Security+ Master Deck
Theresa wants to use a cloud-hosted security solution that will allow her to safely store and manage secrets. What type of solution should she select?
A KMS
What hardware component is used to generate, store, and manage cryptographic keys?
A TPM
Sally wants to ensure that her change management process includes a procedure for what to do if the change fails. What should she create to handle this possibility?
A backout plan
A vulnerability scan shows that an embedded device that Alice is responsible for has a vulnerability. She knows the vendor is no longer in business and that there is no updated firmware or software update for the device. To resolve the issue, Alice places a firewall between the device and the rest of the network and creates rules that prevent the vulnerable service from being available to other devices. What type of control has Alice deployed?
A compensating control
Joanna's organization has a policy that requires a user's password to be immediately reset to lock accounts if the account is determined to have been successfully phished. What type of control is this?
A directive control
Skip wants to implement a deterrent control to prevent physical security issues for his organization. Which of the following controls should he select?
A fence
Valentine wants to detect if an intruder has accessed a secured file server. Which of the following techniques will work best with a data loss prevention tool to identify data exfiltration?
A honeyfile
What term describes a collection of honeypots on a network intended to capture information about cybersecurity threats?
A honeynet
Jack has deployed a system that appears to attackers to be a vulnerable system. The system is specifically designed to capture information and data from attacks to allow for later analysis. What type of tool has Jack deployed?
A honeypot
Nick's organization sets aside Saturday nights from 2 a.m. to 4 a.m. for scheduled maintenance. What is this type of reserved time typically called?
A maintenance window
Valerie's organization has deployed a zero-trust solution, and Valerie receives an authentication prompt when she is attempting to access a file server. What component of the zero-trust architecture is she interacting with?
A policy enforcement point
What holds the position of the root of trust in a certificate chain?
A root certificate
Brian's organization uses a process where a secure module boots systems, then monitors them as each boot stage proceeds. It validates each signed boot stage and reports on whether the boot process was correct or not when complete. What is the secure module used to verify these stages called?
A root of trust
Jason knows that his Apple system uses a separate portion of its SoC (system on chip) to store keys and biometric information. What is this specialized component called?
A secure enclave
Valerie wants to use a certificate to handle multiple subdomains for her website, including the sales.example.com and support.example.com subdomains. What type of certificate should she use?
A wildcard certificate
Jocelyn wants to select a modern encryption algorithm for use in her organization. Which of the following is a currently recommended encryption algorithm?
AES-256
As the network administrator for a small legal firm, you've been tasked with enhancing the security of the firm's network, especially regarding the software and applications used on work devices. Given the sensitive nature of the firm's data, you decide to implement a strategy that restricts what software can run on company devices. Which security strategies best describe the approach to limit what software can run on company devices? (Select the two best options.)
Allowlists, Blocklist
Megan wants to assess the impact of a change as part of her change management process. Which of the following is most likely to help her assess impact?
An estimate of the downtime expected
Jill needs to explain the concept of open public ledgers to her organization as management wants to adopt a blockchain-based system. What should she tell them about access to the ledger?
Anyone can join at any time.
Which of the following is not a major concern related to downtime caused by patching and system updates?
Attackers compromising the system or service while it is offline
Theresa is concerned that her scheduled maintenance window may extend beyond the allocated time due to an unexpected issue. What element from the CIA triad is she concerned about?
Availability
The system administration team identified a critical server that crashed after deploying a new set of patches. After troubleshooting the issue, the team determined that the new patches directly caused the crash. What is needed to restore functionality to the critical server confidently?
Backout plan
Alaina is concerned about vehicles that might impact her organization's backup generator. What should she install to prevent both inadvertent and purposeful vehicle impacts on a generator installed outside her building near a parking lot?
Bollards
Which of the following change management processes does not commonly directly involve stakeholders outside of the IT organization?
Building the backout plan
Matt is assessing his organization's zero-trust model against the NIST Zero Trust Maturity Model. Which of the following is not a common element of zero-trust systems that would be assessed as part of the model?
Business model
Olivia wants to use a self-signed certificate in her test environment for her organization's services to save money on commercial certificates. What warning should her team give her about the use of self-signed certificates in a test environment?
Certificate root of trust validation attempts will fail if implemented.
Valerie wants to authenticate her systems using her AAA system. Which of the following options is best suited to system authentication?
Certificate-based authentication
Wayne wants to allow systems to claim identities as part of his AAA process. Which of the following is most commonly used to identify both individuals and systems?
Certificates
An organization's baseline configuration requires 256-bit keys for a specialized application used by one of its departments. After conducting some tests, it is determined that an existing device performs poorly when key lengths exceed 128 bits. After performing a risk assessment, the leadership team authorizes using 128-bit keys for the problematic device, pending its replacement. What type of control is described in this situation?
Compensating
What information is analyzed during a gap analysis?
Control objectives and controls intended to meet the objectives
After encountering a cyber attack, an organization uses a monitoring solution that automatically restarts services after it has detected the system has crashed. What type of functional security control is the company implementing?
Corrective
Damian issues the following command on his Linux server: openssl req -new -newkey rsa:2048 -nodes -keyout exampleserver. key -out exampleserver.csr What has he done?
Created a certificate signing request
Joanna is reviewing her account information on an e-commerce website and sees her credit card number displayed as XXXX-XXXX- XXXX- 1234. What type of data obfuscation is in use?
Data masking
What technology is record-level encryption most commonly associated with?
Databases
What are considerations like database and network connectivity, authentication system access, and network time availability considered in the context of change management processes?
Dependencies
Murali has deployed a file integrity monitoring tool and has configured alerts to notify him if files are modified. What control type best describes this solution?
Detective
Jason has recommended that additional lighting be put in place on the exterior of his building as part of a security upgrade. What type of control is lighting?
Deterrent
Jack wants to ensure the integrity of a file that he is sending to a third party via email. How can he provide the integrity of a file to an organization that he has not done business with before?
Digitally sign the file.
What type of control is a policy or procedure?
Directive
Which of the following is not a common control focused on availability?
Disk encryption
Rick wants to make offline brute-force attacks against his password file very difficult for attackers. Which of the following is not a common technique to make passwords harder to crack?
Encrypting password plain text using symmetric encryption
Felicia wants to deploy an encryption solution that will protect files in motion as they are copied between file shares as well as at rest, and also needs it to support granular, per-user security. What type of solution should she select?
File encryption
Lisa wants to ensure that theft of a device will not lead to exposure of the data contained on the device if the device is locked or turned off. What type of encryption should she select to best ensure this?
Full-disk encryption
Risk managers plan to compare existing security controls to a set of best practice controls described in a technical hardening standard. Which technique would be most helpful to the risk managers in this scenario?
Gap analysis
To support a new secure application, a helpdesk technician installs a PCIe adapter card containing a crypto-processor in a computer. What type of devices does this best describe?
Hardware security module
Renee wants to ensure that her logs support nonrepudiation. What should she do to ensure this?
Hash the logs and then digitally sign them.
Frankie wants to validate the integrity of a file by comparing it against an original copy. Which of the following solutions both fulfills this requirement and avoids known security issues?
Hash the original file and the current file using SHA-256 and compare the hashes.
A finance company has implemented a deception strategy to plant documents that appear to contain sensitive information. Upon access, the documents help capture the attacker's tactics and tools. What type of deception technology best describes this scenario?
Honeyfile
Which of the following is not a managerial control?
Implementing firewalls
Isaac wants to deploy sensors to detect intruders in a facility, but he is concerned about the sensors being overly sensitive. What type of sensor is best suited to detecting intruders in an open office environment without significant expense or issues with sensitivity?
Infrared
Scott wants to automate policy creation in his zero-trust environment's policy engine. Which of the following is not a typical component for automated data and event-driven policy management?
Infrared sensor data
What role does the policy engine play in a zero-trust environment?
It grants access based on policies created by administrators and based on security systems data.
A software application firm is strengthening its cyber defense by incorporating deception technologies into its environment. How can a honeynet support this strategy?
It uses a network of decoy systems to simulate an entire network to capture attackers' tactics and tools.
Lucca has implemented an authentication scheme that relies on ticket-granting tickets as part of the authentication process. What common authentication service has he implemented?
Kerberos
Yasmine submits the Windows BitLocker key to a central repository after she encryptions the machine. The central repository allows files to be uploaded, but not read, and is protected with access requiring special permissions. What type of solution is Yasmine's company using?
Key escrow
What important encryption challenge does asymmetric encryption help with by using public keys?
Key exchange
Diffie-Hellman and RSA are both examples of what important encryption-related solution?
Key exchange algorithms
Jacob is concerned that the password used for one of his organization's services is weak, and he wants to make it harder to crack by making it harder to test possible keys during a brute-force attack. What is this technique called?
Key stretching
Amanda's organization wants to use a decentralized blockchain to store data. Which of the following is true about a decentralized blockchain?
No individual or group controls the blockchain.
What important encryption feature is not supported by symmetric encryption?
Nonrepudiation
Chris wants to check to see if a certificate has been revoked. What protocol can he use to validate the current status of a certificate?
OCSP
Quentin wants to deploy a single sign-on system to allow his users to log in to cloud services. Which of the following technologies is he most likely to deploy?
OpenID
Log monitoring is an example of what control category?
Operational
Marty wants to deploy a corrective control to deal with a recently compromised system. Which of the following would be considered a corrective control?
Patching the vulnerability that allowed the compromise to occur
Jared wants to estimate the downtime that will result as part of a planned change. Which of the following methods will most effectively help him estimate downtime?
Perform the change in a test environment.
Elizabeth wants to classify the following controls by their category. What category best describes lighting, fences, bollards, and access control vestibules?
Physical
Which of the following sensor types is commonly used to detect footsteps?
Pressure
Ben has deployed a data loss prevention (DLP) tool that inspects data and flags specific data types for review before emails containing it are sent outside the organization. What control type best describes this type of solution?
Preventive
Jackie wants to implement an AAA system for her network. What AAA protocol is commonly used for network devices?
RADIUS
Greg wants to implement a version control system to ensure that changes are made in ways that will not cause problems for his organization's critical software. Which of the following is not a common feature of version control systems designed for software source code?
Regression testing
Selah's organization has recently experienced a breach and the private keys for her organization's certificates were exposed. What should she immediately do?
Revoke the certificates and place them on a certificate revocation list.
Which of the following is not a common transport encryption protocol?
SAML
Mohinder wants to use modern, secure hashing algorithms to validate files against known good originals. Which of the following hashing algorithms should he select?
SHA-256
Which of the following activities should Alaina not restrict as part of her preparation for a change window?
Scaling clustered systems up or down
Christina wants to implement a physical security control that has the greatest flexibility in how it is applied because she knows that exceptions to security practices may be required at times. Which of the following solutions has the greatest flexibility?
Security guards
Which of the following controls is typically the most expensive to implement?
Security guards
Jack knows that there are three common types of database encryption. Which of the following is not a common type of database encryption?
Sensitivity-based encryption
What change management term is used to describe the processes that an organization uses for each change that is made to ensure that a consistent process is used?
Standard operating procedures
Michelle believes that an image she has discovered in an attacker's directory of files contains additional information that has been hidden in it. What is this type of obfuscation called?
Steganography
What role does a subordinate CA have in a CA hierarchy?
Subordinate CAs provide control over certificate issuance while avoiding the cost of being a root CA.
An encryption method in which all participants have the same key is known as which of the following types of encryption?
Symmetric encryption
A software specialist prepares to integrate new software into the organization's network. To ensure the compatibility and performance of the software, the specialist first deploys it in a controlled environment. Which of the following concepts is associated with this approach?
Test results
Annie notices that her browser shows that the certificate for the site she is visiting is not valid. After performing some checks, she sees that the certificate is on the CA's certificate revocation list. Which of the following is not a reason for a certificate to be on a CRL?
The certificate expired.
Susan's team has recommended an application restart for a production, customer-facing application as part of an urgent patch due to a security update. What technical implication is the most common concern when conducting an application restart?
The downtime during the restart
What key is used to decrypt information sent by another individual between two people using public key encryption?
The recipient's private key
Ujamaa wants to conduct a gap analysis as part of his security efforts. Which of the following best describes what he will analyze?
The security program as implemented versus best practices
Derrick wants to validate an encrypted and digitally signed message sent using asymmetric encryption. What does he need from the sender to validate the message?
The sender's public key
What two key features define blockchain ledgers?
They are shared and immutable.
An organization has an established change management program that includes standard operating procedures (SOPs). It wants to implement changes consistently and effectively. What role do SOPs play in the change management process?
They define routine operations or changes, providing detailed instructions to implement them.
What purpose do third-party certificates serve for customers of cloud services?
They provide control over cryptographic security for the customer.
Carol wants to obfuscate data that is contained in her database. She wants to be able to refer to the data elements without having the actual data exposed. What type of obfuscation option should she select?
Tokenization
A cyber security analyst is implementing full disk encryption by utilizing the features offered by the hardware components of the company's laptops, tablets, and smartphones. What type of hardware device does this describe?
Trusted Platform Module (TPM)
Which of the following is not a common post-change activity found in change management practices?
Updating contracts
Mahmoud has been asked to implement an allow list for websites that users at his company can visit. What concern should he bring up to management due to this request?
Using an allow list for websites will take a lot of time to maintain.
Amanda is concerned about issues with dependencies that may be found during her pending change. What practice should she implement to help ensure unexpected dependency issues are not encountered?
Validate the change in a test environment.
Rick's cloud provider offers a dedicated hardware security module. Which of the following capabilities is it unlikely to offer?
Validating secure boot processes
Joanna wants to ensure that the most current version of each component in her application is deployed. What change management process will help the most with this requirement?
Version control
Using a tool like git is most frequently associated with what critical change management process?
Version control
Brandon wants to deploy a detective control that will help him with physical security threats. Which of the following fits his needs?
Video surveillance
Charles wants to reduce the threat scope of compromised credentials. What type of the following security controls is best suited to meeting this need?
Zero trust
