Certmaster #2

A small start-up has recently launched its first web application. To ensure high availability and to handle potential traffic spikes, the start-up decides to implement a load balancer in its network infrastructure. The network technician must secure the load balancer against basic threats. What is the fundamental step the network technician should take to secure the load balancer?

- Configure the load balancer to operate in fail-closed mode. - Implement an intrusion detection system (IDS) alongside the load balancer. - Disable unnecessary services on the load balancer. - Enable all available features on the load balancer. Disabling unnecessary services on the load balancer is a fundamental step in reducing the attack surface and enhancing security.

A tech consultant enhances automation and scripting with continuous integration and testing capabilities. What are some characteristics associated with this capability? (Select the three best options.)

- Different software systems are enabled to communicate and interact, creating seamless workflows. - Developers regularly merge their changes back to the main code branch. - The system automatically evaluates merges to help detect and fix integration issues - The technician makes improvements to code quality and accelerates development cycles. The principles of continuous integration and testing hinge heavily on automation. In this approach, developers regularly merge their changes back to the main code branch. Additionally, continuous integration and testing principles automatically evaluate each merge to help detect and fix integration problems. Finally, continuous integration and testing principles improve code quality, accelerate development cycles, and reduce the risk of integration issues.

The IT security team at a corporation has concerns about potential security risks on the cloud platform. They noticed that some employees have been able to submit malformed data, leading to inconsistencies and potential data breaches. The team wants to enhance the platform's security without hindering productivity. In this case, what security measure should the IT security team implement to improve the security of the cloud platform at the corporation?

- Enable additional firewall rules to restrict employee access to the platform - Increase the number of login attempts before locking user accounts - Upgrade the cloud infrastructure to improve data processing speed - Implement robust input validation mechanisms to validate all incoming data By implementing robust input validation, the system ensures the processing of only valid and properly formatted data, thus reducing the risk of data inconsistencies and potential security breaches.

In a medium-sized tech company, employees have different roles and responsibilities requiring access to specific resources and data. The IT team is implementing security measures to control access effectively and reduce the risk of unauthorized activities. What security measure could the IT team implement in the tech company to control access effectively and minimize the risk of unauthorized activities?

- Implement intrusion detection systems to monitor and identify potential security breaches - Implement a firewall to protect the company's network from external threats - Enforce mandatory password changes every month to enhance password security - The principle of least privilege, granting each employee the minimum necessary access based on job roles The IT team is implementing the principle of least privilege, granting each employee the minimum necessary access based on job roles to control access effectively and minimize the risk of unauthorized activities.

A cyber consultant is weighing the various challenges to automation as an organization has tasked the consultant with implementing it in an upcoming project. What is a challenge associated with technical debt?

- It can impact multiple areas of the organization, causing widespread problems. - It can quickly erode if the organization does not continue needed patches and updates. - Poorly planned strategies can make systems difficult to maintain. THE CORRECT ANSWER - It can result in poorly documented code, leading to instability and increased costs. When organizations make haste decisions in technology, technical debt can result in poorly documented code or maintenance. Over time, technical debt can lead to system instability and increased costs.

A company tasks a data team with decommissioning an organizational data lake. What are the tenets associated with the data retention concept? (Select the best three options.)

- It ensures that organizations maintain compliance with relevant regulations and minimize the risk of breaches. - It refers to policies and practices governing the storage and preservation of information within the organization for a set period. - It refers to documenting and verifying the data sanitization or destruction process. - It is often based on legal, regulatory, or operational requirements. Data retention refers to the policies and practices governing the storage and preservation of information within an organization for a specified period. In addition, data retention policies are often based on legal, regulatory, or operational requirements and dictate when and how data should be securely deleted or destroyed. Proper data retention practices ensure that organizations maintain compliance with relevant regulations, optimize storage resources, and minimize the risk of data breaches or unauthorized access to sensitive information during the disposal and decommissioning process.

A software technician presents a forum on sideloading and jailbreaking to a group of new mobile users. Which of the following points will the technician include in their discussion of the use of jailbreaking? (Select the best two options.)

- It is a method used to gain elevated privileges and access to system files on mobile devices. - It refers to the installation of applications from sources other than the official application store of the platform. - It does not undergo the same scrutiny and vetting process as those on official application stores. - It allows users to install unauthorized applications and customize device appearance and behavior. Jailbreaking is a method used to gain elevated privileges and access to system files on mobile devices. Jailbreaking allows users to install unauthorized apps, customize the device's appearance and behavior, access system files, and bypass restrictions implemented by Apple.

A cyber team develops standard operating procedures (SOPs) to encompass how to manage privacy data and how long to keep it. The team includes procedures for data inventories. Why should the team incorporate data inventory procedures in the SOP?

- It is an established timeline for how long organizations should keep documentation. - It requires individuals or entities to announce their understanding of compliance obligations formally. - It is the comprehensive assessment and evaluation of an organization's data protection practices. - It provides a comprehensive overview of the types of handled data. Data inventories provide a comprehensive overview of the types of handled data, the purposes for processing, the legal basis, and the recipients of the data to ensure transparency and accountability.

When cleaning out the server closet, a company discovers a box of old disk drives. When considering which disposal method to use, what are the characteristics associated with the destruction concept? (Select the best two options.)

- Its methods include shredding, crushing, or incinerating storage devices. - Its process uses specialized techniques, such as data wiping, degaussing, or encryption. - It involves the physical or electronic elimination of information stored on media, rendering it inaccessible and irrecoverable. - It refers to removing sensitive information from storage media to prevent unauthorized access or data breaches. Destruction involves the physical or electronic elimination of information stored in media, rendering it inaccessible and irrecoverable. Destruction methods include shredding, crushing, or incinerating storage devices, while electronic destruction involves overwriting data multiple times or using degaussing techniques to eliminate magnetic fields on storage media.

A healthcare institution is building a new patient information system. It wants to ensure the system can handle the projected volume of patient records and requests, especially during peak hours, without compromising the accuracy of information and system performance. Which of the following is the MOST effective way to confirm the system's ability to manage the expected demand?

- Launching the system and addressing issues as they arise - Outsourcing the system to a third party for validation - Running a simulation of the system - Performing manual testing on the system Running a simulation of the system allows the healthcare institution to recreate the conditions under which the system must operate in the real world.

A multinational corporation operates in several countries with diverse regulations regarding data privacy and security. What is the primary responsibility of the security team concerning the multitude of governmental and regulatory entities influencing the corporation's operations?

- Lobbying governmental entities for favorable policies - Ensuring compliance with all applicable regulations and laws - Avoiding any interaction with regulatory entities to maintain operational secrets - Shaping internal policies independently from external regulations The security team's obligation is to ensure that the corporation complies with all relevant laws and regulations. Compliance is a key part of cybersecurity, particularly for multinational corporations, which can be subject to a multitude of regulations depending on their operational jurisdictions.

A hospital has implemented a security device that processes sensitive patient information. The hospital wants to ensure that in the event of a failure, the confidentiality and integrity of the patient data take priority over the system's availability. What should the hospital set as the failure mode configuration for this security device?

- The security device should be configured to fail-open. - The security device should be configured to actively monitor the network. - The security device should be configured to fail-closed. - The security device should be configured to passively monitor the network. A fail-closed configuration prioritizes confidentiality and integrity over availability. In the event of a failure, a fail-closed device would block access or enter the most secure state available, protecting patient data.

A small online printing company needs to secure its internal web server with Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption. The IT administrator explores the certificate options and their implications. In the context of SSL/TLS certificate generation, which statement correctly explains the roles of Certificate Signing Request, self-signed, and third-party certificates?

- The server generates a self-signed certificate to create a Certificate Signing Request, while a Certificate Authority issues third-party certificates after validating the server's identity. - The server generates a Certificate Signing Request to create a self-signed certificate, while a Certificate Authority issues third-party certificates after validating the server's identity. - The server generates a self-signed certificate and submits it to a third-party Certificate Authority for validation but generates a Certificate Signing Request without involving a third party. - The server generates a Certificate Signing Request (CSR) and submits it to a third-party Certificate Authority (CA) for validation but generates self-signed certificates without involving a third party. In the Secure Sockets Layer/Transport Layer Security certificate generation process, the server generates a Certificate Signing Request and submits it to a third-party Certificate Authority for validation. Unlike certificates issued by a trusted third-party CA, self-signed certificates do not undergo validation by a trusted third party.

At a technology company, the IT department is finalizing an agreement with a cloud service provider to host its sensitive customer data. The IT team has actively ensured the inclusion of a Service Level Agreement (SLA) in the contract. What is the primary purpose of actively including an SLA in the contract with the cloud service provider?

- To protect the confidentiality of sensitive information shared between parties - To establish clear guidelines on what information is considered confidential - To define the level of service the cloud service provider must deliver - To outline the intentions and expectations of parties involved in a potential partnership The cloud service provider actively includes an SLA to define the level of service it must deliver, covering performance metrics, response times, and availability.

An IT team manages a cloud-based infrastructure to support its services and applications. The IT team utilizes specialized tools to monitor various aspects of the cloud environment, including resource utilization, network traffic, and user access logs. Proactive monitoring enables them to promptly identify and mitigate potential security incidents and unauthorized activities. What is the primary purpose of monitoring the cloud infrastructure in the IT team's company?

- To streamline the deployment process of new applications in the cloud - To ensure the confidentiality, integrity, and availability of sensitive data and critical services - To automate routine tasks and improve overall operational efficiency - To reduce cloud subscription costs by eliminating unnecessary resources Monitoring the cloud infrastructure ensures the security and availability of sensitive data and critical services, aligning with the company's security policy. It enables proactive identification and mitigation of potential security incidents and unauthorized activities.

A tech company wants to increase its security measures by isolating its various development, testing, and production environments. The company wants to ensure that these environments are reproducible and that it is managing these dependencies consistently. Which approach would be MOST beneficial in meeting these requirements?

- Virtualization - Industrial control systems (ICS)/supervisory control and data acquisition (SCADA) - Software-defined networking (SDN) THE CORRECT ANSWER - Containerization Containerization allows the isolation of environments while also providing reproducibility and efficient dependency management. Each container includes the application and all its dependencies, ensuring that it will run consistently across different environments.

During a cybersecurity attack, how would a threat actor use image files as a lure to target a vulnerability in a browser or document editing software?

-The threat actor embeds malicious code in word processing and PDF format files to exploit vulnerabilities in document viewer or editor software. - The threat actor conceals exploit code within an image file that targets a vulnerability in the browser or document editing software. - They may use a program file with concealed exploit code, like Trojan Horse malware, to create backdoor access. - The threat actor conceals malware on a USB thumb drive or memory card and tricks employees into connecting the media to a PC, laptop, or smartphone. The image file simply serves as a lure. This lure entices the target to open it, thus delivering a malicious payload hook when executed and further triggering the exploit.

An organization identifies a potential risk within a risk report that could result in a minor loss. After conducting a thorough analysis, the organization decides the cost of mitigation outweighs the potential loss. What is the company's likely next step?

Accept the risk Report the risk Mitigate the risk Transfer the risk Accepting the risk happens when an organization determines that the cost of mitigating a risk outweighs the potential loss. The organization acknowledges the potential for loss but does not take immediate action to prevent it.

A cyber intern implements new endpoint configurations after advisement of a data exfiltration that includes top-secret information. What configuration consideration can ensure that systems and devices within an organization's network adhere to mandatory security configurations?

Access control lists Monitoring Configuration enforcement Access control Configuration enforcement describes methods to ensure that systems and devices within an organization's network adhere to mandatory security configurations.

A company wants to improve the physical security at its headquarters. They need a solution that can help regulate access to the building and deter potential intruders during nighttime. Which physical security measure should they prioritize?

Access control vestibule Enhanced lighting Closed-circuit television (CCTV) Perimeter fencing An access control vestibule is a two-door system where the first door must close before the second opens, effectively controlling and managing access to the building.

A company identifies a potential security risk associated with the implementation of a new system. However, after assessing the risk, the company decides not to implement any measures to address this specific risk. Which of the following risk management strategies is the company employing?

Avoidance The avoid strategy means that the organization will not proceed with actions likely to trigger the risk.

An organization is experiencing an attack where the attackers break into the premises or cabinets by forcing a gateway or locks. What BEST describes the observed attack?

Brute Force Downgrade Birthday Collision A brute force physical attack can include smashing a hardware device to perform physical denial of service (DoS) or breaking into the premises or cabinets by forcing a gateway or locks.

Two organizations plan on forming a partnership to provide systems security services. Onboarding requirements for both sides include a mutual understanding of quality management processes. Which approach BEST meets this requirement?

Business Partnership Agreement (BPA) BPAs are commonly used models in IT, such as among partner agreements that large IT companies set up with resellers and solution providers.

An IT company purchases a commercial-off-the-shelf (COTS) product that allows four developers to access and run the product against developed code for vulnerability and threat assessments. An IT audit indicates that five developers have accessed the product. Which of the following BEST describes what the company has violated?

Compliance/Licensing Vendor diversity Regulatory framework Terms of agreement Software compliance and licensing is a legally binding agreement that requires the user to follow the software developers' conditions of usage. The company may lose usage rights or face fines for violating license agreements.

A financial organization is currently handling a document that contains sensitive customer information, including financial details and social security numbers. According to data classifications, how should the financial organization categorize this data?

Confidential data Proprietary data Restricted data Trade secret data The information is highly sensitive, and only approved persons within the organization and possibly trusted third parties under the non-disclosure agreement (NDA) should view it. Since this data includes sensitive customer information, including financial details and social security numbers, the organization should classify it as confidential.

A cyber group is reviewing its web filtering capabilities after a recent breach. Which centralized web-filtering technique groups websites into categories such as social networking, gambling, and webmail?

Content categorization Block rules Reputation-based filtering Uniform resource locators (URL) scanning Content categorization classifies websites into categories such as social networking, gambling, adult content, webmail, and many others.

A hacker targets CloudSecure's network devices, including routers and switches. The hacker knows that companies often neglect changing vendor default login credentials for these devices. Using this knowledge, the hacker gains unauthorized access to the network by simply entering the default vendor username and password. Which of the following describes the type of attack in this scenario?

Default credentials Phishing Vishing Man-in-the-middle This scenario illustrates a default credentials attack, where the threat actor exploits the fact that the company did not change the default login credentials for its network devices, allowing unauthorized access.

The IT department at a large corporation notices multiple unsuccessful login attempts on many different accounts belonging to one user in a short time frame, resulting in account lockout. The attempts involved using various combinations of the user's personally identifiable information as possible passwords. What type of password attack is MOST likely occurring in this situation?

Dictionary attack Rainbow table attack Brute-force attack Credential stuffing In a credential-stuffing attack, attackers employ usernames and passwords leaked from other breaches and try them on different websites, banking on the fact that many users reuse their passwords across multiple sites.

Which policy outlines the processes to follow after a security breach or cyberattack occurs and includes procedures for identifying, investigating, controlling, and mitigating the impact of incidents?

Disaster recovery policy Acceptable use policy (AUP) Change management policy THE CORRECT ANSWER Incident response policy The incident response policy is vital in managing cybersecurity incidents effectively. It outlines the steps to follow after a security breach or cyberattack, providing guidelines for identifying, investigating, controlling, and mitigating the impact of such incidents.

A cybersecurity manager is preparing to begin working when a police officer comes through the door waving a subpoena. The officer states that the company is under investigation for suspicious activities relating to recent overseas sales, and they are taking the servers with them. What gives police officers the right to take the servers?

Due process Digital forensics Data acquisition Legal hold Legal hold refers to the maintaining of information potentially relevant to a case. Legal holds include taking papers, hard drives, CDs, workstations, and servers.

A system administrator prepared to implement full-disk encryption (FDE) on all company laptops to enhance data security. Each laptop contained various levels of sensitive information, and the administrator granted access based on employee roles. What is the MOST crucial factor the system administrator considered while implementing full-disk encryption to ensure data security and to maintain employee accessibility?

Encrypt only the most sensitive data records. Use a common encryption key for all laptops. Assign encryption keys based on employee roles. Use the highest possible encryption level. Assigning encryption keys based on employee roles ensures that employees can only access data relevant to their job, enhancing data security while maintaining accessibility.

A cyber technician pulls logs on the new Apple iMacs to ensure the company's employees adhere to the policy. What log can provide the technician with the computer's attempted logins or denial when an employee attempts to access a file?

Endpoint logs Firewall logs THE CORRECT ANSWER Operating system-specific security logs Application logs Operating system (OS)-specific security logs record audit events on the operating system itself, such as events on attempted logins and access to file denials.

Employees in a large financial institution regularly access their work accounts and systems to process transactions and manage client data. To enhance security, the IT department has implemented a password policy that requires employees to change their passwords every ninety days. However, some employees need help remembering new passwords, leading to frequent password reset requests. This process increases the workload for IT support and may lead to security risks if employees choose weak passwords to simplify the process. The IT department is exploring alternative password expiration concepts to balance security and user convenience. What concept should the IT department consider to address the challenges related to password expiration and enhance security while reducing password reset requests?

Enforcing complex password requirements Implementing biometric authentication THE CORRECT ANSWER Password rotation with a longer expiration period Enabling Single Sign-On (SSO) for user convenience Password rotation with a more extended expiration period is the correct concept. It reduces the frequency of password changes, lowering the chances of users forgetting their passwords and needing frequent resets.

A threat actor targets a company by exploiting a vulnerability in a third-party vendor's software that the company uses for its financial transactions. The threat actor gains unauthorized access to the vendor's system and manipulates the software to steal funds from the company's accounts. What type of threat actor is the vendor in this scenario?

External Threat Phishing attacker Vishing attacker Insider threat In this scenario, the vendor is an external threat. The threat actor exploits the vulnerability in the vendor's software, which is external to the company's organization, to gain unauthorized access and conduct the attack.

A data center must enhance its security measures to prevent unauthorized access to its facility. The center are considering different methods to achieve this goal. What should the data center implement first to ensure a strong physical barrier against intrusions?

Fencing Security guard patrols Video surveillance Biometric authentication Fencing serves as a first line of defense in physical security, creating a physical barrier that prevents or discourages unauthorized access to the facility. It not only restricts intrusions but also acts as a psychological deterrent.

To address the escalating operational costs and complexities stemming from multiple standalone applications, an organization plans to restructure its software deployment process. They want to minimize overhead, increase flexibility in development environments, and enhance the efficient use of system resources. What approach would be the MOST effective?

Hybrid cloud infrastructure Containerization Virtualization Microservices Containerization encapsulates applications and their dependencies, which provides the flexibility to run them across different environments. It also allows for better resource utilization, as each container only holds the application and its related binaries/libraries, effectively reducing overhead.

An organization is experiencing recurring unauthorized data transfer incidents linked to the misuse of peripheral storage devices. To contain this specific threat, what would be the MOST effective measure?

Increase password complexity Focus on employee training Deploy an intrusion detection system (IDS) Implement removable media controls Implementing controls for peripheral storage devices enforces permissions and technical restrictions. The organization can prevent unauthorized data transfers through such devices, providing the most effective management.

An attacker is preparing a phishing email mimicking the contents of a legitimate company email. The email will include a fake invoice to request payment for medical services and an email address that looks convincing. What can the attacker modify on the email to make it more believable?

Increase the invoice number by 1 Change the employee's identity Ask for personal information THE CORRECT ANSWER Prepend "RE:" to the subject line Prepending means adding text that looks legitimately from a valid email system. For example, an attacker may add "RE:" to the subject line to make it look like a reply to a previous email thread and, thus, appear more legitimate.

A small engineering company wants to run a business analysis. It hired a consulting firm to better understand the underlying components, including the result of quantitative or qualitative risk analysis. Which of the following values is MOST beneficial to the company in this situation?

Inherent risk Risk factors Annualized Loss Expentancy (ALE) Single Loss Expentency (SLE) The result of quantitative or qualitative analysis is a measure of inherent risk. Inherent risk is the level of risk before implementing mitigation.

In a software development company, the IT team is conducting a security review of its web applications. During the review, the team discovers a potential vulnerability known as SQLi in one of their applications. The team realizes the severity of this issue, as it could lead to unauthorized access to customer data and compromise the application's integrity. Which security concept BEST addresses the SQLi vulnerability in the web application?

Input validation Network monitoring Firewall configuration Password encryption By implementing proper input validation techniques, the application can actively prevent the execution of malicious structured query language injection (SQLi) statements, effectively mitigating the risk of SQLi.

A large e-commerce development team created a new web application to manage customer transactions. The application handles sensitive user data, including personal information and payment details. The security team had concerns about potential security risks and took action to implement specific security measures to protect the application. Which security measures should the team implement to safeguard the web application and its user data? (Select the two best options.)

Input validation Secure cookies Code signing Secure socket layer (SSL) certificates Secure cookies play a crucial role in safeguarding sensitive user data during web transactions. When transmitted over encrypted connections, the "Secure" attribute of cookies reduces the risk of unauthorized access and data exposure, ensuring the protection of user privacy and maintaining the web application's integrity. Secure Socket Layer (SSL) certificates are pivotal in securing web applications and user data through data encryption, integrity, and authentication.

An organization's IT security team has discovered that a recent software update, unknowingly deployed, contained a zero-day exploit. This vulnerability has now made the company's systems susceptible to potential unauthorized access. Which of the following immediate actions should the security team execute to manage this zero-day exploit situation?

Isolate the impacted systems and apply a patch or remediation strategy. Isolating the impacted systems and applying a patch or remediation strategy helps contain the threat and initiates remediation processes.

In a large healthcare organization, multiple departments handle sensitive patient data. Each department requires access to different applications and systems to carry out its tasks efficiently. However, granting broad access rights through long-lived authentication tokens poses security risks. What solution should the IT department implement while adhering to the principle of least privilege and securing sensitive patient data?

Kerberos JSON Web Token (JWT) Multi-Factor Authentication (MFA) Open Authorization (OAuth) OAuth (Open Authorization) is a widely used authentication framework that enables secure authorization between different services and aligns with the principle of least privilege.

Which of the following involves threat actors attaching unauthorized devices to a physical network port, allowing them to eavesdrop on network traffic, intercept and modify data, run spoofed services and applications, or execute exploit code against other hosts?

Lack of confidentiality Lack of availability Lack of authentication Lack of integrity Commonly called on-path attacks, lack of integrity compromises the reliability of the data transmission.

A company's marketing team creates an infographic for an upcoming campaign, presenting detailed statistics and forecasts to better inform their audience about the product's performance. In terms of data types, how would the marketing team classify this infographic?

Legal and financial data Trade secret data Regulated data Human-readable data The infographic's design is to be easily understood and interpreted by humans without the need for additional processing or translation, making it human-readable data.

What password best practice prevents the selection of a password previously used by the user?

Length Complexity Age Reuse Password reuse prevents the selection of a password that the computer user has previously used.

CryptoCloud is expanding its business and is considering outsourcing its IT resources to a managed services provider (MSP) to improve efficiency and reliability. Which of the following statements about MSPs and their role in the supply chain are correct? (Select the two best options.)

Managed services provider (MSP) may introduce a complex security challenge as monitoring their employees can be difficult. Managed services provider (MSP) primarily focus on providing support for IT resources such as networks, security, or web infrastructure. Outsourcing to an MSP can be complex from a security point of view due to the difficulty in monitoring the actions of the MSP's employees, who are potential sources of insider threats. MSPs manage, monitor, and maintain the organization's IT infrastructure, applications, and services. Their services can include network management, security, data backup, cloud computing, hardware and software maintenance, help desk support, and other IT-related tasks.

A company experiences a significant system failure that leads to service interruption. The IT department works to restore the system and documents the duration it takes to fix the problem. This recorded duration is primarily indicative of which of the following options?

Mean time between failures (MTBF) Risk tolerance Risk assessment Mean time to repair (MTTR) Mean time to repair (MTTR) measures the average time required to repair a failed component or system.

A network administrator suspects that an attacker is intercepting and potentially modifying communications between their organization's server and the client systems. The attacker is not detected by either party during this process. Which type of attack is the network administrator likely observing in this instance?

On-path attack Replay attack Domain name system (DNS) attack Distributed denial-of-service (DDoS) attack An on-path attack involves an attacker intercepting and potentially modifying communications between two parties who believe they're communicating directly with each other.

An IT auditor is responsible for ensuring compliance with best practice frameworks. The auditor conducts a compliance scan, using the security content automation protocol (SCAP), to measure system and configuration settings against a best practice framework. Which XML Schema should the IT auditor use to develop and audit best practice configuration checklists and rules?

Open Vulnerability and Assessment Language (OVAL) Security content automation protocol (SCAP) Extensible configuration checklist description format (XCCDF) Simple Network Management Protocol (SNMP) The extensible configuration checklist description format (XCCDF) provides the XML Schema for developing and auditing best practice configuration checklists and rules.

Upon receiving the findings from a recent inspection, a senior technician must identify the various parties needed to implement change management solutions. Based on those impacted by the change, who is a stakeholder within the change management spectrum? (Select the three best options.)

Partners Vendors Change Advisory Board (CAB)

A threat actor poses as a remote sales representative and contacts the help desk of CloudSecure. The threat actor claims to need assistance setting up remote access. Through a series of convincing phone calls, the threat actor obtains the name and address of the remote access server and a login credential. What type of attack does this scenario illustrate?

Phishing Social engineering Man-in-the-middle Denial-of-service The stated scenario illustrates a social engineering attack where the threat actor deceives the help desk into providing sensitive information through several persuasive phone calls.

A system admin is discussing the importance of prompt attention to vulnerabilities with a new IT hire. One of the MOST important things to capture about a new vulnerability is its classification. What characteristics are directly related to this? (Select the three best options.)

Potential impact Nature of vulnerability Type of system affected Scope A vulnerability that only affects servers and a vulnerability that only affects mobile devices require different classifications. Incorrectly classifying a vulnerability can delay the resolution. The nature of the vulnerability identifies if it allows unauthorized access, installs malicious software, or another set of actions. It is part of a vulnerability classification. The potential impact on an organization is essential when classifying a vulnerability. The vulnerabilities with the possible detrimental effect require classification with the highest importance. It is part of a vulnerability classification.

The newly appointed IT manager of a growing e-commerce company has initiated a security review to ensure compliance with industry standards. This process includes defining clear roles and responsibilities for data and system owners to optimize the organization's security posture. According to the IT manager's new plan, which of the following would be the primary responsibility of a system owner in the context of cybersecurity?

Prosecuting individuals who perpetrate cyberattacks Conducting network penetration tests Implementing a disaster recovery plan THE CORRECT ANSWER Establishing the security controls for systems System owners are primarily responsible for defining, implementing, and maintaining appropriate security controls for the systems under their authority.

A network administrator configures the security for data transmitted by employees working remotely. The data includes personal employee information such as addresses and phone numbers. Which category does this scenario BEST fit?

Public Regulated Private Confidential Private data is any information that is personal in nature and not meant for the general public to access. Private data includes personal employee information such as addresses or phone numbers.

During a security audit in a financial institution, the auditor identifies a subset of data that, if breached, could severely impact the organization's operation. The financial institution has this data currently stored on nonoperational servers. How would the institution classify this data?

Regulated Public Confidential Critical Critical data is a type of classification signifying data that is essential to an enterprise's operations. In this case, a data breach could result in severe operational or financial impacts on the institution.

In a multinational corporation, employees across various departments regularly access many cloud-based applications to fulfill their tasks efficiently. The company's security team is grappling with managing user credentials securely and efficiently across these diverse platforms. They are actively looking to improve user authentication and streamline access to these applications while ensuring robust security measures are in place. In this scenario, what technology should the company implement to enable Single Sign-On (SSO) capabilities and ensure secure authentication across its diverse cloud-based applications?

Remote Authentication Dial-in User Service (RADIUS) Virtual Private Network (VPN) Lightweight Directory Access Protocol (LDAP) Security Assertion Markup Language (SAML) Security assertion markup language (SAML) enables secure SSO across various applications by exchanging authentication and authorization data between parties through an extensible markup language (XML)-based protocol.

In a fast-paced technology company, employees often need access to various proprietary software applications and sensitive databases to perform their roles efficiently. The IT team is considering implementing a new authentication solution to ensure secure access and data protection. They want a system that allows employees to log in using their company credentials and provides seamless access to all authorized resources. Additionally, the solution should integrate with their existing Lightweight Directory Access Protocol (LDAP) infrastructure, enabling easy user management and reducing administrative overhead. Which technology would BEST meet the company's requirements for a new authentication solution that allows seamless access to authorized resources, integrates with LDAP for user management, and ensures data protection?

Remote Authentication Dial-in User Service (RADIUS) Virtual Private Network (VPN) THE CORRECT ANSWER Security assertion markup language (SAML) Network Address Translation (NAT) Security assertion markup language (SAML) is an extensible markup language (XML)-based protocol that enables secure Single Sign-On (SSO) across applications. It suits to provide seamless access and data protection.

A group of hackers has been monitoring recent orders from a company involving new laptops and Universal Serial Bus (USB) thumb drives. The group infiltrated the shipping company and added malicious USB thumb drives to the order. The target company received the order without any concerns. What vectors made this attack successful? (Select the two best options.)

Removable data Supply chain Infiltrating the shipping company takes advantage of the supply chain. Malicious actors can replace parts of the laptop or hack the operating systems before it gets to the company. Adding malicious USB thumb drives to the order takes advantage of removable media to trick the user into plugging them into a computer where the hacker can carry out further attacks.

A network security administrator for a mid-sized enterprise must enhance the company's security posture. The existing infrastructure includes a network with several connected devices, a firewall, and a virtual private network (VPN) for remote access. People have raised concerns about the potential attack surface, especially from inside threats. The enterprise recently shifted toward a hybrid working model, amplifying the need for secure remote access. The task requires implementing a solution that secures the enterprise infrastructure and ensures secure communication and access. Which approach should the network security administrator take to meet the company's needs?

Replace the current firewall with a Next Generation Firewall (NGFW). The most effective approach is replacing the current firewall with a Next Generation Firewall (NGFW). NGFWs can inspect packet payloads, make decisions based on data content, and even incorporate VPN capabilities for secure remote access.

A third-party escalation team participates in a newly contracted project with numerous cyber teams. Being unfamiliar with cyberspace, the escalation team struggles to understand concepts and naming conventions. What is automation and orchestration also known as?

Resource provisioning Guardrail User provisioning Workforce multiplier Automation and orchestration, also known as a workforce multiplier, enhances efficiency by quickly and consistently performing on enabling repetitive tasks, reduces the burden on security teams, and minimizes the likelihood of human error.

A company is looking to expand its business into new markets despite associated risks. It prepares to accept higher risks for potentially higher returns. Which of the following approaches BEST meets the company's risk management approach parameters?

Risk appetite Risk mitigation Risk threshold Risk tolerance Risk appetite refers to the level of risk an organization is willing to accept in pursuit of its objectives. The company has an "appetite" for a certain amount of risk.

In a company, different departments actively access various cloud-based applications and services to perform their tasks efficiently. The company's security team has concerns about the growing complexity and risks of managing user credentials across multiple platforms. To address this concern proactively, the team implements a modern authentication solution that actively provides Single Sign-On (SSO) capabilities, ensuring enhanced user convenience and security. In this scenario, which technology should the organization proactively employ for federation and enabling SSO capabilities effectively across the diverse range of cloud-based applications?

Role-Based Access Control (RBAC) Open Authorization (OAuth) Public Key Infrastructure (PKI) Lightweight Directory Access Protocol (LDAP) In this scenario, the organization uses Open Authorization (OAuth) for federation, allowing secure authorization and delegation of user access to third-party applications without exposing user credentials.

A data warehouse custodian enhances the organization's private key security after an attacker uses an employee's password to steal data. What can the custodian use as a hash method to reduce this risk from occurring in the future?

Salting Salting is a cryptography hash method where the user hashes data used for something like a password, and it cannot decrypt back to the plaintext password that generated it.

A tech company is in the process of decommissioning a fleet of old servers. It wants to ensure that sensitive data stored on these servers is fully eliminated and are not accesible in the event of unauthorized attempts. What primary process should the company implement before disposing or repurposing these servers?

Selling the servers immediately Deleting all the files on the servers Moving the servers to a secure storage location Sanitizing the servers Sanitizing the servers uses specialized techniques, such as data wiping, degaussing, or encryption, to ensure the data becomes irretrievable.

A global e-commerce company faces challenges with its legacy monolithic application. The application is becoming increasingly difficult to maintain due to its intertwined components and struggles to scale quickly enough to handle sudden traffic surges during big sales events. The company has already invested in cloud technology and on-premises infrastructure but still faces scalability and manageability issues. What would MOST effectively address these challenges?

Serverless infrastructure Virtualization Embedded systems Microservices Microservices break down a monolithic application into smaller, independent services that develop, deploy, and scale independently. This increases the manageability of the application and improves scalability.

In a recent incident, a hacker group infiltrated a global financial institution's systems and stole the credit card information of millions of customers. The valuable information was soon available on the dark web. Based on the scenario, what is the MOST likely motivation of the hacker group?

Service disruption Philosophical beliefs Financial gain Ethical concerns Financial gain is a key motivator for many threat actors. In this scenario, the hacker group's main goal was to profit from the sale of stolen credit card information, which indicates financial gain as the primary motivation.

Which malicious actors are likely to show great interest in another country's energy infrastructure and have unlimited resources to carry out espionage attacks?

Shadow IT Unauthorized hackers Semi-authorized hackers State actors The primary goals of state actors are espionage and strategic advantage. These actors receive government backing, have virtually unlimited resources, and are known to be particular about another country's energy and health network systems.

A global corporation assesses risk appetite and how risks in various regions could influence mission-critical operations. It is assessing compliance with local laws and licensing requirements to prevent financial risk or resolve security risks, changing the risk posture, and implementing risk controls to compensate. Conclude what type of assessment the team is performing.

Site risk assessment Vulnerability assessment Penetration testing Risk control assessment Risk and control self-assessment (RCSA) is the method by which companies evaluate and analyze the operational risks and the efficacy of the controls used to manage them.

An organization notices an external actor trying to gain access to the company network. The attacker is not targeting a specific account but rather using the same password across a vast range of usernames in hopes that one might be correct. What type of attack BEST describes this scenario?

Spraying In a password spraying attack, the attacker tries a small number of commonly used passwords on many different accounts, attempting to bypass account lockouts that would generally affect brute-force attacks.

A mid-sized organization has faced a series of breaches due to insecure authentication methods. The security team concludes that current practices for user credentials need revision. What is the BEST course of action?

Start a development phase Enhance recognition of phishing attempts Start an initial phase Implement password management Implementing credential management enforcing secure practices for creating, using, and maintaining user credentials, including solid guidelines for their composition and handling.

A security architect designs a solution to protect the organization's network from advanced threats and provides granular access controls based on user roles. The organization has a significant volume of TLS-encrypted traffic that needs inspection and wants to integrate the solution with its network directory for role-based content filtering. Which should the security architect consider the MOST appropriate option?

THE CORRECT ANSWER - A Next Generation Firewall (NGFW) with Layer 7 application-aware filtering and intrusion prevention system (IPS) functionality - A Web Application Firewall (WAF) designed primarily to protect web applications from targeted attacks - A standard stateful firewall with Layer 4 filtering capabilities - A jump server with enhanced remote access capabilities An NGFW with Layer 7 application-aware filtering and IPS functionality can inspect Transport Layer Security (TLS)-encrypted traffic and integrate with network directories for role-based content filtering, meeting the organization's requirements.

A field technician adds automation to assist in streamlining the new human resource interviewing process. How does using Application Programming Interfaces (APIs) assist in this scenario?

THE CORRECT ANSWER - Different software systems are enabled to communicate and interact, creating seamless workflows. - The system automatically evaluates merges to help detect and fix integration issues. - Developers regularly merge their changes back to the main code branch. - The technician makes improvements to code quality and accelerates development cycles. The capabilities of Application Programming Interfaces (APIs) enable different software systems to communicate and interact, and automation can orchestrate these interactions, creating seamless workflows and facilitating the development of more complex systems.

A security manager decides to enhance the physical security of a warehouse storing high-value tech equipment by installing a deterrent at the perimeter to prevent vehicle-based attacks. Which security measure would be the MOST suitable for this purpose?

THE CORRECT ANSWER Bollards Access control vestibule Fencing Access badge Bollards are short vertical posts that serve as an effective barrier against vehicle-based attacks. Their sturdy design stops vehicles from entering sensitive areas, making them the most suitable choice for preventing vehicle-based attacks.

A new IT security firm is partnering with an IT support company and is opening its business soon. The firm would like to be a reseller for a popular firewall. Which of the following options allows the firm to become an authorized reseller?

THE CORRECT ANSWER Business Partners Agreement (BPA) Memorandum of Understanding (MOU) Memorandum of Agreement (MOA) Non-Disclosure Agreement (NDA) A BPA is a partner agreement that large IT companies set up with resellers and solution providers.

The state library is in the process of digitizing its collection of antique manuscripts to publish online. Some of these manuscripts contain information that has barriers preventing the general public from accessing them. What type of data are these manuscripts?

THE CORRECT ANSWER Restricted Sensitive Public Private Restricted data is a term that classifies data that require special precautions due to regulatory requirements or other constraints.

A social engineer intercepted an end-user's phone call to an internet service provider (ISP) about a home internet outage. Pretending to be the caller reporting the outage, the attacker immediately contacted the ISP to cancel the service call, dressed up as an internet tech, and then proceeded to enter the end-user's home with permission. What social engineering attack did the ISP and end-user fall victim to?

Tailgating Pharming Impersonation Hoax Impersonation is a social engineering attack in which the attacker pretends to be someone else.

The organization's engineering team observes a system failure during the implementation of new software patching. From a conceptual standpoint, what can the team use to restore the system to its original state?

Test results Maintenance windows Backout plan Impact analysis In this scenario, a backout plan is the best option as it is a contingency plan for reversing changes and returning systems and software to their original state if the implementation plan fails but does not assess the implications on proposed changes.

A systems engineer at a company is designing a new data-handling process. The engineer plans to employ a technique that can help ensure data integrity and provide a quick way to check if anyone has recently tampered with the data. However, the engineer is also aware that this method can potentially reveal patterns in the data if not used correctly. What technique is the systems engineer considering?

Tokenization Obfuscation THE CORRECT ANSWER Hashing Encryption Hashing verifies data integrity by generating a unique hash value for a given set of data. If the data changes, so does the hash, which quickly indicates altered data or verifies data integrity.

A network administrator notices that a self-replicating program spreads across the network, infecting multiple systems and consuming significant bandwidth. Which of the following BEST describes this type of security threat?

Trojan Worm Spyware Malicious code A worm is a standalone malware program that replicates itself to spread to other computers, often over a network. Worms consume bandwidth and system resources, slowing down or even crashing systems.

A cyber technician purchases new software to monitor employee computer usage after the company announces a new work-from-home program. Which risks could lead to noncompliance with software agreements? (Select the three best options.)

Unauthorized sharing or usage Liability for damages caused by data loss Modifying code or distributing software Exceeding permitted installations Noncompliance with software licensing requirements can result in the revocation of usage rights and other consequences, such as fines. Violations of license agreements, such as modifying code or distributing software without authorization, constitute noncompliance with the owner of the software. Other forms of noncompliance for software licensing include the organization exceeding the permitted number of installations. The unauthorized sharing or other unauthorized usage can also jeopardize a loss of software licensing due to noncompliance.

A financial institution is processing transactions and wishes to improve its security posture. The institution divides its network into different sections to minimize risk while actively updating or retrieving transaction data. What method does the financial institution intend to use?

Virtual private network (VPN) Firewalling Segmentation Network address translation (NAT) Segmentation works by dividing a network into different sections so that the institution can protect its data while processing.

A network administrator for a technology company is introducing a new cybersecurity model to limit data breaches. They wish to enforce a strategy where every system or user inside or outside the network perimeter must prove their legitimacy before accessing resources. What principle would be MOST effective in implementing their new strategy?

Zero Trust Zero Trust verifies the authenticity of every system or user trying to connect to its resources, serving as the best strategy in this scenario.

A cyber engineer enhances processes and controls surrounding exposures and vulnerabilities to meet all regulatory requirements before a year-end inspection. What focuses on key aspects of the organization's cybersecurity strategy, including prioritization, considerations of exposure, and risk tolerance contexts?

open-source intelligence (OSINT) THE CORRECT ANSWER Vulnerability analysis Common Vulnerabilities and Exposures (CVE) Common Vulnerability Scoring System (CVSS) Here, vulnerability analysis is critical in supporting several key aspects of an organization's cybersecurity strategy, including prioritization, vulnerability classification, exposure considerations, organizational impact, and risk tolerance contexts.