Sec+ 701 PT AR Course

To prevent tailgating into a secure building, which of the following would be the most effective solution? Access control vestibule Bollards Video surveillance Infrared sensors

Access control vestibule An access control vestibule is specifically designed to prevent tailgating by allowing one person to enter or exit at a time, ensuring individual authentication. Infrared sensors and video surveillance can detect tailgating but may not prevent it. Bollards are more for vehicle control.

Before integrating a new software solution into its operations, a company evaluates its security features to ensure it meets their standards. What part of asset management is this? Assignment/accounting Acquisition/procurement process Disposal/decommissioning Monitoring/asset tracking

Acquisition/procurement process This scenario represents the Acquisition/procurement process in asset management. The company is evaluating the security features of new software before integrating it into its operations, ensuring that it meets their security standards. This is a critical step in the procurement process to ensure the security and compatibility of new assets with existing systems.

A company is setting up a system to protect confidential project information from unauthorized external transfer. What should be the initial action? Apply classifications to the data. Restrict user access to project files. Monitor and control email attachments. Restrict access to external file sharing services.

Apply classifications to the data. Applying classifications to the data is the first step in data protection, helping to identify what needs safeguarding. Restricting access and monitoring email are subsequent actions after identifying sensitive data.

A security team discovers a significant security flaw in the firmware of their older model surveillance cameras, which could potentially allow unauthorized network access. To mitigate this vulnerability quickly, which of the following actions should the security team take? Isolating the Camera Network Implementing a Firewall Upgrading to Newer Camera Models Applying Firmware Updates

Applying Firmware Updates The most effective and immediate action to mitigate the vulnerability is Applying Firmware Updates. This choice is analogous to 'Patching' in the original question. Patching or updating the firmware of the devices addresses the specific vulnerability directly, potentially fixing the flaw that could allow unauthorized access. Implementing a firewall, while a good security measure, does not directly address the specific vulnerability in the devices. Isolating the camera network (similar to 'Segmentation') can reduce the risk of wider network exposure but doesn't fix the vulnerability itself. Upgrading to newer models (similar to 'Replacement') is a more long-term and costly solution, which might not be feasible as a quick response.

A company wants to securely exchange data with a partner organization but needs to ensure that only they can decrypt the information. What is the best cryptographic approach? Asymmetric key encryption Symmetric key encryption Hashing Data masking

Asymmetric key encryption Asymmetric key encryption. Asymmetric encryption is ideal for securely exchanging data between different entities. Each party has a public-private key pair; one party's public key is used to encrypt the data, and the corresponding private key is used to decrypt it. This ensures that only the intended recipient can decrypt the message.

A company's IT department implements a system where users must provide evidence of their identity before gaining access to sensitive data. This process is an example of: Authentication Authorization Non-repudiation Accounting

Authentication Authentication is the process of verifying the identity of a user or system. In this scenario, the requirement for users to provide evidence of their identity before accessing sensitive data is a direct application of authentication. Authorization, on the other hand, is about granting rights after authentication. Non-repudiation ensures actions cannot be denied after they are performed, and accounting involves tracking user actions.

A company decides to implement measures to ensure only authorized personnel can access a secure facility. Which two methods should be utilized? (Select two). Visitor Logbooks Biometric Scanners Mantrap Entryways Security Patrols Keycard Access

Biometric Scanners Keycard Access Keycard Access and Biometric Scanners (E) are effective in ensuring only authorized personnel access a facility. Security Patrols and Visitor Logbooks are supplementary security measures, and Mantrap Entryways control entry but are less common.

A company wants to prevent unauthorized vehicles from entering its premises. Which of the following would be most effective? Bollards Access control vestibule Access badge Video surveillance

Bollards Bollards are designed to stop vehicles, making them the most effective option for preventing unauthorized vehicle entry.

What is used to validate a certificate when presented to a user in a digital transaction? Certificate Authority (CA) Cyclic Redundancy Check (CRC) Certificate Signing Request (CSR) Online Certificate Status Protocol (OCSP)

Certificate Authority (CA) A Certificate Authority (CA) is responsible for issuing and validating digital certificates, ensuring their authenticity when presented to users.

Question: In the process of implementing Full Disk Encryption (FDE) on all company laptops, what are the two most critical aspects the IT specialist should consider? (Select two). Certificate authority linking Encryption Algorithm Strength Key escrow Backup and Recovery Procedures

Certificate authority linking Certificate authority linking Key escrow ensures access to encrypted data when needed, and certificate authority linking establishes a trust framework for managing keys and certificates. Algorithm strength and backup procedures, while important, are secondary to key management and authority linking.

The incident response activity that ensures evidence is properly handled is: Chain of Custody Data Recovery Forensic Analysis Incident Documentation

Chain of Custody Chain of Custody is the correct option. In the context of incident response and digital forensics, the chain of custody refers to the process of documenting the handling of evidence from the time it is collected until it is presented in a court of law or used for decision-making. This includes recording who collected the evidence, when it was collected, and every transfer of the evidence from person to person or location to location. This process is critical to ensure the integrity and admissibility of the evidence in legal proceedings.

A software development manager aims to verify and maintain the authenticity of the software code developed by their company, the most effective approach would be: Implementing Version Control Systems Conducting Peer Code Reviews Using Encrypted Data Transfer Protocols Code Signing of Company-Developed Software

Code Signing of Company-Developed Software The most suitable option for ensuring the authenticity of the code is Code Signing of Company-Developed Software. Code signing involves the use of a digital signature to verify the source and integrity of the software. This process ensures that the code has not been altered or tampered with since it was signed. By signing their code, the company can assure users and stakeholders that the software is genuine and has not been modified by unauthorized parties. The other options, while important in the software development process for various reasons, do not specifically address the goal of verifying the authenticity of the software code.

To prevent malicious code from being introduced during software development, what practice should be implemented? Dependency checking Continuous integration testing Code review and approval Dependency checking

Code review and approval Code review and approval ensures that software is checked for malicious code before being deployed.

In a context where a network security analyst is assessing various security flaws within their organization's computer systems, they need a method to gauge the severity of each flaw to determine prioritization for fixes. Which system should they utilize to provide a numerical score that reflects the severity and urgency of each vulnerability? Common Vulnerability Scoring System (CVSS) Vulnerability Severity Rating (VSR) Security Risk Evaluation Metric (SREM) Threat Level Index

Common Vulnerability Scoring System (CVSS) The system that is specifically designed for this purpose is the Common Vulnerability Scoring System (CVSS). CVSS offers a standardized framework for rating the severity of computer system security vulnerabilities. It assigns a score to each vulnerability, allowing analysts to evaluate the potential impact and the urgency required for remediation

In a banking environment, what is the primary reason for conducting regular audits? Internal Policy Review Compliance with Regulations Operational Efficiency Operational Efficiency

Compliance with Regulations Compliance with regulations is often a key driver for audits in banking, ensuring adherence to financial and privacy laws. Internal policy review, operational efficiency, and financial analysis are important but secondary to regulatory compliance.

For a security analyst to effectively gauge the risk posed to their organization by a newly disclosed security vulnerability, they would need access to certain key information. The most relevant resource to aid in this assessment would be: Vendor Security Audit Reports Incident Response Team Contact List Comprehensive Software and Hardware Inventory Detailed Network Topology Diagrams

Comprehensive Software and Hardware Inventory The most critical resource in this situation is a Comprehensive Software and Hardware Inventory. This inventory provides an up-to-date list of all the technological assets within the organization, enabling the analyst to quickly identify which systems might be vulnerable. This knowledge is essential for assessing the potential impact and scope of the vulnerability on the organization's assets.

An administrator is working to ensure compliance with regulations regarding the storage duration of customer transaction data. What activity is this? Data Review Data Archiving Data Cataloging Data Reconciliation

Data Archiving Data Archiving involves storing information for compliance with legal and regulatory requirements. Reconciliation Review, and Cataloging do not specifically relate to regulatory compliance of data storage duration.

When a security analyst notices unusual network activity during off-hours, what is most likely happening? Network Scanning Ransomware Attack Data Breach Scheduled Maintenance

Data Breach Data Breach is likely if there's unusual activity during off-hours. Network Scanning might not cause alerts, Scheduled Maintenance is planned, and a Ransomware Attack typically has different signs.

An international corporation ensures its data complies with the laws and regulations of the country where it is stored and processed. What consideration is this an example of? Data at rest Geolocation Data in transit Data sovereignty

Data sovereignty This scenario highlights Data sovereignty. Data sovereignty refers to data being subject to the laws and regulations of the country where it is physically located or stored. This is crucial for multinational corporations to ensure compliance with varying legal frameworks.

In a scenario where a company's marketing department collects, modifies, and stores sensitive customer data, and the IT team secures the data during transit and storage, what is the role of the customer in this data lifecycle? Data owner Data subject Data processor Data custodian

Data subject the context of data handling, the customer is the data subject, as they are the individuals to whom the data pertains.

A network manager is implementing an intrusion detection system (IDS) to enhance the security of the company's network. Which of the following actions should the manager take first? Define security policies for network traffic. Set up alerts for any suspicious network activity. Configure the firewall to block all unrecognized traffic. Disconnect the network from the internet during non-business hours.

Define security policies for network traffic. In the context of implementing an intrusion detection system, the primary and most fundamental step is to define security policies for network traffic. This action establishes the baseline of what is considered normal and acceptable behavior on the network, which the IDS will use to detect deviations that could indicate a security threat. Without clearly defined policies, the IDS wouldn't have a standard against which to compare network activity, rendering it less effective. Configuring the firewall, setting up alerts, and disconnecting the network are important security measures, but they are subsequent steps that depend on having a well-defined security policy to be effective. Blocking all unrecognized traffic might disrupt legitimate activities, setting up alerts without defined policies could lead to numerous false positives, and disconnecting the network during non-business hours, while a strong security measure, is not directly related to the functioning of an IDS.

A university's IT department wants to monitor and respond to suspicious activities on their network in real-time. Which solution should they implement? Enforce Group Policy for operating systems Deploy EDR/XDR solutions Implement DNS filtering Update firewall access lists

Deploy EDR/XDR solutions Deploying Endpoint Detection and Response (EDR) or Extended Detection and Response (XDR) solutions is the best choice for monitoring and responding to suspicious activities in real-time. EDR/XDR provides comprehensive monitoring, detection, and response capabilities across the network, making it ideal for a dynamic environment like a university. DNS filtering, while useful for blocking malicious websites, and updating firewall access lists, while critical for access control, are not as comprehensive in real-time monitoring and response. Group Policy affects operating system configurations and does not directly relate to network activity monitoring.

In an effort to maintain high security standards in a corporate network, what action should an IT administrator take to effectively track and manage any unauthorized modifications or software installations on all company computers? Implementing a strict password policy for all users. Regularly updating firewall rules. Restricting internet access to pre-approved websites only. Deploying endpoint management software across all machines.

Deploying endpoint management software across all machines. The correct action is deploying endpoint management software across all machines. This software is specifically designed to monitor and manage endpoints like workstations and servers, ensuring that any unauthorized changes and software installations are detected and managed effectively

An organization's IT department uses software to monitor network traffic for unusual activity. This is an example of which type of security control? Preventive Compensating Detective Corrective

Detective Monitoring network traffic for unusual activity falls under detective controls, as it involves identifying potential security issues as they occur. Preventive controls would stop unauthorized access before it happens, compensating controls are backup strategies, and corrective controls rectify security breaches.

During the incident response process, what is the focus in the preparation phase? Developing Response Strategies Restoring Systems to Normal Operation Conducting Post-Incident Reviews Analyzing the Incident

Developing Response Strategies Developing Response Strategies is crucial in the preparation phase of incident response. Analyzing the Incident is part of the analysis phase, Post-Incident Reviews occur afterward, and Restoring Systems is part of recovery.

A company's security team wants to securely verify the integrity of files downloaded from the internet. Which method should they use? Data obfuscation Symmetric encryption Key stretching Digital signatures

Digital signatures Digital signatures are ideal for verifying the integrity of files and the authenticity of the sender. By using a public key to decrypt the signature, the security team can confirm that the file hasn't been tampered with and is from a verified source. Symmetric encryption doesn�t verify integrity or source, key stretching is used to enhance password security, and data obfuscation is for hiding data, not for integrity verification.

A bank requires all of its vendors to implement measures to prevent data loss on stolen laptops. Which strategy is the bank demanding? Disk encryption Access right limitations . Data obfuscation Information categorization

Disk encryption Encryption at rest, particularly on laptops, ensures that data remains inaccessible in case of theft, addressing the bank's requirement. The other options, while security measures, do not directly address the issue of stolen devices.

In a company, an IT specialist is planning to enhance the security of data storage systems to protect against external threats. Which of the following is the best method? Increasing network firewall rules Encryption at rest Implementing strong password policies Regularly updating antivirus software

Encryption at rest Encryption at rest is crucial for protecting data stored on devices against unauthorized access, especially if the device is compromised.

To identify the creator and creation date of a suspicious file found on a server, what should a security analyst check? File's metadata erver access logs File's hash value Network activity logs

File's metadata File's metadata typically includes creation date and creator information. The file's hash value verifies integrity, network activity logs track network usage, and server access logs show who accessed the server, but not file specifics.

To ensure that a single natural disaster would not result in the complete loss of backup data for a company planning a disaster recovery site, the company should consider: Implementing a redundant server system Cloud-based storage solutions Diversifying hardware vendors Geographic dispersion

Geographic dispersion The most appropriate option is geographic dispersion. This strategy involves placing backup data and disaster recovery facilities in different geographic locations, far enough apart to reduce the risk that a single natural disaster could impact both the primary site and the disaster recovery site. Cloud-based storage solutions are useful for data accessibility but don't necessarily address the risk of geographic concentration. Diversifying hardware vendors (platform diversity) ensures resilience against hardware-specific failures but doesn't protect against geographic-centric natural disasters. Implementing a redundant server system (load balancing) enhances overall system reliability but does not protect against the loss of data in a geographically concentrated disaster.

In planning for a disaster recovery site, what should a company consider to ensure continuity despite natural disasters? Geographic distribution Immediate operational site Diverse technological platforms System load balancing

Geographic distribution Geographic distribution ensures that a natural disaster in one location won't impact both the primary and backup sites.

An organization configures its cloud infrastructure to disable unnecessary services, apply the latest security patches, and restrict access based on user roles. What practice does this scenario describe? Deploying secure baselines Hardening targets Maintaining secure baselines Establishing secure baselines

Hardening targets This scenario describes Hardening targets, specifically for cloud infrastructure. Hardening involves taking specific steps such as disabling unnecessary services, applying security patches, and setting role-based access controls to enhance the security of a system. While establishing, deploying, and maintaining secure baselines are part of broader security practices, hardening targets focuses on specific actions to reduce vulnerabilities in particular systems or devices.

To enhance security, a financial institution disables all unused ports and protocols on its servers. What does this action exemplify? Monitoring Decommissioning Configuration enforcement Hardening techniques

Hardening techniques This action exemplifies Hardening techniques in cybersecurity. Disabling unused ports and protocols on servers is a common hardening practice, aimed at reducing potential entry points for attackers and minimizing the attack surface of the servers. This proactive measure is an important part of securing systems against unauthorized access and potential attacks. Decommissioning involves removing systems or software that are no longer in use, Configuration enforcement ensures systems are configured securely, and Monitoring is the continuous observation of system activities for security purposes.

An organization wants to ensure that a document's content remains unaltered during transmission. What technique should they use? Steganography Symmetric encryption Hashing Asymmetric encryption

Hashing Hashing is used to maintain the integrity of data. By generating a unique hash value for the original document and then comparing it with the hash value of the received document, the organization can confirm whether the content has been altered. Encryption (both asymmetric and symmetric) secures data but doesn't specifically focus on integrity verification. Steganography hides data rather than verifying its integrity.

financial institution wants to secure its email communication against impersonation and fraud. What technology should they implement? Enable DNS filtering Deploy NAC policies Implement email security protocols like DMARC, DKIM, and SPF Configure web filter with reputation-based blocking

Implement email security protocols like DMARC, DKIM, and SPF

An organization wants to enhance its security measures to prevent employees from inadvertently installing harmful applications. What is the most effective strategy? User access control Implementing an application allow list Regular malware scans VPN implementation

Implementing an application allow list An application allow list effectively restricts users from installing unauthorized applications, reducing the risk of malware.

Healthcare provider needs to ensure that patient data is accessed only by authorized personnel. What access control strategy should they prioritize? Using attribute-based access controls Implementing role-based access controls (RBAC) Setting up discretionary access controls Implementing time-of-day restrictions

Implementing role-based access controls (RBAC) Implementing Role-Based Access Controls (RBAC) is crucial for a healthcare provider to ensure that patient data is accessed only by authorized personnel. RBAC assigns permissions based on the user's role within the organization, ensuring that each user has access only to the information necessary for their job functions. This approach is effective in protecting sensitive patient data while allowing necessary access for healthcare operations. Discretionary, attribute-based, and time-of-day access controls are also valid but may not offer the same level of role-specific access management as RBAC.

A DevOps team in a software company is looking for an efficient way to automate and manage the provisioning and management of their cloud infrastructure for various projects. Which of the following approaches should they adopt to facilitate this process? Platform as a Service (PaaS) Virtual Network Provisioning Cloud Service Models Infrastructure as Code (IaC)

Infrastructure as Code (IaC) The correct choice is Infrastructure as Code (IaC). Infrastructure as Code is a key practice in DevOps that involves managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. This approach enables the DevOps team to automate the setup and scaling of their cloud infrastructure, making deployment of resources more efficient and less prone to human error. Platform as a Service (PaaS) provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure, but it doesn't specifically refer to the management approach. Cloud Service Models encompass various services like IaaS, PaaS, and SaaS but are too broad for this specific need. Virtual Network Provisioning is related to the configuration of virtual networks, not the overall infrastructure management.

To ensure thorough monitoring of unauthorized changes and software on company servers and workstations, what should a security engineer implement? Signature-based traffic blocking Task logging system Install endpoint management software on all systems Network exit traffic analysis

Install endpoint management software on all systems Installing endpoint management software provides comprehensive monitoring and management capabilities.

Why is a backout plan an essential part of change management in ensuring security? It provides a record of who approved the change. It schedules the implementation of changes. It dictates who owns the change process. It offers a strategy to revert changes if they negatively impact security.

It offers a strategy to revert changes if they negatively impact security. A backout plan is critical as it provides a predefined strategy to quickly revert changes if they are found to negatively impact security, minimizing potential risks and disruptions. While recording approvals, scheduling changes, and dictating ownership are important, they do not offer the immediate protective measure in the event of an adverse impact that a backout plan does.

How does a maintenance window contribute to change management in terms of security? It ensures all stakeholders are informed. It provides a controlled timeframe to implement changes. It dictates the approval process. It outlines the backout plan.

It provides a controlled timeframe to implement changes. A maintenance window provides a specific, controlled period for making changes, reducing the risk of impacting normal operations and allowing for focused security monitoring during this time. While informing stakeholders, dictating the approval process, and outlining the backout plan are important, they are not as directly related to the temporal control and focused security effort as the maintenance window is.

A smartphone user wants to access features not available in the standard operating system. What method would enable this? Jailbreaking Direct software installation Exploiting database vulnerabilities Utilizing scripting vulnerabilities

Jailbreaking Jailbreaking enables users to bypass the manufacturer's restrictions to access additional features.

An organization discovers that an unauthorized version of its software was distributed to users, containing hidden malicious code. Which vulnerability type does this scenario describe? SQL injection Jailbreaking Firmware Malicious update

Malicious update This scenario is an example of a Malicious update vulnerability. A malicious update occurs when unauthorized or tampered software updates are distributed to users, often containing harmful code designed to compromise security or functionality. This contrasts with Firmware vulnerability, which is related to embedded software issues, SQL injection, which involves unauthorized manipulation of database queries, and Jailbreaking, which is specific to bypassing restrictions on mobile devices.

In order to enhance the situational and environmental awareness of users transitioning from remote to in-office work, a company should consider: Conducting a survey to understand the specific needs of returning employees. Revising the office emergency response plan. Modifying the content of current training. Installing advanced security software on all office devices.

Modifying the content of current training. Modifying the content of current training is the best option to improve situational and environmental awareness for employees transitioning back to the office. This approach ensures that all returning employees are up to date with the latest information and best practices relevant to the in-office environment, which may differ significantly from remote work settings.

A financial institution wants to enhance the security of customer account access. What should they implement? Passwordless authentication Multifactor authentication with hard authentication tokens Attribute-based access controls Passwords with complex requirements

Multifactor authentication with hard authentication tokens Implementing multifactor authentication with hard authentication tokens is an effective way to enhance the security of customer account access for a financial institution. Multifactor authentication requires users to provide two or more verification factors, significantly increasing account security. Hard authentication tokens, such as key fobs or smart cards, provide a physical factor that is hard to replicate or steal, adding an additional layer of security. While passwordless authentication, complex passwords, and attribute-based access controls are good security measures, multifactor authentication with a physical token provides a higher level of security for financial transactions.

To store customer data on a separate part of the network that is not accessible to users on the main corporate network, the administrator should use: Network Segmentation Regular System Updates Virtual Private Network (VPN) Data Encryption

Network Segmentation The correct answer is Network Segmentation. This involves dividing the network into smaller parts or segments, each acting as a separate network. By segmenting the network, an organization can place customer data in a distinct segment, isolated from the main corporate network. This reduces the risk of unauthorized access to sensitive customer data from users on the main network. A VPN is used for secure remote access and doesn't inherently separate internal network segments. Regular system updates (patching) are critical for security but don't segregate network segments. Data encryption secures data but does not physically or logically separate it from other parts of the network.

A bank implements a security measure ensuring that once a transaction is executed, neither the customer nor the bank can deny its occurrence. This measure is an implementation of: Integrity Non-repudiation Authentication Gap Analysis

Non-repudiation Non-repudiation in cybersecurity refers to the assurance that someone cannot deny the validity of something. In banking, ensuring that neither party can deny a transaction once it's executed is a classic case of non-repudiation. Integrity is about maintaining the accuracy and consistency of data, authentication is verifying identity, and Gap Analysis is assessing the difference between current and desired states.

A university's IT department is concerned about the growing trend of cyber attacks in the education sector and is preparing a report for the university's board. The report specifically focuses on the rise of phishing attacks targeting university systems. Which of the following best describes the likely perpetrator of these attacks, as outlined in the IT department's report? Disgruntled former student Organized crime Amateur hacker group Competitive academic institutions

Organized crime In this scenario, the most accurate description of the likely perpetrator of phishing attacks targeting university systems is Organized Crime. This choice aligns with the original scenario's emphasis on ransomware-as-a-service, which is commonly associated with organized criminal groups. These groups are known for their sophisticated, coordinated attacks and financial motivations, making them a probable source of targeted phishing attacks in an educational context. Disgruntled former students, amateur hacker groups, and competitive academic institutions, while possible sources of cyber threats, typically do not have the same level of organization or the specific motive to conduct widespread, sophisticated phishing campaigns like those associated with organized crime.

Which type of threat actor is most likely to be contracted by a foreign government to carry out cyber-attacks against critical systems in other countries? Activist hacker Novice hacker Disclosure-driven individual Organized crime group

Organized crime group Organized crime groups, due to their resources and expertise, are often suspected of being contracted by foreign governments for cyber-attacks, more so than individual activists, whistleblowers, or inexperienced hackers.

A company operates customer service terminals that are found to be running on outdated, end-of-life operating systems, the security team is likely to focus on a particular security concern directly related to the use of such systems. The most relevant security implication they would document is: Data Restoration Efficiency Vulnerability to New Threats Patch Availability Upgrade and Maintenance Expenses

Patch Availability The most critical concern in this situation is Patch Availability. End-of-life operating systems no longer receive updates or patches from the developer, which includes crucial security updates. This leaves the systems increasingly vulnerable to security threats and exploits that newer, supported systems would be protected against. While other factors like vulnerability to new threats, data restoration efficiency, and upgrade expenses are important considerations, the immediate and direct security risk stems from the lack of ongoing support and patching for the outdated operating systems.

A company is discarding a classified storage array and hires an external vendor for disposal. What is required for this process? Assign a data classification level Provide proof of ownership Maintain an inventory list Provide disposal certification

Provide disposal certification When disposing of classified storage arrays, it's essential to obtain a certification from the disposal vendor, ensuring that the sensitive data has been securely and properly destroyed.

What team focuses on both attack simulation and defense strategies to enhance the security of an organization? Integrated Security Team Tactical Response Team Network Defense Team Purple Team

Purple Team A Purple Team combines offensive and defensive methods to strengthen security, embodying both attack and defense aspects. Other options do not represent a combination of these two approaches.

During a security audit, an IT team finds unauthorized encryption of company data and a demand for payment to restore access. What type of malware attack is this? Virus Logic bomb Rootkit Ransomware

Ransomware This scenario is indicative of a Ransomware attack. Ransomware is a type of malware that encrypts a victim's files, with the attacker then demanding a ransom from the victim to restore access to the data upon payment. A Virus is a type of malware that replicates itself by modifying other computer programs, but it doesn't typically involve a ransom. Logic bombs are malicious code triggered by specific conditions, and Rootkits are designed to gain unauthorized access to a computer without being detected.

A small business is assessing its ability to recover critical functions after a major disruption. They are focusing on the time it would take to resume these functions. What specific aspect of Business Impact Analysis are they evaluating? Recovery Point Objective (RPO) Mean Time Between Failures (MTBF) Recovery Time Objective (RTO) Mean Time to Repair (MTTR)

Recovery Time Objective (RTO) The small business is evaluating the Recovery Time Objective (RTO) aspect of Business Impact Analysis.

In a scenario where a highly secure network, isolated from the internet and external networks (an air-gapped network), experiences data loss, the most common pathway for this data loss is often through: Unsecured Wireless Connections Hard Drives Outdated Firewall Systems Removable Devices

Removable Devices The most likely cause of data loss in an air-gapped network is Removable Devices. Air-gapped networks are physically isolated from unsecured networks, including the internet. Therefore, the most common data loss path is not through digital connections but physical means. Removable devices like USB drives, CDs, or external hard drives can be used to transfer data to and from the network, posing a significant risk of data loss or introduction of malware if they contain malicious content or are used maliciously.

A healthcare company is concerned about the security of its patient data handled by third-party providers. What clause should they ensure is included in their agreements with these providers? Master Service Agreement (MSA) Service-Level Agreement (SLA) Non-disclosure Agreement (NDA) Right-to-Audit Clause

Right-to-Audit Clause The healthcare company should ensure that a Right-to-Audit Clause is included in their agreements with third-party providers. This clause gives them the authority to audit the third-party providers to ensure compliance with security standards and regulations, especially important when handling sensitive patient data. This could involve periodic checks, reviews of security practices, or compliance with specific healthcare regulations.

A logistics company is revising its risk management strategies. They are considering an approach where some identified risks will not be actively mitigated but will be acknowledged and monitored. What risk management strategy are they contemplating? Risk Transfer Risk Avoidance Risk Acceptance Risk Mitigation

Risk Acceptance The logistics company is contemplating the Risk Acceptance strategy. This approach involves acknowledging the existence of certain risks and deciding not to take active steps to mitigate them, often due to cost-benefit analysis, low impact, or low likelihood of occurrence. Instead, these risks are monitored to ensure they remain within acceptable levels. This is different from Risk Avoidance (eliminating the risk entirely), Risk Mitigation (reducing the impact or likelihood of the risk), and Risk Transfer (shifting the risk to a third party).

The strategy represented by a company purchasing cyber insurance to address items listed on its risk register is: Risk Acceptance Risk Mitigation Risk Transfer Risk Avoidance

Risk Transfer The correct answer is Risk Transfer. In risk management, transferring risk involves shifting the potential impact of a risk to a third party. By purchasing cyber insurance, the company is essentially transferring the financial risk associated with cyber incidents to the insurance provider. This doesn't eliminate the risk but ensures that the financial burden of a risk event is borne by the insurance company. Risk Acceptance would mean the company acknowledges the risk and decides to deal with the consequences without taking specific actions to handle it. Risk Mitigation involves taking steps to reduce the likelihood or impact of the risk, and Risk Avoidance means taking actions to completely avoid the risk.

A hospital IT manager needs to ensure that medical staff, administrative staff, and other employees have access only to the specific systems and data relevant to their job roles. Which method should the IT manager use to efficiently assign and manage these access privileges? Password Authentication Protocol (PAP) Firewall Configuration Role-Based Access Control (RBAC) Biometric Access System (BAS)

Role-Based Access Control (RBAC) The correct choice is Role-Based Access Control (RBAC). RBAC is a method that assigns access rights and permissions based on the roles of individual users within an organization. In the context of a hospital, this allows the IT manager to ensure that medical staff, administrative staff, and other employees can access only the systems and data that are relevant to their specific job functions

A hacker tries to exploit a weakness in a website's user login page by inputting malicious code into the username field, hoping to manipulate the underlying database and gain unauthorized access. Which of the following involves this type of attack, attempting to take advantage of database misconfigurations? Cross-Site Scripting (XSS) SQL Injection Directory Traversal Command Injection

SQL Injection The correct choice is SQL Injection. This type of attack involves inserting malicious SQL statements into an input field, like a login form, to manipulate a database in ways the developers did not intend. It takes advantage of misconfigurations or vulnerabilities in the database or the way the website interacts with the database.

A company�s IT department plans to update its customer relationship management (CRM) software. To minimize the impact on the sales team and customers, the IT department decides to follow a best practice that allows them to perform the update at a time that would least affect business operations. The best practice they would likely follow is: Stakeholder Consultation Scheduled Downtime Contingency Planning Maintenance Windows

Scheduled Downtime The most appropriate best practice in this situation is Scheduled Downtime. This approach involves setting aside a specific period during which the system can be taken offline or updated without significantly affecting normal business operations. By planning and communicating this downtime in advance, the IT department can ensure that the necessary changes are made while minimizing the impact on users and business activities

In a data center, which two practices should be implemented to prevent data loss through physical media? (Select two). Data Encryption Secure Media Storage Implementing DLP Solutions Data Encryption Disabling USB Ports

Secure Media Storage Disabling USB Ports Disabling USB Ports and Secure Media Storage directly address physical media data loss. DLP Solutions are broader, Data Encryption secures data but not physical media, and Network Segmentation (E) is unrelated to physical media.

For an organization aiming to enhance its cybersecurity infrastructure by implementing a tool that aggregates and analyzes security-related data from various sources within its network, the most suitable technology would be: Security Information and Event Management (SIEM) Unified Threat Management System Network Behavior Analysis Tool Centralized Log Management System

Security Information and Event Management (SIEM) The most appropriate technology in this context is Security Information and Event Management (SIEM). SIEM solutions are specifically designed to collect, store, and analyze security logs from different parts of an organization�s IT infrastructure, providing a comprehensive view of its security posture. This centralized approach enables effective monitoring, detection, and response to security incidents. SIEM systems are capable of correlating events from various sources, identifying anomalies, and generating alerts for potential security threats, making them an essential tool for organizations looking to strengthen their cybersecurity measures.

An IT manager notices unusual spikes in server traffic from one of the company's database servers, occurring sporadically late at night when the office is closed. Which of the following is most likely happening? A time-based script is corrupting database entries. A Distributed Denial of Service (DDoS) attack is underway. Sensitive information is being stolen from the database. Malicious software is locking and encrypting database files.

Sensitive information is being stolen from the database. The most likely occurrence in this scenario is that sensitive information is being stolen from the database. The pattern of unusual spikes in traffic during non-business hours suggests that data may be secretly being transferred out of the company's network. A DDoS attack typically results in an overwhelming amount of traffic aimed at incapacitating the server, not in sporadic spikes. A time-based script corrupting data would likely not cause noticeable traffic spikes. Malicious software encrypting files (like ransomware) would not necessarily result in detectable network traffic spikes, especially if the encryption process is happening internally on the server.

An online retailer is drafting contracts with a new shipping vendor. What type of agreement is essential to outline the performance metrics and expectations for timely deliveries? on-disclosure Agreement (NDA) Business Partners Agreement (BPA) Memorandum of Understanding (MOU) Service-Level Agreement (SLA)

Service-Level Agreement (SLA) The online retailer should prioritize including a Service-Level Agreement (SLA) in their contracts with the new shipping vendor. An SLA is critical for clearly outlining the performance metrics, standards, and expectations regarding the timely deliveries of products. It serves as a formal agreement that specifies the levels of service to be provided, such as delivery times, handling procedures, and remedies or penalties for service failures. This ensures both parties have a clear understanding and agreement on the performance expectations and helps in maintaining a consistent quality of service.

To enhance network security, what change should a security analyst recommend if a remote desktop service is accessible from the internet? Changing Default Port Configurations Implementing Stronger Encryption Increasing Password Complexity Setting up a VPN and firewall restrictions

Setting up a VPN and firewall restrictions Setting up a VPN and firewall restrictions enhances security for remote desktop access. Stronger Encryption and Changing Default Ports are good practices, but a VPN adds an additional security layer. Password Complexity is important but insufficient alone.

An employee of a technology company begins to use unauthorized cloud services to speed up their work, bypassing the company's approved IT processes. This behavior represents a risk posed by: Insider Threat Shadow IT Organized Crime Unskilled Attacker

Shadow IT Shadow IT refers to the use of IT systems, devices, software, applications, and services without explicit IT department approval. In this case, the employee's actions in using unauthorized cloud services fall under the category of Shadow IT. While this also constitutes an insider threat, the specific behavior is more representative of Shadow IT.

Following a security awareness training session, an employee reported a suspicious call claiming to need credit card details to close an invoice on behalf of the CFO. Which training topic did this employee recall? Insider threat awareness Targeted phishing of executives Email phishing awareness Social engineering tactics

Social engineering tactics The scenario described is a classic example of social engineering, where the attacker manipulates an individual into divulging confidential information. The other options, while relevant, are not as directly applicable to the situation described.

In a penetration testing engagement, what document typically outlines the estimated time required for the test? Service Level Agreement Non-disclosure Agreement Business Partnership Agreement Statement of Work

Statement of Work The Statement of Work usually includes time estimates for projects like penetration testing. Non-disclosure Agreements, Service Level Agreements, and Business Partnership Agreements serve different contractual purposes.

An organization decides to implement a system where employees must use their fingerprints to access secure areas. This is an example of which type of security control? Managerial Physical Technical Operational

Technical Using biometric data (fingerprints) for access control is a technical security control as it involves technology to manage access to secure areas. Managerial controls involve policies and procedures, operational controls are about day-to-day operations and procedures, and physical controls (D) involve tangible measures like locks and fences.

A user finds a website that looks identical to their bank�s site, but the URL has a minor spelling mistake. After entering their login details, the user realizes the website is fraudulent. What kind of attack just occurred? Brand impersonation Phishing Pretexting Typosquatting

Typosquatting This scenario is an example of Typosquatting, where attackers register domain names that closely resemble those of legitimate websites, but with minor typos. Unsuspecting users who mistakenly enter these URLs are led to fraudulent websites that mimic the look of the intended site, where they might enter sensitive information like login credentials. While this scenario also involves elements of Phishing and Brand impersonation, Typosquatting is more specific to exploiting typographical errors in domain names. Pretexting involves creating a false scenario for information theft, which is not the primary method used here.

A company wants to enhance the awareness of its staff about security as they transition back to office work from remote settings. What approach should be taken? Regular security notifications Conduct simulated attack exercises Update ongoing training programs Revise onboarding material

Update ongoing training programs Updating ongoing training programs ensures that all current employees are aware of the latest security practices and threats. Other options are more sporadic or targeted to new employees or specific scenarios.

A financial institution uses a technology that encrypts data as it travels across the internet to ensure secure communication between its branches. What is this technology? VPN (Virtual Private Network) IPSec (Internet Protocol Security) SASE (Secure Access Service Edge) TLS (Transport Layer Security)

VPN (Virtual Private Network) The technology used here is a Virtual Private Network (VPN). VPNs encrypt data as it travels across the internet, providing secure communication channels, especially for organizations like financial institutions that need to ensure the confidentiality and integrity of their data across multiple branches. TLS and IPSec are protocols that can be used for secure communication, but in the context of inter-branch secure communication, VPN is the more encompassing solution. SASE is a newer model that combines network security functions with wide-area networking capabilities.

To facilitate secure, remote access to a client's environment for a security consultant, which of the following technologies would be most appropriate? Remote Desktop Protocol (RDP) Secure Shell (SSH) Virtual Private Network (VPN) Wireless Encryption Protocol (WEP)

Virtual Private Network (VPN) The most suitable option is Virtual Private Network (VPN). A VPN creates a secure, encrypted tunnel over the internet, which is ideal for a security consultant who needs to access a client's environment remotely and securely. Secure Shell (SSH) also provides secure access but is generally used for secure command-line access and file transfers, not for full network access. Remote Desktop Protocol (RDP) allows for remote access to a computer's desktop but isn't inherently secure without additional configurations. Wireless Encryption Protocol (WEP) is outdated and considered insecure for protecting wireless networks.

A group of journalists at a news agency experience a security breach when several of their computers are infected with malware. This occurs after they access a popular online forum for journalists that had been secretly compromised by hackers. Which of the following best describes this type of attack? Spoofing Vishing Watering-hole Phishing

Watering-hole The correct description of this type of attack is Watering-hole, where malware spread after an employee visited a compromised industry blog, a watering-hole attack targets a specific group by compromising a website that members of the group are known to visit. The attackers infect the site with malware, anticipating that some visitors from the targeted group will get infected. Phishing involves tricking individuals into divulging sensitive information, Spoofing is about impersonating another device or user, and Vishing is voice phishing, none of which directly describe the scenario of compromising a commonly used website to target a specific group.

A fraudster contacts a company's finance department via email, pretending to be the Chief Financial Officer, and urgently requests a wire transfer to an external account for a supposedly confidential deal. Which of the following techniques is the fraudster using in this scenario? Spear Phishing Identity Fraud Fabrication Whaling

Whaling The correct technique being used by the fraudster is Whaling. Whaling is a specific type of phishing attack that targets high-level executives or important individuals within an organization. In this scenario, the attacker is impersonating a high-ranking official (the CFO) to trick someone in the finance department into making a significant financial transaction.

A software company learns of an exploit in its product that attackers are using, which the company was previously unaware of. This exploit had not been identified or patched. What type of vulnerability does this represent? Mobile device Zero-day Firmware Supply chain

Zero-day The described situation is a Zero-day vulnerability. Zero-day vulnerabilities are previously unknown flaws in software or hardware that attackers exploit before the developers become aware of them and issue a patch. This type of vulnerability is particularly dangerous because there is no known defense against it until it is identified and fixed. The other options, Firmware, Mobile device, and Supply chain vulnerabilities, refer to different types of security risks.