SECURITY + 2025

Which of the following BEST describes a playbook in cybersecurity?

A data-driven standard operating procedure (SOP) for responding to cyberthreat OBJ: 5.1 - A playbook, also known as a runbook, guides junior analysts through steps to detect and handle cyberthreats such as phishing, SQL injection, and others, starting with a SIEM report. While SIEM systems are essential in cybersecurity, a playbook specifically details the response process to certain cyberthreats and not the setup of the SIEM system. While historical records are crucial, a playbook is a proactive tool designed to guide the response to specific types of cyber threats. A playbook is not a personnel roster; it's a guideline to address specific cyberthreat scenarios effectively.

Which of the following statements is NOT true about the Dark Web?

All content available on the Dark Web is illegal and harmful OBJ 4.3: While the Dark Web does contain a lot of illegal activity and content, it isn't accurate to claim that all content on the Dark Web is illegal or harmful. The Dark Web also hosts legal and innocuous content. The Dark Web is a subset of the Deep Web, intentionally hidden and usually inaccessible through standard web browsers. The Dark Web is often associated with illicit activities due to the anonymity it can offer to its users. Specialized software like Tor is typically required to access the Dark Web, providing anonymity to its users

Sasha, a network administrator for Kelly's Technical Innovations, has just recently installed a NGFW on her company's network to replace the previous traditional stateful firewall they were using. This change was made to keep up with shortcomings that were with the previous firewall. Which of the following improvements does this NGFW provide that were not available previously? (Choose 3)

Application awareness that can distinguish between different types of traffic Ability to conduct deep packet inspection and use signature-based intrusion detection Can be integrated with various other security products OBJ 3.2: A Next Generation Firewall (NGFW) has several improvements over the company's previous stateful firewall, such as application awareness that can distinguish between different types of traffic, can conduct deep packet inspection and use signature-based intrusion detection, and has the ability to be integrated with various other security products. Tracking of connections and requests, allowing return traffic for outbound requests, and improving awareness of connection states on layer 4 were already features on the stateful firewall that was replaced. The addition of multiple functions, including firewall, intrusion prevention, antivirus, and more, is advancing into the area of a Unified Threat Management (UTM) firewall rather than a basic NGFW. Increased focus on HTTP traffic helping to prevent common web application attacks like cross-site scripting and SQL injections would be a description of a Web Application Firewall (WAF), not an NFGW.

Which of the following terms refers to the use of technology to perform tasks without human intervention, especially in processes where manual operations can be repetitive, labor-intensive, or error-prone

Automation OBJ: 5.4 - Automation is the utilization of technology to execute tasks without the need for continuous human input, enhancing efficiency and accuracy in various processes. Artificial Intelligence is a branch of computer science focused on creating machines capable of intelligent behavior, but not specifically limited to task execution. Orchestration is the coordinated execution of multiple automated tasks in a specific order to achieve a complex outcome or process. Configuration Management is the process of systematically handling changes to a system in a way that it maintains integrity over time, not necessarily implying an automated process.

Which of the following terms refers to preserving authorized restrictions on access and disclosure to prevent unauthorized access?

Confidentiality OBJ: 1.2 - Confidentiality ensures that information is accessible only to those with the appropriate permissions, preventing unauthorized access. Integrity ensures that data remains unchanged and free from tampering unless it has been authorized. Availability ensures that information is accessible and functional to authorized users when needed. Non-repudiation ensures that both the sender and the recipient of a message cannot deny having sent or received it.

Initech has always provided employees with devices. Recently, Gregory, the Initech security analyst, became aware that many employees have been able to use their own devices. When he questioned the supervisors, he found out they knew employees were using their own devices. The employees said they needed devices that worked with more innovative software packages. None of the devices offered by Initech were robust enough to handle the software. Gregory says that having employees use their own devices isn't a possibility moving forward. He suggests that the company create a policy that prevents employees from putting their own software on devices and using their own devices. To address employee needs, he suggests Initech provide a broader range of devices and purchase the software employees need. Initech will buy the devices for the employees. Which of the following deployment models is Gregory most likely suggesting?

COYD Explanation: OBJ 4.1: CYOD stands for Choose Your Own Device, which is a deployment model that allows employees to choose from a list of approved devices provided by the company. This model can offer some flexibility and convenience to the employees, as they can select the device that best suits their needs and preferences. COPE stands for Corporate Owned Personally Enabled, which is a deployment model that involves the company providing devices to its employees and allowing them to use them for both work and personal purposes. This model can give the company full control over the security and management of these devices, as it can enforce security policies, install software updates, monitor usage, and wipe data remotely. COBO stands for Corporate Owned Business Only, which is a deployment model that involves the company providing devices to its employees and restricting them to work-related use only. This model can ensure the highest level of security and compliance for these devices, but it also reduces the productivity and satisfaction of the employees, as they have to carry multiple devices for different purposes. BYOD stands for Bring Your Own Device, which is a deployment model that allows employees to use their personal devices, such as laptops, smartphones, or tablets, to access the company's network and applications. This model can reduce the costs and risks associated with managing and securing these devices, as the responsibility is shifted to the employees.

Why might an organization be particularly concerned about introducing automation tools that become single points of failure during secure operations?

Compromised availability leading to operational disruptions Explanation: OBJ 4.7: A single point of failure can jeopardize the entire system's uptime, introducing potential security risks and halting processes. Data integrity ensures data remains accurate and consistent over its lifecycle, but it doesn't directly link to concerns of single points of failure. Upholding data confidentiality is a primary security concern, but it isn't directly related to the risks of single points of failure. Scalability ensures systems can handle growth, but it isn't focused on the immediate availability risks associated with single points of failure.

Recently, Kelly Innovations LLC launched a new web application for its clients. Jake noticed that several users reported unexpected changes to their account settings even though they hadn't made any modifications. Emily, analyzing the logs, discovered that many of the affected users were previously on various unrelated external sites just before the unexpected changes occurred. The logs show a valid session cookie for each affected user, but there was no direct user action triggering the change. Which of the following BEST describes the attack that the users of Kelly Innovations LLC's web application might be experiencing?

Cross-site request forgery OBJ: 2.4 - Cross-site request forgery (CSRF or XSRF) exploits applications that use cookies to authenticate users and track sessions. In this type of attack, a victim is tricked into performing unwanted actions on a web application in which they're authenticated, without the victim necessarily having to click a link. The attacker sends an HTTP request to the victim's browser, spoofing an action on the target site, such as changing account settings. Session hijacking involves taking over a user's session, typically by obtaining their session cookie. While it can result in unauthorized changes, it doesn't typically involve the victim being on an external site before the unexpected change. A session token prediction attack focuses on identifying potential weaknesses in the generation of session tokens. If an attacker can predict the session token, they can take over a session. This type of attack is more about guessing session values rather than inducing unintended changes on behalf of authenticated users. Attackers can sniff network traffic to obtain session cookies sent over an unsecured network. This would lead to session hijacking, but it does not directly cause unintended changes on a user's account as described in the scenario.

Kelly Innovations LLC has recently faced a series of phishing attacks where attackers are sending emails that appear to be from the company's domain. After an internal investigation, they discover that these emails are not originating from their servers. To cryptographically ensure that an email was actually sent from their domain, which of the following is the BEST mechanism they should implement?

DKIM Explanation: OBJ 4.5: By implementing DKIM (DomainKeys Identified Mail), Kelly Innovations LLC can sign emails originating from their domain cryptographically. This allows receivers to verify that an email claiming to be from the domain genuinely is. While SPF (Sender Policy Framework) is valuable in identifying which servers are authorized to send emails on behalf of a domain, it doesn't cryptographically sign the emails for this assurance. DMARC (Domain-based Message Authentication, Reporting, and Conformance) uses the results of DKIM and SPF checks, but on its own, it doesn't cryptographically sign emails. SMTP (Simple Mail Transfer Protocol) is the standard for sending emails, but it doesn't inherently provide a cryptographic signing mechanism for email authenticity.

Dion Training is implementing a secure communication tunnel to protect sensitive data during transmission over the internet. They are considering using Transport Layer Security (TLS) as a key component of this security measure. In this scenario, which of the following MOST describes the primary security principle Dion Training is applying by implementing TLS for the tunnel?

Data confidentiality and integrity Explanation: OBJ 3.2: By implementing TLS, the company is focusing on ensuring the confidentiality and integrity of the data transmitted through the secure tunnel. TLS encrypts the data, preventing unauthorized access and modification during transit. Multi-factor authentication enhances access security; it does not directly relate to the use of TLS for securing data in transit within a tunnel. Deploying network firewalls is essential for securing the network perimeter, but it is not specifically related to the application of TLS for data confidentiality and integrity in a tunnel. TLS does not provide true end-to-end encryption in all cases. TLS encrypts data between two endpoints in the transport layer, typically from the client to the server; further, end-to-end encryption is not a security principle that explicitly ensures data integrity.

Ella works as an analyst for a company located in the United States. The company does business in Canada and is planning on conducting a survey of Canadian consumers. As she investigates plans for the survey, she discovers there are restrictions on how the data the survey collects is stored and used. What is this an example of?

Data sovereignty OBJ 3.3:  Data Sovereignty is the concept that the laws of the country in which the data is collected will control the ways in which the data can be used, processed, and stored. Countries may set regulations about information that is collected within the country. They can also set regulations about how businesses store and use Personal Identifying Information about citizens of their country, even when the businesses are located in other countries. For example, if a business will be collecting information about citizens of the European Union (EU), the business must obey the EU's laws regarding the storage, use, and processing of that data. Data states are the different stages of the data lifecycle. They include data in use, data at rest, and data in transit. Geolocation restrictions prevent access if the access request comes from beyond the restricted zone. It does not concern where data is stored or processed. Data classifications deal with the sensitivity levels of data, such as confidential, secret, and restricted. It isn't concerned with countries' laws.

A manufacturing company produces IoT devices for home automation, including smart thermostats, security cameras, and smart locks. They want to enhance the security of their IoT devices to protect user privacy and prevent potential cyberattacks. Which security technique is NOT recommended for the manufacturer to apply to their IoT devices to enhance security?

Default credentials Explanation: OBJ 4.1: Using default credentials poses a major security risk for IoT devices, as attackers can easily find preconfigured usernames and passwords to gain unauthorized access. To protect against this, users should replace default credentials with strong, unique passwords during setup. Regular firmware updates are important for IoT security, but they address vulnerabilities rather than securing login credentials. Network segmentation isolates IoT devices, limiting potential breaches but not directly securing device access. Secure boot protects against unauthorized firmware, but it doesn't address the risks associated with unchanged default credentials.

What mitigation technique involves replacing factory-set authentications on devices or software to prevent unauthorized individuals from gaining access using widely known credentials?

Default password changes OBJ: 2.5 - Default password changes is the action of modifying factory-set credentials to deter unauthorized access using common or widely known passwords. Least privilege ensures that users have only the permissions necessary to perform their tasks. It is not related to altering pre-set passwords. Hardening techniques involves implementing measures to secure a system, which can include multiple methods, but doesn't inherently imply changing factory-set passwords. Configuration enforcement ensures that systems adhere to predetermined configurations, which isn't directly about altering default passwords.

Which of the following activities take place during the preparation phase in the incident response process?

Defining roles and responsibilities and conducting regular training and drills OBJ 4.8: The preparation phase in the incident response process involves activities such as developing an incident response plan, defining roles and responsibilities of the incident response team, and conducting regular training and drills. These preparations ensure that the organization is ready to respond effectively and efficiently to any potential security incidents. Identifying and classifying incidents based on severity and impact is typically part of the "Detection" phase of the incident response process. It involves recognizing that an incident has occurred and understanding its potential implications. Triage takes place after an incident occurs, not in the preparation phase. Analyzing the evidence and determining the root cause of the incident is part of the "Recovery and Lessons Learned" phase of the incident response process. It comes after the incident has been contained and the organization is working to recover from the incident.

You are a security analyst tasked with investigating a suspected security breach that occurred two days ago and involved a frequently used spreadsheet application. You decide to examine the application logs. Which of the following pieces of information would be MOST valuable in these logs to investigate the incident?

Details of failed logins, including timestamps, usernames, and originating IP addresses for the past week OBJ 4.9: These kinds of details are essential when investigating a security breach. Multiple failed login attempts, especially from the same IP address, can indicate a potential brute force or password-guessing attack. Username information can help pinpoint potential targets or malicious actors within the organization. The number of updates performed on the application in the last two months may be useful to ensure the application is up-to-date with bug fixes and security improvements, but it is not directly insightful for investigating a specific security breach. A specific patch applied or missed may be relevant, but the total number of updates is not particularly informative in this context. While the details of current users could indicate abnormal activity if it varies significantly from the norm, it isn't specific enough to provide valuable information for investigating a specific security incident, especially if the event occurred a few days ago. The total number of transactions does not provide concrete and specific information to investigate a suspected security breach. The information is too generic, as it does not give any details about potentially problematic transactions.

At Griffin Management, a cybersecurity team has been tasked with enhancing the organization's security awareness program. They are focusing on creating effective phishing campaigns to educate employees about recognizing and responding to phishing attempts. Which phase of their security awareness program is Griffin Management in?

Development OBJ: 5.6 - The development phase in the security awareness program at Dion Training involves the creation and planning of phishing campaigns and training materials. During this phase, the cybersecurity team designs realistic phishing emails, identifies potential training topics, and develops educational materials to raise awareness among employees about phishing risks. The term "initial" is not associated with a specific phase in the security awareness program. It does not describe any specific activities related to the creation and planning of phishing campaigns and training materials. The execution phase comes after the development phase, where the cybersecurity team implements the planned phishing campaigns and training materials. They send simulated phishing emails to employees and analyze their responses to identify areas for improvement in the security awareness program. The reporting and monitoring phase focuses on collecting data about employees' responses to phishing campaigns and their overall security awareness. It includes tracking metrics related to the number of reported suspicious emails and the success of the training materials.

Susan, the lead system administrator at Kelly Innovations LLC, is working on establishing a secure baseline for the company's servers. Part of her strategy is to ensure the servers aren't vulnerable to unnecessary exposure. Which action is MOST appropriate for her to take initially?

Disable TCP/UDP ports like 23 and 135 Explanation: OBJ 4.1: Limiting unnecessary ports reduces the exposure of servers to potential vulnerabilities associated with these services. Allowing unrestricted ICMP could expose the servers to potential threats like a ping flood. Using public community strings is insecure as it could allow unauthorized access or information disclosure. Using older SSL/TLS versions is not recommended due to known vulnerabilities.

Dion Training is considering a collaboration with a new IT service vendor. To ensure compliance and adherence to industry standards, Dion Training wishes to see verifiable evaluations of the vendor's security controls and practices. Which of the following would provide Dion Training with insights into the vendor's own internal evaluations of their security measures?

Evidence of internal audits OBJ: 5.3 - Evidence of Internal Audits showcases a vendor's proactive approach to maintaining and enhancing their security measures. Such audits are conducted internally and reflect a rigorous self-assessment of security practices, vulnerabilities, and control mechanisms. By reviewing these, a company can gain insights into the vendor's commitment to security, how they address potential weaknesses, and their overall cybersecurity health. This evidence can be instrumental in gauging the reliability and trustworthiness of the vendor's internal security framework. External penetration test reports show the results of external entities testing the vendor's defenses, not the vendor's own evaluations. While customer testimonials may provide feedback on the vendor's performance, they don't offer insights into the vendor's internal evaluations of their security measures. Regulatory compliance certificates indicate compliance with specific regulations but don't provide detailed insights into internal evaluations.

Which of the following statements is NOT true about the Exposure Factor?

Exposure factor is calculated by multiplying the asset's total value by the yearly rate of occurrence OBJ 4.3: The exposure factor is not calculated by multiplying the asset's total value by the yearly rate of occurrence. It is an estimate of the potential damage to an asset if a given threat exploits a vulnerability, and it is not directly connected to the asset's total value or frequency of threat events. An exposure factor of 100% suggests that a security incident or threat event would render the asset entirely unusable or worthless. The exposure factor is the proportion of an asset's value estimated to be affected or jeopardized during a particular security incident or threat event. The exposure factor is usually expressed as a percentage, representing the portion of the asset's value likely to be lost in an incident.

Which of the following technologies would be primarily utilized to detect unauthorized changes or potential breaches in computer hardware components, operating systems, and core services supporting applications?

HIDS Explanation: OBJ: 4.4 - Host-based intrusion detection system (HIDS) monitors and analyzes the internals of a computing system, looking for unauthorized activity or policy violations, making it apt for systems monitoring. Web application firewalls (WAF) are specifically designed to monitor HTTP traffic to and from web applications, making them ideal for application-based security, not necessarily system-level monitoring. Network intrusion detection system (NIDS) monitors and analyzes traffic on a network, focusing on the infrastructure, not the internals of a specific computing system. Security information and event management (SIEM) aggregates log data from various sources and uses this data for alerting, but it doesn't strictly focus on the internals of a computing system.

Which of the following BEST describes an approach where the foundational systems are set up and overseen using scripts and automated instruments instead of hands-on methods?

IaC OBJ: 3.1 - Infrastructure as code (IaC) allows infrastructure to be provisioned and managed using code, making it easier to manage, replicate, and scale. A serverless architecture reduces the complexity of deploying code into production, but it doesn't involve defining the underlying infrastructure as code. An air-gapped network is a security measure that involves physically isolating a computer or network and ensuring it doesn't connect to unsecured networks, especially the public internet. It doesn't deal with infrastructure management methodologies. Microservices architecture is about designing software applications as suites of independently deployable services, but it doesn't directly address infrastructure provisioning through code.

Which of the following BEST describes the data controller's role in relation to GDPR and data governance?

Identifies purposes and conditions of data processing and ensures compliance with legal standards. OBJ: 5.1 - The controller is responsible for defining how personal data is handled and ensuring it meets GDPR and other regulatory requirements. Holds ultimate decision-making authority and sets strategic data management policies is more indicative of the role of a governance board or an owner. Key management and secure generation are technical processes often overseen by IT security, not the controller. While the controller may be involved in incident management, it is not their primary role; instead, it typically pertains to security teams and the custodian.

Kelly Innovations LLC has identified a vulnerability in one of its systems. However, due to a critical ongoing project, the IT team decides it's not the right time to apply the recommended fix. Which of the following strategies is the MOST appropriate for Kelly Innovations LLC to implement?

Implement an vulnerability exception Explanation: OBJ 4.3: Exceptions in vulnerability response and remediation allow organizations to delay or avoid certain remediation actions due to specific reasons, often with an understanding of the associated risks. Penetration testing helps identify vulnerabilities but doesn't provide an alternative to the remediation of an already identified vulnerability. While important, training doesn't act as a substitute for addressing a known vulnerability. Migrating all data to another system is a drastic measure and doesn't specifically address the identified vulnerability in the original system.

You are a security consultant for an enterprise that handles sensitive customer data and financial transactions. The organization is concerned about the security of data in transit and wants to enhance the confidentiality and integrity of data during transmission to and from their customers. Which of the following approaches would be the MOST effective way to modify the enterprise capabilities to enhance data security during transmission of data from and to their customers?

Implementing SSL for encrypting data during transmission Explanation: OBJ 4.5: Implementing Secure Sockets Layer (SSL) is an effective approach to enhance data security during transmission. SSL (and its successor, Transport Layer Security, or TLS) provides end-to-end encryption, ensuring that data is encrypted before leaving the sender and decrypted upon arrival at the receiver. This prevents unauthorized parties from intercepting and reading sensitive data as it travels over the network. Mandating the use of SSL and TSL in all data transmissions is relatively easy for an organization. Quality of Service (QoS) is used to prioritize network traffic and allocate bandwidth based on different criteria, such as application type or data type. While QoS can improve network performance and ensure timely delivery of sensitive data, it does not address the primary concern of encrypting the data during transmission. Network hubs are outdated and have largely been replaced by switches in modern network infrastructures. Using a hub instead of a switch does not contribute to data security during transmission. In fact, hubs are less secure since they broadcast data to all connected devices, allowing potential eavesdropping by unauthorized parties. A Virtual Private Network (VPN) establishes a secure encrypted tunnel between two endpoints, ensuring that data passing through the tunnel remains confidential and protected from eavesdropping or tampering. organizations will have much more difficulty guaranteeing that customers will use VPNs when connecting to the organizations' server. They can, however, control the use of SSL and TLS, so VPNs are not the most effective way to improve security in this circumstance.

When a security specialist wishes to obtain a holistic view of the health and security status of foundational IT components, such as networks, cloud services, and servers, which type of monitoring should they prioritize?

Infrastructure monitoring OBJ: 4.4 - Infrastructure monitoring is focused on ensuring the foundational IT components, like servers, data centers, and networking equipment, are both functional and secure. Application monitoring pertains to overseeing individual software solutions and ensuring their security and performance. Systems monitoring evaluates the hardware, operating systems, and the essential services that applications run on but not broader foundational structures of IT. While log aggregation collects logs for analysis, it's a tool or method used in monitoring but does not specify which component (system, application, or infrastructure) is being observed.

David, a network administrator at Dion Training, notices unusual traffic patterns from a specific IP address. He documents the time, source IP, destination, and the nature of the traffic. He then forwards this information to the cybersecurity team for further analysis. Which of the following BEST describes the type of report David just created for the cybersecurity team?

Initial report Explanation: OBJ: 5.6 - The first report made to highlight an incident or suspicious activity. It typically includes basic information and is used to alert relevant teams or departments. A forensic report is a detailed analysis typically made after an investigation, containing evidence, methodologies, and conclusions about a security incident. Trend analysis looks for patterns over time to make predictions about the future. David has provided the initial report of an incident. A risk assessment is a report identifying potential vulnerabilities and threats, assessing the potential impact and likelihood of them occurring.

Dion Training's IT department realized that during a hardware failure incident, they struggled to find necessary information about the affected assets, such as warranty status, location, and responsible personnel. Which of the following processes would have streamlined the identification and management of these details?

Inventory management OBJ 4.2: Inventory management involves maintaining a thorough record of all assets, ensuring details like location, status, and associated personnel are readily available. Proper classification of assets involves categorizing assets, not maintaining detailed records of them. Sanitization of assets pertains to making data on an asset irretrievable or safe for transfer, not maintaining records of assets. While proper ownership identification relates to determining responsibility for an asset, it doesn't inherently involve maintaining detailed records of every asset's status and location.

Which mitigation technique ensures that different network components are separated to prevent potential breaches from spreading?

Isolation OBJ: 2.5 - Separating components or systems ensures that a breach in one part does not easily spread or affect other parts, maintaining the integrity of unaffected sections. Dividing a network into separate parts or segments, often to improve performance and security, but not specifically focusing on completely isolating components from each other. Encryption, the process of converting data into a code to prevent unauthorized access, doesn't inherently pertain to the separation of network components. Least Privilege, ensuring that users have only the permissions necessary to perform their tasks, without granting them unnecessary access rights, which isn't directly about separating systems

Which of the following backup methods involves real-time replication of every transaction made within a system?

Journaling OBJ 3.4: Journaling is a form of backup that involves recording all transactions in a system, which can be used to restore the system to a previous state. Differential backups capture all changes made since the last full backup. Incremental backups save only the changes made since the last backup, whether that was a full or another incremental backup. This method doesn't replicate transactions in real-time, but rather at scheduled intervals. Like incremental backups, differential backups are not done in real-time but at specific intervals, and they accumulate changes since the last full backup. A full backup involves making a complete copy of all data in the system. While comprehensive, it's typically scheduled to occur at regular intervals (e.g., nightly or weekly) and does not provide real-time replication of each transaction.

Toby, a Security Analyst, has suggested that his company begin using a device that will act as a gateway to the company's perimeter network. Once installed, it will be the only opening into the perimeter network, increasing security on the company's most critical data. What is Toby suggesting his company begin using?

Jump server OBJ 3.2: A jump server is a network appliance. It uses one channel to funnel traffic through the firewall. Jump servers increase security by limiting the routes traffic can take into a system. Secure Access Service Edge (SASE) is a cloud-native architecture that combines WAN capabilities and network security services into a single cloud service. It doesn't act as a gateway to a perimeter network. An intrusion prevention system (IPS) is for detecting and preventing potential threats; they are not designed to provide secure access to the perimeter network. Fail-close refers to what happens when a network encounters errors and exceptions. Fail-close means that when errors occur or exceptions are encountered, the system denies further access. This prevents any further network traffic until the error or exception are dealt with. While this provides greater security, it means that a website can't be accessed even if the error encountered is minor or doesn't pose a security threat

In a highly secure government facility, the access control mechanism is strictly based on predefined rules and regulations. Each individual is granted access based on their job function and security clearance level. The system enforces access control policies that cannot be altered or overridden by users or administrators. Which type of access control mechanism is being used in this scenario?

Mandatory OBJ 4.6: The access control mechanism used in the secure government facility is "Mandatory Access Control" (MAC). In MAC, access is strictly enforced based on predefined rules, with no user or administrator discretion to alter policies, ensuring high security. "Role-Based Access Control" (RBAC) grants access based on user roles, which is not the case here. "Discretionary Access Control" (DAC) allows resource owners to set access permissions, but this scenario enforces strict, non-discretionary policies. "Rule-Based Access Control" can allow exceptions, whereas MAC does not, making it the most precise description of the scenario's security approach.

Which of the following statements BEST explains the importance of considering single points of failure?

Mitigating single points of failure is crucial to maintain the availability and reliability of automated security operations Explanation: OBJ 4.7: Single points of failure can lead to system outages and compromise the availability and reliability of automated security operations. By identifying and mitigating these single points of failure, organizations can enhance the resilience of their automated systems, ensuring continuous and reliable security operations. Single points of failure are vulnerabilities that can disrupt the entire system if they fail, and their existence has nothing to do with whether human decision-making is replaced or not. The concept of single points of failure is about identifying critical components or processes that, if disrupted, can cause the entire system to fail. It is not about centralizing control for better orchestration. Single points of failure can exist in both traditional and automated security models. They are a concern in any system where the failure of a critical component could lead to widespread disruption or compromise.

With which of the following implementations could a company best enhance the resilience and recovery of its security architecture?

Multi-cloud systems OBJ 3.4: Multi-cloud systems increase platform diversity. Using different cloud providers and different platforms makes a system less vulnerable to platform-specific attacks. In the event that one platform is made less secure or less functional, a different platform can be used. High availability contributes to improving uptime and reducing system failures, but alone, it doesn't specifically enhance resilience and recovery in the same way multi-cloud systems do. While load balancing is important for distributing network traffic evenly across servers, it does not inherently enhance resilience and recovery in the same way as multi-cloud systems. An uninterruptable power supply (UPS) provides power backup during an outage, but it doesn't directly contribute to resilience and recovery like multi-cloud systems.

Which document provides comprehensive guidance for digital identity management, including recommendations for password and access control requirements?

NIST Special Publication 800-63 Explanation: OBJ: 5.1 - NIST SP 800-63 offers a detailed framework for digital identity management, encompassing password policies, authentication procedures, and access controls. ISO/IEC 27002 provides guidance on security controls for information security management systems but does not offer detailed digital identity management guidelines like NIST SP 800-63 does. Federal Information Processing Standards primarily set requirements for cryptography, not for comprehensive digital identity management. The Payment Card Industry Data Security Standard governs the security of cardholder data and is not directly related to digital identity guidelines.

Which of the following types of threat actors is MOST likely to be highly knowledgeable about hacking computers?

Nation-state Actors OBJ: 2.1 - A nation-state actor is a type of threat actor that is sponsored by a government or a military and has high resources and funding and high level of sophistication and capability. Nation-state actors can launch advanced and persistent attacks against other countries, organizations, or individuals because of their resources and capabilities. Unskilled Actors are a type of threat actor that has little or no technical skills. They tend to have low levels of resources and funding and low levels of sophistication and capability. Unskilled Actors can launch simple and opportunistic attacks using tools or scripts developed by others. Organized crime is a type of threat actor that is composed of groups or networks of criminals. They usually have moderate to high levels of resources and funding and moderate levels of sophistication and capability. Organized crime organizations can launch coordinated and profitable attacks against businesses, governments, or individuals. Shadow IT is a type of threat actor that is the result of unauthorized or unapproved IT systems or devices within an organization. Shadow IT can introduce security risks and compliance issues for an organization, but the damage is usually unintentional. It results from employees or insiders who bring in equipment or alter systems for their own convenience and without getting permission.

When combining cloud providers and on-premises servers, which of the following considerations is essential for seamless operation between these environments?

Network connectivity and integration Explanation: OBJ: 3.1 - When integrating cloud provider services with on-premises servers, it becomes imperative to ensure effective communication between the two, known as network connectivity and integration. Consider it akin to a collaborative project; if team members in different locations cannot interact efficiently, complications arise. Similarly, for systems and servers, robust communication is essential for sharing data and resources, ensuring seamless operation. Resource scaling is important for managing different workloads but isn't the key to integrating different computing environments seamlessly. Multi-factor authentication is more about securing access and doesn't directly tackle the integration of diverse environments. Data synchronization and consistency is crucial for maintaining uniform data across environments but doesn't directly address the operational integration between cloud providers and on-premises servers.

What kind of data typically requires processing by machines and specialized software?

Non-human readable OBJ 3.3: Non-human-readable data typically refers to information that requires a machine or specialized software to interpret. Segmentation is a method of dividing a network into manageable parts. It's not a type of data. Being critical, data might have significant importance to the running of a business or organization, but it does not determine whether it's readable by humans. Geographic restrictions apply limitations based on data's location. This describes a security method, not the nature of data readability.

Kelly Innovations LLC is keen on adopting technology to ensure the integrity and transparency of its financial transactions. They are looking for a solution where each transaction record is secured using cryptography, and the hash value of one record is used in the hash calculation of the next. Which of the following technologies would be MOST suitable for this requirement?

OBJ: 1.4 - Blockchain employs an expanding list of transactional records, each referred to as a block, and each block validates the hash of the previous one. This process ensures that historical transactions remain untampered with. While PKI is a framework of encryption and cybersecurity that protects communications between the server (your website) and the client (the users), it doesn't work with transactional records like blockchain does. Digital watermarking embeds information in digital content but doesn't deal with securing transaction records in the manner described. Symmetric encryption uses a single key to both encrypt and decrypt information, but it does not inherently create a linked chain of records as described.

Dion Training is researching cryptographic solutions that distribute transactional data across a peer-to-peer network, ensuring that no single entity controls the entire transaction history. What solution emphasizes this peer-to-peer distribution?

Open public ledger OBJ: 1.4 - An open public ledger, especially when associated with blockchain, is decentralized and distributed across a peer-to-peer network, ensuring no single entity has control over the entire transactional history. Asymmetric encryption involves using a pair of keys - a public key and a private key - for encryption and decryption, respectively. Hashing converts input data of any size into a fixed-length value, but doesn't specify how data is distributed. While digital certificates authenticate the identity of the certificate holder, they don't ensure a distributed transactional record.

Which of the following statements BEST describes the Data Plane within the Zero Trust framework?

Oversees data conveyance post-access approval. Explanation: OBJ: 1.2 - The Data Plane within the Zero Trust framework oversees data conveyance post-access approval, a role that is distinct from the Control Plane, which is in charge of making access decisions. The Control Plane is responsible for referencing policies to decide on access, underscoring the clear division of responsibilities in the Zero Trust model. The Control Plane focuses on dynamic security decisions. The Control Plane enforces policy and decides on access.

Within Dion Training's security infrastructure, which of the following components is MOST responsible for ensuring that data flow adheres to the organization's security policies before allowing or denying access?

Policy Enforcement Point OBJ: 1.2 - The policy enforcement point is responsible for enforcing the access control decisions made by the policy engine. An intrusion detection system (IDS) primarily focuses on detecting suspicious activities or potential breaches within a network by monitoring network traffic. While it plays a vital role in a security infrastructure, it does not enforce policies directly like a Policy Enforcement Point would. Instead, its function is to alert administrators about potential threats. The policy administrator is responsible for defining and managing the access control policies used by the policy engine. The policy engine is responsible for making access control decisions based on pre-defined policies and contextual information about the subject/system.

Which of the following is a part of Zero-Trust Architecture that manages user access based on their roles and responsibilities on the Control Plane?

Policy-driven access control OBJ: 1.2 - Policy-driven access control is a part of Zero Trust Architecture in which user access and permissions are set based on organizational policies, roles, or requirements, ensuring that users have the right level of access that aligns with their job functions or responsibilities. Role-based access control permissions are assigned based on predefined roles in an organization, and individuals are then assigned to those roles. In least privilege, users are given the minimum levels of access necessary to perform their job functions. Implicit deny means that if a condition is not explicitly met, access is denied by default. Least privilege, Role-based access control permissions, and implicit deny can be part of any security architecture and are not specific to Zero Trust Architecture. 

What kind of data is usually shielded from public view to protect the security of the individuals concerned?

Private Explanation: OBJ 3.3: Private data refers to data that is intended for selected individuals or entities only. It typically includes personal data that should be shielded from public view for security or privacy reasons. The term "critical" describes data that is important for the functioning of an organization or enterprise. The critical nature doesn't inherently imply the data is shielded from public view. Regulated data is subject to specific regulations due to its nature. While it might be private, the term "regulated" encompasses a broader range of data types. Human-readable refers to data that can be directly understood by a human without the need for interpretation by a machine. It doesn't describe whether the data is shielded from public view.

What part of a BPA for mission essential functions provides a detailed, step-by-step description of the procedural tasks performed?

Process flow OBJ: 5.3 - In a BPA (Business Process Analysis), process flow details each operational step, describing how the mission essential function is systematically executed. Outputs relate to the final products or data produced by the function, which is the result of the process flow but not the description of the steps themselves. Hardware identifies the physical infrastructure used in the process, not the step-by-step procedural narrative. While inputs are crucial for starting the process, they do not constitute the sequential operational guide that is the process flow

In disaster recovery planning, which of the following terms is used to describe the maximum targeted period in which data might be lost from an IT service due to a major incident?

RPO OBJ: 5.2 - RPO (Recovery point objective) defines the maximum acceptable amount of data loss measured in time, determining how old backup data can be to resume normal operations after a failure. RTO (Recovery time objective) indicates the target amount of time to restore IT and business activities post-disaster, focusing on downtime rather than data loss. MTBF (Mean time between failures) measures the average operational period between failures, relating to system reliability, not data recovery metrics. SLA (Service level agreement) details the agreed-upon level of service between a provider and client, without specific focus on data loss time frames.

Which of the following cryptographic methods involves two distinct keys - one private and one public - ensuring that a message encrypted with one key can only be decrypted by its counterpart?

RSA OBJ: 2.5 - RSA (Rivest-Shamir-Adleman) is an asymmetric encryption algorithm that uses two keys. A message that's encrypted with the public key can only be decrypted with the private key, and vice versa. AES (Advanced Encryption Standard) is a symmetric encryption method where the same key is used for both encryption and decryption, not involving distinct public and private keys. 3DES (Triple Data Encryption Standard) is an evolved form of the older Data Encryption Standard (DES) which uses symmetric key algorithms for the encryption of electronic data, not involving public and private keys. HMAC (Hash-Based Message Authentication Code) is a specific construction for creating a message authentication code (MAC) involving a cryptographic hash function, but not a form of asymmetric encryption

Dion Training Solutions is looking to implement a security measure where individual entries within their customer database are encrypted separately. By doing so, they aim to ensure that even if the overall database is compromised, specific customer information remains safe. Which of the following BEST describes this security approach?

Record-level encryption Explanation: OBJ: 1.4 - Record-level encryption protects data by encrypting individual entries or records within a database. By using unique encryption keys for each record, it ensures that sensitive information within each entry remains safeguarded, even if the broader database is compromised. Database segmentation involves dividing a database into separate segments based on criteria such as user roles or data sensitivity. While it enhances security, it doesn't encrypt individual records. Volume encryption refers to encrypting an entire storage volume or disk. It doesn't specifically target individual records within a database. Tokenization replaces sensitive data with non-sensitive substitutes or tokens. While it protects data, it's not focused on encrypting individual records in a database.

To stay updated with changing threats and vulnerabilities, which of the following assessment methods BEST emphasizes periodic evaluations?

Recurring risk assessment OBJ: 5.2 - Recurring risk assessment involves conducting risk assessments at regular intervals to adapt to changing threats and vulnerabilities over time. Continuous risk assessment involves ongoing and real-time monitoring of risks as part of the organization's daily operations. It aims to quickly identify and address emerging risks. While it is beneficial, it may not specifically involve periodic assessments at regular intervals. Ad hoc risk assessment refers to conducting risk assessments on an as-needed basis or when specific events trigger the need for assessment. It is not specifically focused on keeping up with changing threats and vulnerabilities. One-time risk assessment is conducted only once and does not involve periodic evaluations of risks. It may be suitable for specific projects or situations but is not focused on continuous monitoring.

Dion Training Solutions, a software-as-a-service company, began facing latency issues and, in some cases, outages. The IT team found that a massive amount of traffic was flooding in, but the peculiarity was that the incoming data appeared to be responses to requests that the company never made. These responses came from a wide range of IP addresses scattered globally. Which of the following types of malicious activities is BEST described in this scenario?

Reflected DDoS attack Explanation: OBJ: 2.4 - In a reflected DDoS attack, the attacker sends requests to multiple third-party servers using a forged source IP address, which is the victim's IP. These servers then respond to the victim, thinking the requests originated there. The broad range of responding IP addresses and the nature of incoming traffic as "responses" indicates a reflected attack. While an amplified DDoS attack also involves the use of forged IP addresses, it typically relies on a smaller set of servers to send an amplified amount of traffic to the victim. A SQL injection attack attempts to execute malicious SQL codes in a web application's database, but it doesn't cause a widespread influx of response traffic. A phishing campaign is a method of trying to gather personal information using deceptive emails and websites. It doesn't result in an influx of unsolicited traffic responses.

Dion Training is adopting a new remote working policy and is evaluating different connectivity methods to ensure secure access to company resources. The company is aware that some security measures may not be fully effective depending on the connectivity options available. Which of the following demonstrates a potential limitation of security practices based on the chosen connectivity method?

Relying solely on virtual private networks (VPNs) OBJ 3.2: VPNs enhance security; relying solely on them can limit connectivity options and might not address all security concerns, especially in diverse and dynamic remote working environments. Some remote connectivity options might not fully support robust end-to-end encryption, potentially leaving data transmissions vulnerable. Utilizing network-based intrusion detection systems is essential for monitoring network traffic, but their effectiveness might be limited based on the connectivity options available and the location of the traffic flow, especially for remote workers. MFA is a universal security principle and does not typically face limitations based on connectivity options; it adds an extra layer of security regardless of the connection method used.

Which of the following statements is NOT true about the importance of resource provisioning in relation to secure operations?

Resource provisioning ensures employees have accounts when they are hired and those accounts are deprovisioned when they leave Explanation: OBJ 4.7: The statement refers to user provisioning, not resource provisioning. Resource provisioning involves both hardware and software resources, ensuring that all necessary tools and infrastructure are available for users and processes. Resource provisioning helps to balance provided resources against actual needs, mitigating the issues of over-provisioning, such as waste of resources, and under-provisioning, which can cause service disruption. Resource provisioning allows for timely allocation and de-allocation of resources based on the varying needs of an organization, ensuring efficiency and reducing waste. By managing access to resources and assigning appropriate permissions, resource provisioning helps mitigate security vulnerabilities that could arise as a result of unrestricted or wrong access to resources.

Which of the following is a type of vulnerability involves accessing or modifying data or communications from other virtual machines by exploiting the fact that they share one CPU?

Resource reuse Explanation: OBJ: 2.3 - Resource reuse is a type of vulnerability that involves accessing or modifying data or communications from other virtual machines by exploiting the shared CPU between them. It can allow an attacker to execute malicious code or commands on other virtual machines. Time-of-check (TOC) is a type of race condition that occurs when a process checks the state or value of a resource before using it, but another process changes it in between. It can lead to incorrect or unauthorized actions based on outdated information. CPU starvation is a type of performance issue that occurs when a process or thread does not receive enough CPU time to perform its tasks. It can affect the responsiveness and functionality of the process or thread. Race condition is a situation where the outcome of a process depends on the timing or order of execution of other processes. It can cause errors, inconsistencies, or security breaches, depending on the nature and importance of the resource.

Within the IT department, Sarah has been designated to oversee the security measures for the new data management platform. She is accountable for the regular review of security protocols and responding to any breaches or vulnerabilities that may arise. Sarah's role would be BEST described by which of the following terms?

Risk owner Explanation: OBJ: 5.2 - Sarah exemplifies a risk owner, as she is tasked with the ongoing management and mitigation of risks pertaining to the data management platform. A risk register would be the tool Sarah uses to track and assess the risks, not her role. A risk indicator would be a metric Sarah might monitor to assess risk levels, not her position. A risk assessor might be a role that Sarah takes on when evaluating risks, but it does not encapsulate her comprehensive management responsibilities.

Which of the following methodologies divides the creation and maintenance of software into discrete phases, emphasizing the integration of security throughout its stages?

SDLC OBJ: 5.1 - The SDLC (Software Development Life Cycle) methodically divides the software creation and maintenance process into specific phases. By doing so, it ensures that security considerations are integrated and prioritized from the start of software development through its maintenance. While RAD (Rapid Application Development) emphasizes fast prototyping and speedy software delivery, it does not inherently focus on segmenting software creation into discrete security-focused phases as the SDLC does. CI/CD (Continuous Integration and Continuous Delivery) focuses on the frequent delivery of applications to customers by introducing automation into the stages of app development. Although it can incorporate security elements, its primary goal isn't to segment software creation and maintenance like the SDLC. While Scrum is an Agile framework used in software development that emphasizes collaboration and adaptability, it doesn't divide software creation and maintenance into discrete security-focused phases in the same manner as the SDLC.

Which agreement type outlines the specific services to be provided by the vendor, along with associated timelines and costs?

SOW OBJ: 5.3 - A statement of work specifies the detailed scope of work, tasks, deliverables, timelines, and costs for a specific project or engagement with the vendor. An MSA is a comprehensive contract that sets forth the general terms and conditions that will govern multiple future engagements between the parties. It may reference specific work orders or statements of work for individual projects. A Service-level agreement (SLA) is a specific type of agreement that defines the level of service expected from the vendor, including performance metrics, response times, and other service-related terms. A Memorandum of agreement (MOA) typically outlines a broader understanding or collaboration between parties, but it may not necessarily include specific services, timelines, and costs as in this context.

Which legislation mandates the implementation of risk assessments, internal controls, and audit procedures for ensuring transparency and accountability in financial reporting in the US?

SOX Explanation: OBJ: 5.1 - The Sarbanes-Oxley Act is a US legislation that mandates various practices to protect investors by improving the accuracy and reliability of corporate financial statements and disclosures. FISMA (Federal Information Security Management Act) aims to govern the security of data processed by federal government agencies, but it doesn't specifically focus on financial transparency and accountability. GDPR (General Data Protection Regulation) is a European Union regulation that pertains to the protection of personal data and its processing, ensuring that entities collect and use such data fairly and transparently. While this act focuses on the security of federal computer systems processing confidential information, it does not deal with financial reporting transparency.

Manar is reviewing logs and finds that many logon attempts were made using common words followed by numbers or symbols. Each password is attempted on the 20 computers in the accounting department. He suspects that these passwords were generated by an automated tool. Which of the following password attacks is BEST illustrated by this finding?

Spraying OBJ: 2.4 - A spraying attack is a type of password attack that involves trying common passwords against multiple accounts, hoping to find a match. A downgrade attack is a type of cryptographic attack that involves forcing a communication channel to use a weaker encryption algorithm or protocol, making it easier to decrypt or intercept. It doesn't entail multiple password attempts. A birthday attack is a type of cryptographic attack that involves finding two different inputs that produce the same output for a hashing algorithm. A brute force attack is a type of password attack that involves trying all possible combinations of characters until the correct password is found. The logs would show many log on attempts, but the passwords used are more likely to be sequential than to use common words and the attacker is more likely to focus on one computer rather than trying each password on all of the computers in the department

Which of the following mitigation techniques can help limit the impact of a network breach by helping to prevent an attacker who has compromised part of the network from gaining access to the rest of the network

Segmentation OBJ: 2.5 - Segmentation is a technique that can help limit the impact of a network breach by preventing attackers from using a compromised systems to gain access to the rest of the network. Segmentation involves dividing a network into smaller segments, each with its own security policies and controls, to prevent attackers from accessing other parts of the network. Encryption is a technique that can help protect data from unauthorized access or modification by transforming it into an unreadable format. Encryption involves using mathematical algorithms and secret keys to encrypt and decrypt data, but it does not isolate compromised systems from the rest of the network. Monitoring is a mitigation technique that can help detect and respond to potential threats or incidents on a network. By collecting and analyzing data about the activities and events on the network, security analysts can develop theories about the vulnerabilities and incidents that occur on the system. Monitoring involves using tools and techniques such as logs, alerts, and audits. It does not isolate compromised systems from the rest of the network, rather, it allows for security officials to see what is occurring throughout the network. Isolation is a mitigation technique that can help prevent malware from spreading from one system or process to another by limiting their interaction and communication. Isolation involves sandboxing or simply disconnecting an infected system. This prevents potentially malicious programs or scripts from accessing the rest of the system or network. It is done once malware is detected. Segmentation is done before malware is detected or exists on the system.

You are a security consultant for an enterprise that handles sensitive customer data and financial transactions. The organization is concerned about the security of data in transit and wants to enhance the confidentiality and integrity of data during transmission to and from their customers. Which of the following approaches would be the MOST effective way to modify the enterprise capabilities to enhance data security during transmission of data from and to their customers? Implementing SSL for encrypting data during transmission(Correct) Explanation: OBJ 4.5: Implementing Secure Sockets Layer (SSL) is an effective approach to enhance data security during transmission. SSL (and its successor, Transport Layer Security, or TLS) provides end-to-end encryption, ensuring that data is encrypted before leaving the sender and decrypted upon arrival at the receiver. This prevents unauthorized parties from intercepting and rea

TLS

Which of the following statements BEST explains the difference between a tabletop exercise and a simulation in the incident response process?

Tabletop exercises are theoretical exercises conducted through discussions and planning, while simulations are interactive drills that involve practicing incident response procedures in a controlled environment OBJ 4.8: Tabletop exercises are theoretical exercises conducted through discussions and planning, while simulations are interactive drills that involve practicing incident response procedures in a controlled environment. Tabletop exercises typically include discussions and role-playing to test the incident response plans and team coordination, while simulations involve hands-on practice to enhance the team's response capabilities in a simulated incident scenario. Simulations are not formal meetings for discussion and planning; they are interactive drills that involve practicing incident response procedures. Tabletop exercises are theoretical exercises conducted through discussions and planning, while simulations are interactive drills that involve practicing incident response procedures in a controlled environment. Tabletop exercises are not hands-on drills, and simulations are not physical simulations used to physically practice incident response procedures.

Samantha found her personal information on a marketing website that she had not used in years. She requested the website to remove her details, citing the "right to be forgotten" as defined in the GDPR. Under which circumstances might her request for data erasure be denied by the data controller?

The data is necessary for the website to exercise the right of freedom of expression. Explanation: OBJ: 5.4 - The data is necessary for the website to exercise the right of freedom of expression could potentially be a legitimate ground for the website to refuse Samantha's request if they can demonstrate that the data in question is crucial for such purposes. The personal data is no longer relevant to the original purposes for processing actually supports Samantha's request for erasure, as the GDPR stipulates that data should be deleted when it's no longer necessary for the purposes it was collected for. Previous consent does not invalidate a request for erasure under the right to be forgotten, as individuals are allowed to withdraw their consent at any time under the GDPR. If Samantha's personal data had been anonymized, it would no longer be considered personal data under the GDPR, and the right to be forgotten would not apply

For Dion Training's regulatory compliance regarding data privacy and security, which of the following methods of external evaluation is utilized when an external cybersecurity firm evaluates a company's adherence to relevant standards?

Third-party audit Explanation: OBJ: 5.5 - An independent third-party audit involves an external evaluation by an independent entity to assess an organization's compliance with regulatory requirements. In this case, the cybersecurity firm is conducting an independent audit to assess DionTraining's compliance. Attestation refers to the process of affirming the accuracy and completeness of compliance reports. While important in the context of compliance, this is not the type of external evaluation conducted by an external third-party cybersecurity firm. A regulatory examination involves an evaluation carried out by a government agency to ensure that an organization is meeting specific regulatory requirements. In this scenario, the evaluation is being conducted by an external third-party firm, not a government agency. While assessments can be part of the evaluation process, the term assessment is too general to specify the type of external evaluation being conducted by the cybersecurity firm in this scenario

At Kelly Innovations LLC, Susan is reviewing credential management practices for cloud services. Which approach should she discourage due to its inherent security risks?

Using the CSP root user for daily logon activity OBJ 4.1: Using the root user for daily tasks is a high-risk practice because it gives complete control over all resources in the cloud account, making it a lucrative target for attackers. Using multi-factor authentication provides an additional layer of security by ensuring that users provide two or more verification factors to gain access. Unique secret keys for programmatic access are crucial for ensuring that interactions with the cloud are secure and authenticated. Delaying the transfer of a generated secret key might expose the key to risks, but immediate transfer ensures that the key is securely stored and ready for use.

Jason from Dion Training has decided to use a password manager to improve his online security. After setting it up, he finds that it not only helps manage his passwords across different sites but also provides additional security measures. Which of the following are the benefits of using a password manager? (Select TWO.)

Verified access Stronger passwords Explanation: The password manager generates robust, random passwords for each account, enhancing security by reducing the risk of breaches. OBJ: 5.6 - It verifies website certificates, ensuring Jason's login credentials are only used on legitimate sites, protecting against phishing. Password managers do not inherently back up data. Local storage is an option for users with specific needs, yet not directly benefiting Jason in the scenario described. While convenient, single-sign-on is a separate functionality and not a direct benefit of using a password manager in this context.

An organization has recently decided to utilize multiple operating systems and applications on a single physical server to optimize resource usage and reduce costs. Which of the following BEST represents this approach?

Virtualization OBJ: 3.1 - Virtualization allows multiple operating systems and applications to run on a single physical server, sharing the machine's resources. Software-defined networking (SDN) manages network control through software but doesn't focus on running multiple operating systems on a single server. Microservices breaks applications into small services that run independently, not about consolidating resources on one server. Serverless computing allows developers to build applications without managing server infrastructure, unrelated to using multiple operating systems on one server.

What type of encryption affects a defined, formatted block of storage, which could span across multiple partitions?

Volume encryption OBJ: 1.4 - Volume encryption affects a defined, formatted block of storage, which could span across multiple partitions. Full-disk encryption encrypts the entire disk, not just a defined block of storage. Partition encryption encrypts a specific partition on a storage device, not a defined block of storage that could span across multiple partitions. Database encryption encrypts data at the database level, not a defined block of storage that could span across multiple partitions.

Kelly Innovations LLC is seeking a solution to encrypt a virtual disk drive that contains archived financial data without encrypting the entire physical disk. Which encryption level would be BEST for this requirement?

Volume encryption OBJ: 1.4 - Volume encryption, like VeraCrypt, allows for the encryption of a specific volume or virtual drive. This means Kelly Innovations can encrypt just the virtual disk drive without affecting the entire physical disk. Full-disk encryption encrypts the entire physical drive, which might not be required if only a specific virtual volume needs protection. While database encryption encrypts entire databases, it doesn't target specific volumes or virtual drives. File-level encryption encrypts specific files or folders but doesn't cater to entire volumes or virtual drives.