Test 4

Legal hold

Upon starting their workday, a cybersecurity manager receives an email from local law enforcement, showing that a subpoena has been issued to the company requesting all records to be retained for an upcoming court date. What is being placed on the data itself?

Prioritization

A company has added several new assets and software to its system and is meeting to review its risk matrix. It wants to ensure risk management efforts focus on vulnerabilities most likely impacting its operations significantly. What is this commonly referred to as?

To assess wireless signal coverage, identify dead zones, and optimize access point placement for the upgrade

A company plans to upgrade its wireless network infrastructure to improve connectivity and security. The IT team wants to ensure that the new network design provides adequate coverage, minimizes interference, and meets security standards. To achieve this, they conduct a site survey and create a heat map of the area. What is the primary purpose of conducting a site survey and creating a heat map for the company's wireless network upgrade?

Change the default credentials of the switch

A company recently faced a security breach through its network switch. They learned that the attacker was able to access the switch using the default credentials. Which of the following steps should the company take to improve the security of the switch and avoid such breaches in the future?

Reputation-based filtering evaluates sites by past behavior; content categorization sorts by themes like adult content.

A company's network has experienced increased infiltration due to employees accessing dangerous websites from different content categories. The company has decided to enhance its security by implementing reputation-based filtering and content categorization in its web filtering system. Which of the following BEST compares these features?

Content categorization

A cyber group is reviewing its web filtering capabilities after a recent breach. Which centralized web-filtering technique groups websites into categories such as social networking, gambling, and webmail?

Operating system-specific security logs

A cyber technician pulls logs on the new Apple iMacs to ensure the company's employees adhere to the policy. What log can provide the technician with the computer's attempted logins or denial when an employee attempts to access a file?

Investigate log files generated by the OS components of client and server host computers, logs generated by applications, services running on hosts, and endpoint logs.

A digital forensics analyst at a healthcare company is investigating a case involving a potential internal data breach. The breach has led to unauthorized access and potential exposure of sensitive patient information. The company uses a Security Information and Event Management (SIEM) tool that aggregates and correlates data from multiple sources. The analyst's task is to identify potential insider threats that could be responsible for the breach. Given the nature of the breach, which combination of data sources should the analyst primarily consider for their investigation?

Carry out a sanitization process that includes multiple passes of overwriting and degaussing.

A financial institution is preparing to decommission a number of its old servers. The servers contain sensitive customer data that needs proper handling to prevent unauthorized access or data breaches. Which strategy should the institution primarily employ to ensure the data on these servers stays irretrievable?

Degaussing the servers, rendering the data irretrievable, followed by reselling or recycling the servers after certification

A financial services company is decommissioning many servers that contain highly sensitive financial information. The company's data protection policy stipulates the need to use the most secure data destruction methods and comply with strict regulatory requirements. The company also has a significant environmental sustainability commitment and seeks to minimize waste wherever possible. What should the company's primary course of action be during this process?

Securely store and manage privileged account credentials

A global financial institution with a vast network of offices and data centers has faced increasing cybersecurity threats. The organization's IT team realizes that privileged accounts are a prime target for hackers, and manually managing them poses a significant risk. The company implemented a Privileged Access Management (PAM) solution to strengthen its security posture. As part of the implementation, the IT team focuses on password vaulting, a critical component of PAM. As part of the advanced PAM implementation, which of the following options depicts the primary purpose of password vaulting?

Root cause analysis

A hacker successfully bypasses several protections and exfiltrates sensitive data. The company immediately begins recovery and takes steps to discover the initial problem that allowed the infiltration. This type of investigation is commonly referred to as what?

Obtain a certificate of destruction or sanitization from a third-party provider.

A healthcare organization is preparing to decommission several servers containing sensitive patient information. The organization wants to ensure that it securely disposes of the data on these servers and properly documents this process. What should the organization primarily focus on to ensure secure data disposal and regulation compliance?

Secure destruction of all data stored on the server

A healthcare organization is retiring an old database server that housed sensitive patient information. It aims to ensure that this information is completely irretrievable. What key process should the organization prioritize before disposing of this server?

Automatically update the vulnerability scanner's database via a vulnerability feed Integrate the scanner with the Security Content Automation Protocol (SCAP) Adjust the environmental variables within the vulnerability management system

A new system administrator has been spending the morning manually entering new vulnerability signatures based on Common Vulnerabilities and Exposures (CVE) data and using the Common Vulnerability Scoring System (CVSS) for remediation guidance. To enhance efficiency and ensure the vulnerability scanner remains up-to-date with minimal manual effort, what actions should the administrator have taken instead? (Select the three best options.)

Network segmentation Compensating controls

A proprietary software remains mission-critical ten years after its in-house creation. The software requires an exception to the rules as it cannot use the latest in-use operating system (OS) version. How can the IT department protect this mission-critical software and reduce its exposure factor? (Select the two best options.)

Configuring the devices to push log changes to the SIEM server using a listener/collector approach

A security administrator reviews the configuration of a newly implemented Security Information and Event Management (SIEM) system. The SIEM system collects and correlates data from various sources, such as network sensors, application logs, and host logs. The administrator notices that some network devices, like switches and routers, do not directly support the installed agents for data collection. What approach should the administrator consider to ensure the inclusion of these devices' logs in the SIEM system?

Adjust scanner config based on log review Use different scanners

A system administrator frequently encounters false positive vulnerability alerts, which are inaccurately indicating security weaknesses that do not exist. These false alarms are becoming a significant issue, leading to wasted resources and potential neglect of real vulnerabilities. To enhance the accuracy of vulnerability detection and reduce the occurrence of these false positives, what are the most effective actions the administrator can take? (Select the two best options.)

Something you have

After a breach, an organization implements new multifactor authentication (MFA) protocols. What MFA philosophy incorporates using a smart card or key fob to support authentication?

DLP

After a recent breach, an organization mandates increased monitoring of corporate email accounts. What can the organization use that mediates the copying of tagged data to restrict it to authorized media and services and monitors statistics for policy violations?

SNMP trap

After experiencing a catastrophic server failure in the headquarters building, what can the company use to monitor notable events such as port failure, chassis overheating, power failure, or excessive CPU utilization?

Can lead to delays in remediation Increase window of opportunity for attackers

An IT admin has been testing a newly released software patch and discovered an exploitable vulnerability. The manager directs the IT admin to immediately report to Common Vulnerability Enumeration (CVE), utilizing the common vulnerability scoring system (CVSS) to base the score for the vulnerability. What could happen if there are delays in completing the report? (Select the two best options.)

Extensible configuration checklist description format

An IT auditor is responsible for ensuring compliance with best practice frameworks. The auditor conducts a compliance scan, using the security content automation protocol (SCAP), to measure system and configuration settings against a best practice framework. Which XML schema should the IT auditor use to develop and audit best practice configuration checklists and rules?

Configuring the SIEM system to alert when multiple login failures for the same account occur within a specified time period

An information security manager is fine-tuning a Security Information and Event Management (SIEM) system in a company that has recently reported a series of unauthorized account access attempts. The manager wants to ensure prompt detection of similar incidents for immediate investigation. Which approach should the manager consider to optimize the system's alerting capability?

Using MDM solutions to centrally control employees' mobile devices

An organization has implemented a Bring Your Own Device (BYOD) policy, allowing employees to use their personal mobile devices for work-related tasks. Aware of the varying legal ramifications and privacy concerns across different jurisdictions related to controlling personal devices, the organization seeks to enhance the security of these devices within the constraints of these legal and privacy issues. Considering this context, which of the following measures would be the MOST effective way to navigate these complexities while striving to secure employees' mobile devices under the BYOD policy?

Centralized web filtering

An organization needs a solution for controlling and monitoring all inbound and outbound web content, analyzing web requests, blocking access based on various criteria, and offering detailed logging and reporting of web activity. Which of the following solutions is the MOST suitable in this situation?

Deploying agent-based web filtering

An organization needs to implement web filtering to bolster its security. The goal is to ensure consistent policy enforcement for both in-office and remote workers. Which of the following web filtering methods BEST meets this requirement?

Uniform Resource Locator scanning

Considering factors such as accuracy in identifying threats, the breadth of protection against a range of malicious activities, and the capacity to adapt to new and evolving online threats, which web filtering feature is typically viewed as the most effective for organizations aiming to reduce malware infection risks and maintain adherence to their Internet usage policies?

Packet captures

During routine monitoring, an incident response analyst at a prominent corporation notices suspicious network activity on a server. The analyst can access various network data sources. Which data sources would provide the MOST relevant information for the analyst to investigate and identify the potential threat actor and tools used in this activity?

Unauthorized access and data interception

In a large corporate office, employees use various devices such as laptops, smartphones, and tablets that support both Bluetooth and Wi-Fi connectivity. The office implements strict security measures to protect sensitive data and ensure compliance with industry regulations. However, the IT team noticed some security concerns. What security risks is the IT team primarily concerned about regarding the use of Bluetooth and Wi-Fi in the corporate office?

To define specific access rules based on employees' roles and responsibilities To restrict access to critical systems during non-working hours to enhance security

In a medium-sized company, the IT department manages access to various systems and resources for employees. The team wants to enhance the security posture by implementing better access controls. They use rule-based access controls and time-of-day restrictions to achieve this goal. What are the IT department's objectives in implementing rule-based access controls and time-of-day restrictions? (Select the two best options.)

JIT permissions reduce unauthorized access risk by granting temporary access only when necessary.

In a medium-sized company, the IT security team is enhancing security measures by implementing Privileged Access Management (PAM) tools. The team is considering the adoption of just-in-time (JIT) permissions as part of their strategy. How do JIT permissions support the objectives of PAM tools?

Network vulnerability scanner

The Chief Information Officer (CIO) wants to expand the company's ability to accurately identify network host weaknesses across the company. What can be used to report the total number of unmitigated vulnerabilities for each host, and when consolidated, demonstrate results on the status of hosts across the entire network?

Passwordless authentication

The IT department at a medium-sized company is exploring ways to enhance its authentication methods to improve security. They want to choose an authentication approach that balances security and user convenience. Which authentication method eliminates the need for passwords and provides a secure way of verifying a user's identity based on the device's hardware or software characteristics?

Password expiration

The IT department at a small company is revamping its password policies to bolster security. The company wants to ensure employees follow best practices for creating and managing passwords. The department aims to promote a secure environment by implementing password expiration policies. Which method for password management is BEST to promote a secure environment by requiring users to change their passwords after a certain period?

To enhance wireless network security with the latest encryption standards

The IT team at a medium-sized company is upgrading its wireless network security to protect sensitive data and ensure secure communication between devices. They have decided to implement Wi-Fi Protected Access 3 (WPA3). What is the primary purpose of implementing WPA3 on the company's wireless network?

PEAP

The IT team of a large multinational corporation is working to improve the security of their enterprise remote access services that connect via wireless networks. They plan to implement Remote Authentication Dial-In User Service (RADIUS) to enhance the enterprise authentication process for remote users. RADIUS provides a centralized authentication and authorization mechanism for users connecting from various locations. The IT team evaluated different authentication protocols alongside RADIUS to ensure a strong and secure remote access solution. Which choice of authentication protocols would be MOST appropriate to complement RADIUS for the company's remote access solution?

Network security baselines

The IT team of a medium-sized business is planning to enhance network security. They want to enforce minimum security controls and configurations across all network devices, including firewalls, routers, and switches. What should they establish to achieve this objective?

Generate tickets for security incidents automatically. Escalation of security incidents to the appropriate teams without manual intervention.

The board of directors for a tech support company presents to a new client the benefits of automation and orchestration enhancements for security operations. Focusing on the immediate operational improvements automation brings to security incident handling, which of the following benefits are most directly associated with automation in security operations? (Select the two best options.)

Enabling media access control address filtering to restrict access to authorized devices Implementing 802.1X authentication for user devices

The network administrator of a small business needs to enhance the security of the business's wireless network. The primary goal is to implement Wi-Fi Protected Access 3 (WPA3) as the main security measure but recognize the need to adjust other wireless security settings to effectively complement WPA3 and create a robust network for all employees to access critical company resources securely. What considerations should the network administrator consider when implementing WPA3 and adjusting wireless security settings? (Select the two best options.)

Refine the log aggregation process in the SIEM system

The network security manager of a large corporation is planning to improve the efficiency of the company's Security Information and Event Management (SIEM) system. The SIEM system receives data from various sources, including Windows and Linux hosts, switches, routers, and firewalls. To make the data from different sources more consistent and searchable, which functionality should the manager focus on enhancing in the SIEM system?

Containment

What action of the incident response process limits the scope and magnitude of the incident?

Application logs

What type of log file is application-managed rather than through an operating system and may use Event Viewer or syslog to write event data in a standard format?

Poorly planned strategies can make systems difficult to maintain.

When a technician is implementing automation within their team's workspace, what are potential challenges they should be aware of regarding the complexity of automation and orchestration?