CertMaster Practice Exam SY0-701

PBQ #3

2715: Phishing, Urgency, Email Filtering 2723: Vishing, Authority, Caller ID 2728: Whaling, Look-a-like Domain, User Training

An organization wants to ensure the security of its sensitive data stored on the company's physical drives, with varying levels of access for different users. Which of the following encryption methods would BEST suit this requirement?

A combination of volume and file encryption **Combining volume encryption with file encryption would solve the organization's needs. It allows encryption of the storage resource and individual files, granting granular control for different users' access levels.

A cybersecurity analyst for a medium-sized company needs to perform a vulnerability scan that provides an in-depth analysis of potential weaknesses in the company's system, including misconfigured applications and security settings. The analyst is considering using a credentialed or non-credentialed scan. Which type of scan is MOST appropriate for this situation?

A credentialed scan provides login rights for a more thorough analysis of potential vulnerabilities. **A credentialed scan comes with a user account that has login rights to various hosts, enabling it to conduct a more in-depth analysis, which is particularly useful in detecting misconfigured applications or security settings.

An employee at a company is having difficulty remembering a complex password and is looking for a more secure and memorable alternative. What type of credential would be the BEST recommendation?

A device-specific PIN with any characters and length

Which of the following describes the placement and role of a firewall in a network with a defense-in-depth strategy?

A firewall is typically at the network border and serves as a preventive control to enforce access rules for ingress and egress traffic. **In a network with a defense-in-depth strategy, a firewall is usually at the network border and serves as a preventive control. Its main function is to enforce access rules for traffic entering (ingress) and leaving (egress) the network.

Which of the following is a correct interpretation of data sovereignty?

A jurisdiction can restrict or prevent processing and storage of data on systems that do not physically reside within that jurisdiction. **Data sovereignty is the principle that a jurisdiction can impose restrictions or prevent the processing and storage of data on systems that do not physically reside within that jurisdiction. It often requires organizations to use location-specific storage facilities or cloud services.

A financial institution receives a significant software update. What is the optimal approach to handle this situation in a change management program?

Assess impact, test, get approval, apply update **In an effective change management program, it is crucial to assess the impact of the update, test it in a controlled environment, get the necessary approvals, and then apply the update system-wide. This step-by-step approach helps mitigate risks and ensure the update aligns with the organization's business objectives.

Which of the following is an essential component of a well-structured asset management process within an organization's cybersecurity operations?

Asset identification and naming conventions

An organization is planning to secure its data in all its states: at rest, in transit, and in use. This includes large volumes of data that it continuously transfers over the network. Which of the following schemes is the BEST approach to achieve this while maintaining efficiency and security?

Asymmetric and symmetric encryption **The optimal solution is to implement a combination of asymmetric and symmetric encryption. Symmetric encryption is for the bulk data, while asymmetric encryption is for securely distributing the symmetric keys. This scheme balances security with computational efficiency.

Given the complexities and benefits of secure protocols, which statement BEST guides the chief information security officer's (CISO) approach to implementing them?

Balancing security, performance, and cost

A multinational firm headquartered in San Francisco, California, serves customers from various countries, including European Union countries. The company collects, processes, and stores substantial amounts of personal data. With which of the following legal regulations must the company's governance committee ensure compliance?

Both General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)

In an IT environment, automation and scripting play a critical role in managing services and access. How does automation assist security analysts in their daily tasks?

By enabling and disabling services, modifying access rights, and maintaining the lifecycle of IT resources

What type of data is information that can easily be understood and interpreted without additional processing or translation?

Human-readable data

The network administrator of an educational institution is upgrading an existing wireless network. The campus has various buildings, each having multiple floors, and the aim is to ensure consistent Wi-Fi coverage across the entire campus. To achieve this, a site survey and heat map creation will guide the placement and configuration of wireless access points (WAPs). Which of the following would MOST accurately represent the correct actions based on the survey results?

Place WAPs in areas indicated weak in the heat map and increase transmit power to the highest in all devices, while avoiding unnecessary overlap.

The company's system has recently detected suspicious network activity, signaling a possible cybersecurity incident. The incident response team has assembled, and after going through the detection and analysis phases, the containment phase of the incident response process has started. In this phase, what is the primary objective?

Limiting the scope and magnitude of the incident **During the containment phase of the incident response process, the primary goal is to limit the scope and magnitude of the incident, which includes securing data and minimizing the immediate impact on customers and business partners.

An organization's automated scanner has just flagged a vulnerability with the identifier CVE-2023-0150. What are some initial steps the organization should take to understand and potentially address this vulnerability?

Look up the identifier in the Vulnerability Database and assess the vulnerability. **The CVE identifier is a standardized means for different products to refer to a specific vulnerability consistently. This identifier helps the user look up the vulnerability in the National Vulnerability Database (NVD), where the organization can find a detailed description of the vulnerability, its severity rating, affected software versions, and potential mitigation measures.

A manufacturing organization identifies its server maintenance and repair process as a mission-essential function. The company experienced three server failures in the last year, each failure taking approximately six hours to repair and restore operations. A standard operational year is usually assumed to be 8,760 hours (24*365). Given the company's performance metrics and assuming operations run all day and every day, what are the annual MTBF and MTTR for the organization's server maintenance and repair process?

MTBF: 2,920 hours/failure, MTTR: 6 hours **The MTTR is 6 hours, which is the time it took to repair and restore operations for each failure. The MTBF is 2,920 hours/failure, calculated by dividing the total operational time of 8,760 hours per year by 3 failures.

_________________________________________ typically cause annoyances like displaying unwanted advertisements, altering browser settings, or slowing down the system, rather than stealing data or communicating with an external IP.

Potentially Unwanted Programs (PUPs)

A large multinational corporation recently suffered a significant data breach. The organization had established an Incident Response Plan (IRP) that primarily consisted of a team of skilled cybersecurity analysts. However, the data breach escalated rapidly, and the company found itself in the headlines, which caused serious damage to its reputation. What key elements were likely missing from the company's Incident Response Plan?

Proper stakeholder management and a comprehensive communication plan

A software company designs a new feature for its product involving the creation and storage of new algorithms and methods that give the product a competitive advantage. The company wants to appropriately classify this information within its data management system. What would be the MOST fitting classification for this data?

Proprietary **Proprietary information or intellectual property (IP) refers to information the company creates and owns, typically concerning the products or services it makes or performs.

A company is considering moving its applications and data to the cloud. The company handles sensitive data and wants to maintain control over the security of its applications and data. It is considering using an infrastructure-as-a-service (IaaS) model. Which of the following is a key responsibility the company will need to manage in an IaaS model?

Protection of operating systems when deployed **In an IaaS model, the customer is responsible for protecting the operating systems it deploys on the cloud infrastructure. This includes tasks like applying security updates and patches, managing access controls, and implementing intrusion detection systems.

Given the importance of automation and orchestration related to secure operations, a newly hired IT employee creates, modifies, and deletes user accounts and access rights across the company's IT systems. Due to the significant number of users and the heightened need for security, this task proves to be time-consuming and error-prone. Which automation capability can not only improve the efficiency and consistency of this task but also ensure secure operations?

Provisioning **Creating, modifying, or deleting user accounts and access rights across IT systems is termed as provisioning. This ensures secure operations by maintaining consistency and adhering to security protocols.

PBQ #1:

RBAC, Implicit Deny, Biometric Auth. D: VPN, Database Editor, MFA N: Secure Web Portal, Database Viewer, Password EA: Temp Secure Web, External Consultant, OTP

An organization prepares to store and handle a data type that includes sensitive personal information, such as healthcare records and social security numbers. This data is subject to specific laws and regulations concerning its protection and use. What category does this data type fall under?

Regulated data **Regulated data refers to specific categories of information subject to legal or regulatory requirements regarding their handling, storage, and protection, which typically includes sensitive or personally identifiable information (PII), such as healthcare records and social security numbers.

An IT security analyst at a mid-sized company has observed unusual network activity on a workstation over the past few days. This workstation has initiated frequent and unsolicited communications with an unknown external IP address. Further investigation reveals the presence of unauthorized software on the workstation, which seems to be actively transmitting sensitive system data to this external address and possibly receiving commands or files in return without any visible signs or knowledge of the user. Given these specific behaviors, what type of malware is MOST likely responsible for these activities?

Remote Access Trojan (RAT) **Once installed, an attacker can use a RAT to manipulate the system and exfiltrate data, which corresponds to the excessive communication with an external IP address and unauthorized software in the scenario.

________________________________________ is a proactive and controlled approach to simulate real-world cyberattacks on an organization's systems, networks, and applications to identify vulnerabilities, weaknesses, and potential attack vectors that malicious actors could exploit.

Offensive penetration testing

An organization recently hired a new employee who passed all the necessary background checks and completed the recruitment process successfully. The organization wants to ensure that the new employee's integration into the company is as smooth and secure as possible. Which of the following procedures would be MOST appropriate to apply in this situation?

Onboarding

A __________________ policy ensures that each employee's work area is free from any documents left there, preventing unauthorized staff or guests from obtaining sensitive information.

clean desk

PBQ #2

A, B, B, A T, T, T, F, F

An IT architect of a medium-sized e-commerce business is planning to optimize their system's capacity and lower operating costs. As part of this, the architect is considering a clustering solution for the servers, with the key objective being maximum capacity and seamless customer experience. Which type of clustering setup would BEST meet the needs of this e-commerce business?

Active/Active Clustering **Active/Active Clustering is the most suitable for a 24/7 e-commerce business. Both nodes in this setup process the connections concurrently, maximizing the utilization of available resources.

A cybersecurity analyst notices that a certain rule in the Security Information and Event Management (SIEM) system is generating a high volume of dashboard notifications, making it difficult for the team to manage. Which action would be MOST effective in dealing with this issue?

Adjust the parameters of the rule or lower the alert level **Modifying the rule's parameters or lowering its alert level can effectively handle a rule generating too many alerts. The company can decrease the rule's sensitivity by refining the parameters to trigger only under more specific conditions.

A large corporation with employees spread across different locations wants to enhance its endpoint security. The corporation has had an increase in cybersecurity threats, and its existing antivirus solutions do not seem to be effective against advanced persistent threats. Which of the following mitigation techniques would provide the BEST protection for this situation?

Advanced Endpoint Protection with EDR **Advanced Endpoint Protection (AEP) solution with Endpoint Detection and Response (EDR) capability would be the most effective. This approach doesn't just attempt to prevent initial execution of threats, but provides real-time and historical visibility into potential compromises and aids in the remediation process.

An organization receives large amounts of diverse data sources during cybersecurity incidents and needs a more efficient tool. Dealing with system memory, log files, network traffic, and endpoint security data has proven to be chaotic. What primary function would a Security Information and Event Management (SIEM) tool serve in this scenario?

Aggregating and correlating data from multiple sources to enable efficient analysis and reporting **The primary function of a SIEM tool is to aggregate and correlate data from diverse sources. It collects data from different systems and correlates it to identify patterns or events indicating a security incident.

A company has recently deployed a new mobile application for its employees. During a security audit, observations show some employees downloaded the application from third-party app stores, not the official ones. Additionally, the IT department found that a few employees are using older versions of the operating system on their devices. What vulnerabilities are likely to emerge in this scenario? (Select the two best options.)

Application-level vulnerability Operating system-level vulnerability

A company has implemented a zone-based security topology with different levels of trust and access control requirements for hosts within its network perimeter. The company has various zones, including a low-privilege zone for printers, an enterprise local area network (LAN) for client devices, a guest zone, and a zone for public-facing servers. Which of the following statements about the inter-zone traffic is correct?

Client devices on the enterprise LAN can initiate authorized requests to other zones but cannot accept new connection requests. **This is to ensure control over the communication flow and to prevent potential unauthorized connections.

A multinational organization is planning to expand its services to various locations across the globe. The organization requires a flexible IT infrastructure that can easily adapt to rapid business growth but also maintain data security and meet different legal and regulatory requirements. Which of the following architecture models would be MOST suitable for this organization?

Cloud model **A cloud model offers the required flexibility and scalability to handle rapid business expansion. It provides the ability to provision IT resources quickly and on demand.

The cybersecurity team of a company notices suspicious activities on its network. Some computers have increased memory usage and are sending out network requests repeatedly to random IP ranges. No one observed an intervention when these activities started. Based on the provided details, what type of malicious activity is MOST likely happening in this scenario?

Computer worm outbreak **Computer worms are self-replicating malware that can spread across networks without user intervention. The continuous network requests to random IP ranges and increased memory usage indicate a worm's behavior.

At a healthcare technology company, a cybersecurity alert flagged an unusual pattern of data traffic from one of its key database servers. Initial analysis indicates a potential data breach that is not yet conclusively confirmed. The server contains sensitive patient data. If confirmed, it could have severe legal and reputational implications for the company. What steps should the incident response team take to better understand the situation?

Conduct a detailed analysis of the alert using threat intelligence and incident response playbooks **The response team should conduct a detailed alert analysis, leveraging threat intelligence and incident response playbooks. This will help them determine if a genuine incident occurred, identify the type of incident, and evaluate the impact.

A company's IT department has noticed irregularities in network usage and resource allocation. Which tool would be MOST beneficial in collecting the metadata and statistics from the network traffic?

Flow collector **Flow collectors record metadata and statistics about network traffic, thereby identifying trends and patterns, detecting anomalies, and providing visualization tools that simplify the interpretation of traffic data.

An organization in the healthcare sector notices an increase in ransomware attacks in their industry. How should it adjust its vulnerability analysis strategy?

Focus on vulnerabilities linked to data breaches and regulatory penalties

________________________________________ are building blocks that form the foundation of understanding and implementing security in a business environment.

Fundamental security concepts **Fundamental security concepts like the confidentiality, integrity, and availability (CIA) triad, access control, and frameworks form the foundation of understanding for cybersecurity professionals.

A multinational company discovered its existing cybersecurity policies were no longer adequate due to evolving cybersecurity threats and updated industry regulations. The board of directors, comprising high-ranking executives, decided to review and revise the policies. Who should the company involve in this process?

Governance committee **A governance committee is a specialized group comprised of subject matter experts, stakeholders, and representatives from relevant departments and focuses on specific issues such as security, risk management, audit, or compliance.

A company has recently suffered a data breach due to an attacker gaining unauthorized access to its system via an unsecured network interface on one of its machines. To prevent similar incidents in the future, what steps should the company take as part of its endpoint hardening strategy?

Explicitly disable unused network interfaces **By explicitly disabling unused network interfaces, the company can significantly reduce its attack surface and protect against unauthorized access via these interfaces, addressing the specific vulnerability that led to the data breach.

Which of the following descriptions is true about fail-open and fail-closed configurations for security devices in the event of a failure?

Fail-open means that network or host access is preserved, if possible, while fail-closed means that access is blocked or that the system enters the most secure state available.

A large financial institution recently adopted a Bring Your Own Device (BYOD) policy. It understands the cost and flexibility advantages of this approach but is concerned about the potential security implications. Specifically, the institution wants to ensure that its sensitive data remains protected even when accessed from or stored on employees' personal devices. What would be the MOST effective strategy to safeguard data in this context?

Deploy a Mobile Device Management (MDM) solution

After an extensive security audit, a medium-sized corporation discovers several of its company laptops contain malware. The malware is most likely the result of the use of unauthorized USB storage devices. The chief information security officer (CISO) wants to prevent similar incidents in the future. Which of the following options would best mitigate this risk?

Deploy port control software and restrict the use of USB storage devices **Port control software allows the company to restrict which devices can connect via USB, preventing the use of unauthorized USB storage devices. This would directly address the problem without unduly limiting other uses of the laptop's physical ports.

In the context of a global manufacturing firm transitioning to a remote work arrangement due to a crisis, which aspect is the MOST critical to ensure business continuity?

Developing robust remote work plans with appropriate technologies

A company wants to establish a secure communication channel with its remote employees. The company aims to ensure that the individuals communicating are who they claim to be to avoid any potential on-path attacks. Which system can help the company meet its objectives?

Digital certificates managed by a Certificate Authority (CA)

A newly established organization has decided to implement Virtual LANs (VLANs) for segmenting workstation computer hosts from Voice over Internet Protocol (VoIP) handsets. The organization is using two VLANs that map to two subnets: 10.1.32.0/24 for workstation computers and 10.1.40.0/24 for VoIP handsets. In this setup, what could be a potential security advantage?

Enhanced control over communication between VLANs. **One security advantage of implementing VLANs is the ability to apply access control rules that prevent or permit certain types of communication between VLANs, hence mitigating risks.

A large multinational company adopts a new standard to enhance its information security management system. The company operates across different regions, so the chosen standard must be internationally recognized. The company wants the standard to provide a comprehensive framework to ensure adequate and proportionate security controls. Which of the following standards would be MOST suitable for the company's needs?

ISO/IEC 27001 **ISO/IEC 27001 provides a comprehensive framework for an information security management system (ISMS), ensuring adequate and proportionate security controls. It is suitable for international use and ideal for a multinational company. **The ISO/IEC 27018 standard also pertains to information security, protecting personally identifiable information (PII) in public clouds. Although it may also be useful, it is less comprehensive than ISO/IEC 27001 for general information security management.

A cybersecurity team has discovered an unauthorized alteration in the endpoint configuration of several workstations within the organization, resulting in a malware infection. As part of the response strategy, the team must select a specific mitigation technique to prevent similar incidents in the future. Which of the following is the MOST suitable approach to undertake?

Implement a stricter Group Policy

An organization stores its sensitive data on physical storage devices. It wants to bolster security measures due to a rise in industrial espionage and the risk of physical theft of these devices. Which of the following encryption strategies would be the MOST effective for the organization to choose?

Incorporate self-encrypting drives (SEDs) into its storage infrastructure **Self-Encrypting Drives (SEDs) encrypt the entire contents of a storage device, making them ideal for when the physical theft of the storage device is a concern. Even if a threat actor steals a drive, the actor cannot access the data without unlocking the device with the correct credentials.

An organization validates its security controls, processes, and adherence to industry standards and wants an unbiased evaluation to instill confidence among stakeholders. Which method should it employ for this purpose?

Independent third-party audit **An independent third-party audit offers an external, objective, and unbiased assessment of an organization's systems, controls, processes, and compliance. The goal is to instill confidence among stakeholders, including customers, business partners, regulatory bodies, and investors.

An organization has decommissioned several laptops used for handling sensitive data. Which of the following should be the primary step to ensure data security and compliance with regulations before repurposing or disposing of these devices?

Initiating a secure data destruction process

In the event of a confirmed ransomware attack on a server containing valuable intellectual property, what should be the immediate next step?

Isolate the affected server from the rest of the network by disabling its network access

A lead architect is designing a new security system for a multinational corporation. The Chief Executive Officer (CEO) emphasizes that the continuity of business operations is a top priority. Why would incorporating resilience and recovery into the security architecture be vital in this scenario?

It ensures system functionality during and after disruptions.

A tech company employs the Single Loss Expectancy (SLE) and Annualized Loss Expectancy (ALE) models for quantitative assessment and uses subjective judgment for qualitative analysis. They use a "heat map" or "traffic light" impact matrix to represent the severity of the risk, its likelihood, cost of controls, etc. What is the primary benefit of the company's approach of combining both quantitative and qualitative risk assessment methods?

It provides both numerical data for precision and subjective judgment for situations in which precise data is unavailable. **The company's approach employs both numerical data for precision (quantitative) and subjective judgment for situations in which precise data is unavailable (qualitative). This mixed approach provides a comprehensive understanding of the risks, their potential impact, and the likelihood of their occurrence.

A technology company experiences several security vulnerabilities with its online application, leading to customer complaints and legal threats. In response, the board of directors decides to outsource the maintenance and associated liabilities of the application to a third party. Which risk management strategy is the company primarily implementing?

Risk transference

At a medium-scale software development firm, significant modifications to several critical applications employees use daily are on the horizon. Considering the principles of change management, what should the primary focus be during the implementation phase of these changes?

Scheduling service restarts during non-business hours to minimize application downtime

The network administrator of a company receives an email notification about an unusual email activity. Multiple employees received an email with an attached file having an odd double extension: .docx and .hta. The email system's security feature flagged the email as potentially harmful. Based on the provided details, what type of virus is MOST likely involved in this scenario?

Script virus **A script virus uses the programming features available in local scripting engines for the OS and/or browser, such as JavaScript. The scenario mentions an attached file with a .hta extension and can enable remote code execution on fully patched Windows 11 systems when opened.

A cybersecurity analyst for a large organization is enhancing the company's security posture. The analyst notices increased alerts related to a particular known exploit in the company's server software. The company's intrusion detection system (IDS) uses a predefined set of rules, provided by security personnel, to identify events that are unacceptable. What type of detection method is the company using in this scenario?

Signature-based detection **Since the exploit is known and the IDS already has a rule set for signature-based detection of this specific exploit, enhancing or focusing on signature-based detection would be the most effective method.

A multinational corporation is sending sensitive data to various regional offices securely. What is an optimal cryptographic method to employ in this situation?

Symmetric encryption for data and asymmetric for key exchange **In this case, symmetric encryption encrypts the data due to its efficiency, while asymmetric encryption securely exchanges the symmetric keys between offices. This approach, known as hybrid encryption, combines the strengths of both methods.

A mid-sized tech company has started experiencing regular system slowdowns and data traffic abnormalities. However, its current intrusion detection system (IDS) has generated no alerts. The IT department relies heavily on the IDS for potential threats and does not actively monitor system metrics or logs. Which statement is MOST likely true about the situation?

The company is facing a new type of threat not recognized by the IDS.

Which of the following accurately reflects the responsibilities of a data processor under data protection laws such as the General Data Protection Regulation (GDPR)?

The data processor processes personal data on behalf of the data controller. **The data processor is not allowed to make decisions alone regarding the processing of the data.

A company plans to expand its existing network, which currently employs a basic star topology, by adding hundreds more devices. What is a potential drawback of this plan?

The network performance can be negatively impacted due to large broadcast domains.

In the context of information security, an organization discovers a zero-day vulnerability in its database software. At the same time, a known hacking group has expressed intentions to target entities using this specific software. Which of the following BEST describes this situation's relation to vulnerability, threat, and risk?

The organization increases its risk of a security breach due to the threat and vulnerability.

A large organization is planning to move its operations to the cloud and is considering different cloud deployment models. The organization wants to achieve a balance of cost, security, flexibility, and control over its data and applications and is considering a hybrid cloud model but has concerns about the security implications. Which of the following is a potential security challenge the organization should consider when using a hybrid cloud model?

The organization may struggle with managing multiple cloud environments and enforcing consistent security policies. **A hybrid cloud model can present security challenges, including the complexity of managing multiple cloud environments and enforcing consistent security policies across all environments.

A large technology firm adopts the National Institute of Standards and Technology (NIST) Cybersecurity Framework to improve its security posture. The company has hired an external security consultant to conduct a gap analysis to identify areas in which the firm deviates from the recommended framework controls. What is the MOST accurate description of this process?

The review and comparison of the company's security systems against NIST Cybersecurity Framework **The firm hires an external security consultant to objectively assess the organization's existing cybersecurity controls. This assessment is then compared to the requirements of the NIST Cybersecurity Framework.

A major software vendor becomes aware of a new zero-day vulnerability in one of its products due to an anonymous tip. The vulnerability could potentially allow unauthorized access to sensitive data stored in the software. The vendor is currently creating a patch to address the issue. Which of the following BEST describes the current risk to the software users and the appropriate response from the software vendor?

The risk to the users is significant, and the vendor should quietly create a patch without informing the users until it is ready.

Considering common threat vectors and attack surfaces, which statement BEST describes the primary risk, from a cybersecurity perspective, with using unsupported systems and applications?

Unsupported systems no longer receive vendor updates or patches, making their attack surfaces more susceptible to known exploits.

A newly appointed Information Security Officer at a startup company is improving IT security. The current IT environment lacks standardized security configurations, and various operating systems, applications, and network devices are in use. The officer decides to implement secure baseline configurations but also wants to ensure the chosen approach can adapt to evolving threats and handle the diversity in the company's IT environment. What is the MOST appropriate approach to achieve these goals?

Use the Center for Internet Security (CIS) Benchmarks and couple it with the use of a configuration management tool. **The CIS Benchmarks offer best practice guidelines for various domains and are always up to date with evolving threats. A configuration management tool can help automate the deployment of these configurations, ensuring consistency across diverse systems.

Under the General Data Protection Regulation (GDPR), how soon must an organization report a breach of personal data?

Within 72 hours of becoming aware of the breach

A software engineer discovers a flaw in one of its products that could allow nefarious attackers to gain unauthorized access to the system on which it is running. What vulnerability signifies that developers must immediately fix the problem or widespread damage could ensue before a patch is available.

Zero-day

In a _________________ configuration, the system maintains network or host access, if possible, in the event of a failure. In a ____________________ configuration, the system blocks access or enters the most secure state available in the event of a failure.

fail-open, fail-closed **Fail-open prioritizes availability over confidentiality and integrity, while fail-closed prioritizes confidentiality and integrity over availability. Fail-open means preservation of network or host access, if possible, while fail-closed means blocked access or the system entering the most secure state available. Fail-open prioritizes availability over confidentiality and integrity, while fail-closed prioritizes confidentiality and integrity over availability.