Practice Exam
inadequate buffer overflow protections
A drone manufacturer employs a real-time operating system (RTOS) to ensure timely task executions. While optimizing for real-time performance, which of the following security concerns might arise?
Limited security update capabilities
A power plant utilizes a specialized system to manage and monitor its daily operations, including machinery and sensor feedback. While these systems offer centralized control, what security concern is most associated with them?
Code Signing
A software development company regularly releases software updates to its global customer base. Recently, some customers reported receiving unauthorized and potentially malicious software updates. The company wants to implement a security technique to ensure the authenticity and integrity of its software updates when delivered to customers.
Supply chain
A tech company discovers that the firmware in some of their devices contains a hidden backdoor. Upon investigation, it's determined that the compromised firmware came from an overseas supplier they contracted with. The backdoor gave attackers remote access to devices without user knowledge. What type of attack vector has the company fallen victim to?
Reviewing event logs
After remedying a previously identified vulnerability in their systems, Kelly Innovations LLC wants to ensure that the remediation steps were successful. Which of the following the the BEST method that involves examining related system and network logs to enhance the vulnerability report validation process?
An attacker gained access, created the unauthorized account, and removed logs.
Alex, a network administrator, reviews logs from the company's main database server. He finds that every night at 3 AM, a backup process runs which generates a series of logs. However, on scanning through last week's data, he finds that logs from two nights are missing entirely. On further investigation, Alex discovers a new, unauthorized user account was created on one of those nights. What might Alex reasonably infer from these observations?
Automates the provisioning of account credentials.
An HR department for a large corporation is looking to streamline the onboarding process for new employees. How can scripting contribute to this goal in terms of system access?
Risk Tolerance
An investment firm allows a fluctuation of up to 10% in the value of its high-risk investment portfolio compared to the expected return on investment, but immediate action is required if this threshold is exceeded. This 10% fluctuation represents an example of:
The physical location of the user accessing the application
As a security analyst, you are reviewing application logs while investigating a suspected breach. Which of the following pieces of information is NOT typically documented in the application log data?
Installing the cable in a conduit buried underground
As part of a new building initiative, Dion Training Solutions plans to connect two office buildings via a direct physical link. Which measure will BEST protect the physical infrastructure connectivity?
Application rollback
At Kelly Innovations Corp., Sarah noticed that their core business application, which tracks customer orders, was not updating inventory levels accurately. A recent update seemed to have introduced a bug. Which of the following would offer the BEST solution?
Data Controller
At Kelly Innovations LLC, Susan has been entrusted with determining the purposes and means of processing personal data for the organization's new marketing campaign. She decides what data to collect, how long it will be retained, and with whom it will be shared. Which of the following BEST describes the role Susan is playing?
Certificate of Sanitization
Before disposing of old computers at Kelly Innovations LLC, Sasha receives a document that confirms all data has been securely removed. What is this document known as?
Inline
Clumsy Contraptions Engineering is seeking to change its security footing. In the past, they have found that too many pieces of malicious software have gotten past the system. Their Chief Security Officer believes they need a device which will actively evaluate traffic and reject or modify packets according to policies the company sets. What type of device is the CSO suggesting?
SD-WAN (Software-defined wide area network)
Dion Training Solutions is aiming to optimize their wide-area network (WAN) while ensuring advanced network management and performance optimization. They are considering a solution that can be deployed both on-premises and in the cloud. Which of the following technologies would BEST match their requirements?
Layer 7
Dion Training Solutions needs a network appliance capable of filtering traffic based on URL, HTTP headers, and specific web application functionalities. At which layer of the OSI model would this appliance primarily operate?
Attempting to access files outside of intended directories.
Dion Training has recently implemented a new web portal for their customers. During a routine security review, the IT team notices that some suspicious activities have been logged. An unknown user attempted to access the system with a strange pattern: when requesting a particular user file, instead of the usual URL structure ( /users/[username]/profile ) the system registered requests like ( /users/../admin/config ). Within a short span of time, several such patterns were identified, each trying to reach different sensitive files and directories. Given this information, which of the following types of attack is the user MOST likely attempting?
To test employees ability to recognize and report phishing attempts.
Dion Training is conducting a security awareness training program for its employees to enhance their cybersecurity knowledge. As part of this program, they have planned and executed phishing campaigns. Which of the following BEST describes the primary objective of phishing campaigns conducted during security awareness training?
Evidence of internal audits
Dion Training is considering a collaboration with a new IT service vendor. To ensure compliance and adherence to industry standards, Dion Training wishes to see verifiable evaluations of the vendor's security controls and practices. Which of the following would provide Dion Training with insights into the vendor's own internal evaluations of their security measures?
Simultaneous CEO logins from distant locations.
During a network investigation, Aiden, a cybersecurity analyst, identifies two key irregularities: The CEO, who tends to work late, logged in from both Paris and Tokyo within five minutes, and there's an unexpected surge in emails from the HR department outside of recruitment season. Which of the following should the analyst be MOST concerned about based on these observations?
Turning off all unused services and closing unnecessary ports
Enrique, the head of IT at Dion Training, is tasked with ensuring all deployed company systems adhere to a set of standardized configurations. He wants to reduce the attack surface as much as possible. Which of the following techniques would BEST reduce the organization's attack surface?
Centralized governance
Florence is the CEO of a company. She has the final say over all decisions made regarding the business, IT, accounting, and other departments. What type of governance does Florence's company have?
Web application firewall (WAF)
For ensuring the security of an HTTP application like WordPress or Magento against threats like SQL injection or cross-site scripting, which monitoring tool or method would be MOST appropriate?
Digital signatures
Georgina, a lawyer, needs to send a contract to their client for signature. She want to ensure that their client cannot later deny signing the contract. Which of the following methods can they use to prevent them from denying that they have signed contracts?
uninterruptible power supply (UPS)
Given the need for resilience and the ability to recover in a security architecture, which of the following devices ensures uninterrupted operation during a power outage?
reputational damage
Horizon Security, a cybersecurity training company, experienced a data breach due to a vendor's negligence. This breach led to a significant loss of sensitive customer information and damage to the company's reputation. What type of consequence is Horizon MOST likely to face?
$1,500
If a company's server has an estimated Single Loss Expectancy (SLE) of $15,000 due to an operational failure, and the Annual Rate of Occurrence (ARO) of these failures is expected to be 0.1 times per year, what is the Annual Loss Expectancy (ALE)?
Complexity
In regards to automation and orchestration, which of the following terms accurately captures the challenges faced when dealing with a system characterized by its intricate web of interconnected components and varied functionalities, potentially hindering seamless integration, effortless management, and straightforward comprehension?
Critical
Jamario, a security analyst at Dion Training, has just completed a vulnerability assessment on a company's internal web application. One of the vulnerabilities detected has a high likelihood of being exploited and, if successful, could expose sensitive customer data. Based on severity and potential impact, how should this vulnerability be classified?
Key exchange
Kelly Innovations Corp, an IT company, is implementing a process of encryption where two parties establish a shared secret for communication purposes. Which of the following MOST describes this process?
Disabling unnecessary services and protocols
Kelly Innovations LLC is redesigning its network infrastructure to support its expanding R&D team. Which of the following strategies will MOST effectively lessen the attack surface?
Layer 4
Kelly Innovations LLC wants to implement a network appliance that focuses on filtering traffic based on source and destination IP addresses, and port numbers. Which layer of the OSI model is this appliance primarily operating at?
Increased responsibility for physical security
Kelly Innovations decides to manage its IT infrastructure within its physical location, retaining full control over its hardware, software, and data. Which of the following security implications is MOST directly associated with this approach?
Risk Assessments
Lexicon, an AI company, wants to implement a security measure to identify and evaluate potential threats to their systems and networks. Which of the following is an example of a managerial security control that the company could implement?
802.1x
Reed & Jamario Security Services has recommended your company use a port based system to prevent unauthorized users and devices. Which of the following are they recommending?
it might not detect zero-day exploits.
Reed, a cybersecurity specialist at Dion Training Solutions, is optimizing the company's IPS. He notes that while signature-based detection is highly effective against known threats, it has some limitations. Which of the following BEST describes a limitation of signature-based detection in an IPS?
DAC (Discretionary Access Control)
Reginald, an IT Manager, is the owner of a file on a server and wants to grant his colleagues access to the file. He is the only one who can decide who is allowed access to the file and what actions they can perform on it. Which authorization model is being used in this scenario?
The signatures require tuning.
Susan, a security analyst at Kelly Innovations LLC, is reviewing alerts from the IPS. She recognizes a pattern of false positives from signature-based detections. Which of the following is the MOST likely cause for false positives in signature-based detection systems?
Risk Threshold
The executive team at a software development firm decides that any project with a potential financial impact greater than $500,000 due to a security incident will require an immediate review and intervention. This financial impact figure represents which of the following in risk management?
Layer 7 Firewall
To improve security at their law firm, Norah, a security analyst wants to implement a system that will selectively block or allow traffic based on the nature of the communication. Which firewall type would be MOST effective for this purpose?
Buffer overflow
Travid is evaluating an attack that has occurred on his organization's system. He sees that the attacker entered a lot of data into the the area of memory in the API that temporarily stores user input. What type of attack did Travid discover?
Frequency
What element of backup strategy involves making data copies regularly at set intervals?
Public Key
What is the name of a cryptographic key that can be freely distributed and used by others to encrypt messages?
Sanitization involves erasing data so it cannot be recovered; destruction is total physical demolition of the asset.
What is the primary difference between sanitization and destruction in the disposal process?
To ensure that the vendor's practices align with the organization's requirements
What is the purpose of a security analyst doing due diligence in the vendor selection process?
Risk tolerance
What term refers to an organization's predetermined level of acceptable risk exposure?
Partition encryption
What type of encryption only affects a section of a storage device?
Implementation of end-to-end encrypted email
When a legal organization routinely communicates with clients via email containing sensitive case details, which strategy would be the MOST effective to secure the communications?
Trapdoor function
When considering the RSA algorithm, which description BEST captures its underlying mathematical property used for public key cryptography?
Session management
When considering user interactions with a web service, which of the following are the security measures that involve the secure creation and transfer of identifiers as well as enforcing inactivity limits to prevent unauthorized access?
Reduced response time to security incidents
When evaluating the introduction of automated systems in a security operations center (SOC), which of the following is a prominent time-related benefit that security professionals might expect?
Public Key
When sending an encrypted message to Dion Training, a client would use which of the following to ensure only Dion Training can decrypt and read the message?
ECC (Elliptic curve cryptography)
Which asymmetric encryption technique provides a comparable level of security with shorter key lengths, making it efficient for cryptographic operations?
Criminal syndicate
Which group is MOST likely to possess the funding and resources to recruit top talent, including skilled strategists, designers, coders, and hackers?
Using a passphrase to generate a pairwise master key (PMK)
Which method accurately demonstrates the authentication process used in WPA2 Personal mode?
Disabling ports
Which mitigation technique involves shutting off specific entry and exit points in a system to prevent potential vulnerabilities or unauthorized access?
Monitoring
Which mitigation technique involves the use of tools like Nagios or Splunk to continuously observe and check the operation of a system or network?
Script Kiddie
Which of the following BEST describes a threat actor who primarily depends on commonly found tools, often easily accessible from the web or dark web?
laC
Which of the following BEST describes an approach where the foundational systems are set up and overseen using scripts and automated instruments instead of hands-on methods?
Decentralized Governance
Which of the following BEST describes an organizational structure that allows for autonomous decision-making in separate departments or sectors within the company?
Reduces repetitive and mundane tasks.
Which of the following BEST describes how automation and orchestration in cybersecurity operations influence employee satisfaction and retention?
It emphasizes the integration of security in software creation and maintenance.
Which of the following BEST describes the Software Development Life Cycle (SDLC) in application security?
Verify the legitimacy of the software vendor
Which of the following BEST describes the initial step to ensure a secure procurement process at Dion Training?
To provide historical insights into security incidents for future investigations
Which of the following BEST describes the primary purpose of archiving as a method to bolster security monitoring?
Defining the boundaries and limitations during the assessment
Which of the following BEST describes the primary purpose of establishing rules of engagement when conducting a security assessment for a third-party vendor?
Agent based NACs use additional software to authenticate users, while Agentless NACs use network level protocols to authenticate users.
Which of the following BEST explains the difference between an Agent-based and Agentless NAC?
Resi
Which of the following characteristics of a cloud architecture model describes a model that can quickly recover from failures due to adverse conditions?
Installation of endpoint protection
Which of the following hardening techniques can help protect systems or devices from attacks by installing software like a firewall or antivirus directly on user devices to report and block potential attacks?
End-of-life vulnerability
Which of the following hardware issues that results from products that are no longer being made or supported, but are still usable?
Ownership
Which of the following is an aspect of asset management that ensures that each IT asset is clearly associated with a specific individual or department, providing clarity on responsibilities and access rights?
Application allow list
Which of the following mitigation techniques can help enforce compliance with security standards and policies on a system or network by designating programs that are allowed to run and blocking all other programs from being run?
Host-based Firewall
Which of the following mitigation techniques can help protect a device from unauthorized network traffic solely by using software that can control network traffic based on predefined rules and policies?
Data exfiltration
Which of the following motivations refers to any act of stealing information from a system or network?
Port 1433
Which of the following ports, if left open and unmonitored, might allow database queries from unauthorized external sources?
Patching is the process of identifying and fixing security vulnerabilities in software, firmware, and operating systems to prevent potential exploits
Which of the following statements BEST explains the importance of Patching in the context of vulnerability management?
Enforcing baselines helps to standardize configurations across systems, enabling efficient automation and reducing the risk of security incidents.
Which of the following statements BEST explains the importance of enforcing baselines when automating and orchestrating secure operations?
Environmental variables refer to the unique characteristics of an organization's infrastructure that can affect vulnerability assessments and risk analysis
Which of the following statements BEST explains the importance of environmental variables in regard to vulnerability management?
Log aggregation increases the complexity of managing and interpreting security logs
Which of the following statements is NOT true about the importance of log aggregation?
Attestation
Which of the following terms BEST describes the validation of the accuracy and thoroughness of compliance-related reports?
encryption algorithm
Which of the following terms emphasizes the mathematical structure used to scramble data so that only a specific key can unscramble it?
Key risk indicators
Which of the following terms refers to critical predictive metric that organizations monitor to foresee potential risks and their impact on operations?
National legal implications
Which of the following terms refers to the specific laws and regulations set by a country's government that dictate how the personal data of its citizens should be collected, stored, and processed?
Shadow IT
Which of the following threats is MOST likely to accidentally cause harm to the system?
Time-of-check (TOC)
Which of the following vulnerabilities BEST describes a situation where a threat actor can manipulate data after it has been verified by an application, but before the application uses it for a specific operation?
Insecure interfaces and APIs
Which of the following vulnerabilities is unique to cloud computing environments, posing risks related to unauthorized access and data manipulation?
MTBF (Mean time between failures)
Which term is defined as the average operational period between the occurrence of two consecutive failures in a system or component?
It maintains the integrity of digital evidence over time.
While performing a digital investigation, which of the following statements BEST describes the role of preservation of evidence?
Compromised availability leading to operational disruptions.
Why might an organization be particularly concerned about introducing automation tools that become single points of failure during secure operations?
implementing a central OAuth authorization server to handle user authentication and issue access tokens to third-party applications
You are a cybersecurity analyst working for a software development company that develops mobile applications. The company wants to implement a secure and standardized method for users to grant third-party applications access to their account data without sharing their credentials. As a cybersecurity analyst, you recommend implementing OAuth for this purpose. Which of the following approaches would be the MOST effective way to implement OAuth in the given scenario?
Shadow IT
You are a security analyst at Dion Training and you discover that an unauthorized device has been connected to the company's network. As you investigate, you discover that the device was added so the employee could play video games during her breaks. What type of threat actor are you dealing with?
