The right-to-audit clause, not the non-disclosure agreement (NDA), typically grants the organization the right to perform audits or penetration tests on the vendor's systems.

Which of the following is a type of human vector attack that involves creating a fake website address or domain name that resembles a legitimate one, but with slight spelling or punctuation differences?

Typosquatting OBJ: 2.2 - Typosquatting is a type of human vector/social engineering attack that involves creating a fake website or domain name that resembles a legitimate one, but with slight spelling or punctuation differences. Pretexting is a type of human vector/social engineering attack that involves creating a fabricated scenario or pretext to justify the request for confidential information or action from the target. Business email compromise is a type of human vector/social engineering attack that involves compromising or spoofing a legitimate business email account to request fraudulent payments or transfers from unsuspecting employees or customers. Impersonation is a type of human vector/social engineering attack that involves pretending to be someone else, such as an authority figure or a trusted person, to persuade users to share confidential information or perform certain actions.

Rock Crest Ventures is in the process of choosing vendors for a major project. They are committed to conducting business with suppliers who uphold ethical and legal standards in their operations. The company wants to ensure that the selected vendors align with their values and meet the necessary criteria. What process will help ensure the chosen company's values match Rock Crest's values from the beginning of their partnership?

Vendor selection OBJ: 5.3 - Vendor selection is the process of evaluating and choosing vendors based on various criteria, including their alignment with the organization's ethical and legal requirements. It occurs before the partnership begins Vendor monitoring refers to continuously evaluating a vendor's security performance and compliance with contractual requirements, but it does not directly relate to ethical and legal criteria. It occurs after the vendor is chosen. Vendor assessment involves evaluating the security measures and vulnerabilities of a vendor's systems and infrastructure, but it does not specifically focus on ethical and legal requirements. It occurs after the vendor is chosen. A Master Service Agreement (MSA) is precisely designed to establish the overall framework for a long-term business relationship between an organization and a vendor. It provides a foundation for future agreements and contracts by outlining general terms, conditions, and responsibilities. It generally is concluded after a vendor is chosen.

Which of the following is a primary concern when obtaining new hardware, software, and data assets?

Verifying products security compliance OBJ: 4.2 - Before procuring, it's vital to ensure hardware, software, or data assets align with established security standards to prevent vulnerabilities. Though important, implementing network partitions deals with enhancing network security and performance, not directly with procuring new assets. Managing software update cycles refers to how often software receives updates, not directly to the acquisition of new assets. While vital, overseeing software patch processes pertains to updating existing software, not to the acquisition of new assets.

Which of the following is a type of message-based attack that involves sending fraudulent voice calls to trick recipients into revealing sensitive information or performing certain actions?

Vishing OBJ: 2.2 - Vishing is a type of message-based attack that involves sending fraudulent voice calls to trick recipients into revealing sensitive information or performing certain actions. Phishing is a type of message-based attack that involves sending fraudulent emails to trick recipients into revealing sensitive information or clicking on malicious links. Smishing is a type of message-based attack that involves sending fraudulent text messages to trick recipients into revealing sensitive information or clicking on malicious links. IM is a type of message-based attack that involves sending fraudulent instant messages to trick recipients into revealing sensitive information or clicking on malicious links.

Which option BEST explains the importance of having vulnerability scanners?

Vulnerability scanners are critical in detecting and assessing security weaknesses in applications and systems. OBJ: 4.4 - Vulnerability scanners are essential for detecting and assessing security weaknesses in systems and applications. By proactively addressing potential vulnerabilities, organizations can enhance their overall security posture and reduce the risk of exploitation. Vulnerability scanners are used to detect and asses security weaknesses in systems and applications. They do not monitor user activities or detect suspicious behavior. While monitoring network traffic is vital, vulnerability scanners are primarily focused on identifying security weaknesses. They don't run continuously. Vulnerability scanner detect potential problems, but they don't mitigate them. Once detected, security officials and others are responsible for mitigating the problems found by the vulnerability scanners.

You are visiting a website that is related to your hobby and you see an article that interests you. You click on the article and it takes you to another website that asks you to install a browser extension to view the content. However, the browser extension is actually malware that steals your browsing history and personal information. What type of attack is this an example of?

Watering hole OBJ: 2.2 - Watering hole is a form of cyberattack that involves compromising a legitimate website that is frequented by a specific group of users, such as employees of a certain organization. The goal is to infect the users' systems with malware when they visit the website. Brand impersonation is a form of cyberattack that involves creating fake websites, emails, or social media accounts that mimic legitimate ones. The goal is to deceive users into trusting the fake entity and revealing their information or performing malicious actions. Impersonation is a form of social engineering that involves pretending to be someone else in order to obtain information or access from a victim. Business email compromise is a form of cyberattack that involves compromising an email account of a person in authority, such as a CEO or a manager, and using it to send fraudulent requests or instructions to other employees or partners. The goal is to trick them into transferring money or disclosing confidential information.

Which of the following terms refers to the delivery of computing services over the internet, such as servers, storage, databases, networking, software, analytics, and intelligence?

cloud OBJ: 3.1 - Cloud is an architecture model that involves delivering computing services over the internet, such as servers, storage, databases, networking, software, analytics, and intelligence. Cloud can offer benefits such as scalability, flexibility, and cost-effectiveness, but it also introduces challenges such as security, privacy, and governance. IoT stands for Internet of Things, which is a network of physical devices that can communicate and exchange data over the internet. It does not refer to the delivery of computing services over the internet. On-premises is an architecture model that involves hosting and managing infrastructure on the organization's own premises. It does not refer to the delivery of computing services over the internet. Virtualization is a technique that involves creating virtual versions of physical resources, such as servers, storage, or networks. It does not refer to the delivery of computing services over the internet.

Kelly Innovations LLC, a Software as a Service (SaaS) provider, intends to store data pertaining to its European clientele. In accordance with GDPR, there are stipulations regarding the physical locality of data storage. Which of the following terms defines the mandate that data be stored and processed in compliance with the legal provisions of its residing nation?

data sovereignty OBJ: 3.3 - Data sovereignty refers to the concept that data is subject to the laws and governance structures within the nation it is located. Companies must manage and store data according to the specific laws and regulations of each country in which they operate. Data replication is the process of storing data in multiple locations for the sake of data recovery and backup. It does not pertain to the specific legalities of where data is stored. Data integrity pertains to the accuracy and consistency of data over its lifecycle. It does not focus on the location-specific rules for data storage. Data obfuscation involves disguising original data to protect the data subject's privacy and data security, not the geographic laws surrounding data.

You are a network engineer for a large hospital that has a complex network infrastructure that supports various devices and applications. You want to use a mitigation technique that can help you apply the minimum level of access or privileges required for users or processes to perform their tasks, such as doctors, nurses, patients, etc. Which of the following mitigation techniques can help you achieve this goal?

least privilege OBJ: 2.5 - Least privilege is a technique that can help you apply the minimum level of access or privileges required for users or processes to perform their tasks, such as doctors, nurses, patients, etc. Least privilege involves restricting access or privileges based on predefined rules and permissions, such as roles, groups, functions, etc., and enforcing them through mechanisms such as passwords, tokens, biometrics, etc. Least privilege can also help you limit the damage caused by malicious or compromised users or processes by preventing them from accessing or modifying resources that are not relevant or necessary for their tasks. Patching is a technique that can help you prevent exploitation of known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements. Patching involves applying patches or updates to software and systems, but they do not apply the minimum level of access or privileges required for users or processes to perform their tasks. Access control is a technique that can help you assign different levels of access or privileges to users or processes based on their roles, groups, or functions. Access control involves using policies such as access control lists (ACLs) or permissions to specify what actions users or processes can perform on resources such as files, folders, databases, etc., but they do not apply the minimum level of access or privileges required for users or processes to perform their tasks. Isolation is a technique that can help you separate systems or processes from each other to prevent interference or contamination. Isolation involves creating separate environments for running different systems or processes, such as virtualization, sandboxing, containers, etc., but they do not apply the minimum level of access or

You receive an email from your bank asking you to verify your account details by clicking on a link. The email looks legitimate, but you are suspicious. What kind of threat vector was used for this attack?

message based OBJ: 2.2 - Message-based attack vectors include email, SMS messages, and Instant Messaging. File-based attacks use malicious files, such as executables, documents, or archives, to infect systems with malware or perform other malicious actions. This scenario has a link, not an executable or document to click on. Agentless software is software that does not require installation or configuration on the user's computer. It runs on a remote server and communicates with the user's computer via a web browser or other interface. There is not software in this scenario, so Agentless can't be the correct answer. Image-based attacks have malicious code embedded in within the image's headers. The code infects the system when the image is downloaded.

A company's single-factor authentication system has failed. Which of the following would be an example of a compensating control that the company could implement to maintain security?

requiring multi-factor authentication if single-factor authentication fails OBJ: 1.1 - Requiring multi-factor authentication if single-factor authentication fails is an example of a compensating control because it provides additional security when another control fails by requiring multiple factors for authentication. Monitoring network traffic for signs of malware activity is an example of a detective control, which is used to detect security incidents. Conducting regular security awareness training for employees is also an example of a preventive control, which is used to prevent security incidents from occurring. Installing antivirus software on all company computers is an example of a preventive control, which is used to prevent security incidents from occurring.

Which of the following provides a human presence, often at entry points, to monitor, deter, and respond to potential security incidents?

security guard OBJ: 1.2 - A security guard is a person employed to protect property, assets, or people, often serving as the first line of defense against unauthorized activities. Ultrasonic sensors measure distances or detect objects using sound waves at frequencies higher than the human audible range. A honeytoken is a type of digital bait used to detect unauthorized system access or data usage. Bollards are short, vertical posts designed to prevent vehicular access to certain areas.

You were recently hired by a large software company that specializes in developing mobile applications. After receiving your username and password, the company requires you to use a smart card that uses radio frequency identification (RFID) to gain access to the company's development environment. Which type of multi-factor authentication (MFA) factor does the card represent?

something you have OBJ: 4.6 - Something you have refers to authentication factors that involve possessing a physical object or token, such as a smart card, security token, or mobile device. Something you know refers to authentication factors that involve knowledge of a specific piece of information, such as a password or PIN. In the scenario, the authentication factor is based on the physical presence of the smart card at a specific location, not on any piece of information known to the user. Something you are refers to authentication factors that involve biometric characteristics or behavioral traits, such as a fingerprint scan or facial recognition. The scenario does not involve any biometric authentication but rather location-based authentication using RFID technology. Somewhere you are refers to authentication factors that determine where you are geographically. This can be determined by a phone's geo-location, an IP address, or a unique identifier of the device you are using. In this scenario, having the card is the authentication factor.

Which of the following certificates is issued by a recognized external authority and inherently carries more trust for users and systems unfamiliar with the certificate's originator?

third party certificate OBJ: 1.4 - A third-party certificate is signed and verified by a recognized external certificate authority. This validation provides higher trust in public and external environments compared to self-signed certificates. A private key is a cryptographic key used for decrypting or signing data. It isn't a certificate type. A public key is used in asymmetric encryption, it's paired with a private key but isn't a type of certificate on its own. A certificate revocation list (CRL) is a list that keeps track of certificates that have been revoked by the certificate authority before their expiration date. It isn't a certificate type.

Dion Training wants to increase the trustworthiness of its website for its clients. They are seeking a certificate that is signed and verified by a recognized external authority. What type of certificate should they pursue?

third-party certifcate OBJ: 1.4 - Dion Training should pursue a third-party certificate, which is signed and verified by a recognized external certificate authority. This validation provides a higher trust in public and external environments compared to self-signed certificates. A wildcard certificate secures multiple subdomains under one main domain but doesn't necessarily indicate external trust or CA verification. A CSR (Certificate Signing Request) is a formal request to a CA for a digital certificate, not a certificate type in itself. Signed by its creator, a self-signed certificate might not be viewed as trustworthy in external environments due to a lack of third-party verification.

A History professor visits the American Historical Society nearly every day to check the discussion boards and information about conferences. One day, he sees link to a conference he's never heard of. He clicks the link and it takes him to a site that doesn't seem legitimate. He clicks on the back button. The next day, he gets a call from the IT department asking why he has begun logging into the university's system at 3:00 am. What type of attack has the professor most likely fallen victim to?

watering hole OBJ: 2.2 - Watering hole is a form of cyberattack that involves compromising a legitimate website that is frequented by a specific group of users, such as employees of a certain organization. The goal is to infect the users' systems with malware when they visit the website. Business email compromise is a form of cyberattack that involves compromising an email account of a person in authority, such as a CEO or a manager, and using it to send fraudulent requests or instructions to other employees or partners. The goal is to trick them into transferring money or disclosing confidential information. Impersonation is a form of social engineering that involves pretending to be someone else in order to obtain information or access from a victim. Brand impersonation is a form of cyberattack that involves creating fake websites, emails, or social media accounts that mimic legitimate ones. The goal is to deceive users into trusting the fake entity and revealing their information or performing malicious actions.