Security+
What BEST describes text that is not encrypted? Plaintext Ciphertext Algorithm Cryptanalysis
Plaintext Plaintext refers to data that is not encrypted. An attacker can easily intercept data that is in plaintext form.
What is the mechanism of encryption called? Cryptanalysis Plaintext Ciphertext Algorithm
Algorithm An algorithm refers to the operations that transform plaintext into ciphertext with cryptographic properties, also called a cipher. There are symmetric, asymmetric, and hash cipher types of algorithms.
An engineer for an information technology department needs to develop a metrics dashboard by pulling data from the ticketing system. What technology would the engineer need from the ticketing system to complete this project? Application Programming Interface Virtual Private Network Lightweight Directory Access Protocol Fast IDentity Online
Application Programming Interface An Application Programming Interface (API) is a scripting method to expose a service, allowing other scripts or programs to use it. For example, an API enables software developers to access Transmission Control Protocol/Internet Protocol (TCP/IP) network stack functions under a particular operating system.
An employee unknowingly clicked on a malicious attachment but did not notice any issues right away and assumed nothing happened. A short while later, the security operations center received a notification of a virus attempting to access an IP address outside the company. What is the malicious attachment MOST likely doing? Attempting to disable a remote connection Attempting to create a local connection Attempting to disable a local connection Attempting to create a remote connection
Attempting to create a remote connection The software in the scenario is attempting to make a remote connection to download more malicious software, exfiltrate data, or allow the device to become part of a botnet (a set of hosts infected by a control program or bots that enable attackers to exploit the hosts to mount attacks).
What component of modern access controls determines what rights subjects should have on each resource? Authentication Authorization Identification Accounting
Authorization Authorization refers to determining what rights subjects should have on each resource and enforcing those rights. Authorization may involve permissions, individually, group, or role-based.
An information technology (IT) department is growing to a size where there is a need for a new group to manage security. The chief executive officer (CEO) wants to hire a new executive officer for the role and split it into its own department, separate from the IT department. The CEO should hire for which position? CIO CTO CEO CISO
CISO The chief information security officer (CISO) is the title of the individual responsible for managing security teams or departments within a company.
An indie game developer created a browser based on the Chromium project. The developer must ensure that anyone using the browser is safe from invalid certificates. What service should the developer use to ensure that the browser blocks revoked certificates? CRL CA CSR PKI
CRL A Certificate Authority (CA) or owner can revoke or suspend a certificate for many reasons. A Certificate Revocation List (CRL) is a list of no longer valid certificates.
A small development company just set up a web server and must ensure a secure customer connection. How does it set up a digital certificate on its web server? CA CSR CRL PKI
CSR A subject must complete a Certificate Signing Request (CSR) and submit it to the CA to get a certificate.
A large certificate-issuing company lost its reputation due to poor business practices. Its higher signing authority revoked the ability to issue new certificates, and browsers now show it as invalid. What describes the position that the company once had but has now lost? Root Certificate Authority Certificate Signing Request Certificate Authority Certificate Revocation List
Certificate Authority A Certificate Authority (CA) is a server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.
A large multimedia company is in the process of creating a new marketing campaign for a soon-to-be-released movie. However, before releasing the campaign, the company noticed an increase in fake accounts mimicking it online with a similarly-looking campaign. What could the company do to mitigate this issue? Check for typosquatting Check for brand impersonation Check for coercion Check for consensus technique
Check for brand impersonation Brand impersonation occurs when the threat actor commits resources to accurately duplicating a company's logos and formatting to make a phishing message or pharming website visually compelling.
The network security engineer at a multinational company is preparing to introduce a new network infrastructure model. The company's objective is to minimize the attack surface by implementing effective port security measures. To accomplish this, the engineer is evaluating the security implications of various architecture models and their compatibility with port security measures. Since the network security engineer plans to deploy port security to minimize the attack surface, which architecture model can BEST assist in supporting and enhancing the effectiveness of port security? Peer-to-peer model Client-server model Hybrid model Three-tier model
Client-server model The client-server model can enhance the effectiveness of port security as it has centralized servers, making it easier to monitor and manage port security.
An engineer for a small company is trying to explain the importance of security to the company's owner. The owner feels the company does not need permissions added to the shared drive. What security concept should the engineer detail for the owner of the company to ensure the security of the shared drive? Confidentiality Integrity Availability Recovery
Confidentiality With confidentiality, integrity, and availability, also known as the CIA Triad, confidentiality means that only people with explicit authorization to access the information can read it. This type of authority involves setting permissions for files and folders.
After a server outage due to a security breach, a company has taken several steps to recover from the incident. They have restored critical data from the latest backups and applied urgent security patches to address the exploited vulnerabilities. The security team has updated the incident response plan to incorporate lessons learned from the breach. What category of security control functional type BEST describes the function of these recent implementations? Corrective Preventive Detective Operational
Corrective Corrective controls eliminate or reduce the impact of a security policy violation. A corrective control occurs after an attack. In this scenario, these actions aim to directly address the damage caused by the outage and improve the recovery process.
A large multinational software company experienced a ransomware attack. After running a forensic audit and recovering data from backups, the company found that it was an organized, illicit, nonpolitical group that attempted to extort it. What describes the attack that occurred to the company? Insider threat Hacktivism Service disruption Cybercrime
Cybercrime Cybercrime is the overarching term for the organized criminal activity occurring online.
A small company needs to ensure it protects the SQL data against theft while in use. What type of encryption would BEST fit its needs? Database-level encryption Full-disk encryption Using a cloud provider Using a security guard
Database-level encryption Database- or page-level encryption and decryption occur when data transfers between disk and memory. Database-level encryption would be the best option for the small company to protect its Structured Query Language (SQL) data.
The network security engineer at a financial corporation is reviewing the current firewall setup. The corporation faces threats from various cyberattacks, some of which leverage application-specific vulnerabilities. The engineer is considering whether to deploy Layer 4 or Layer 7 firewalls for enhanced security. If the primary concern is to secure against application-specific attacks, which of the following strategies should the network security engineer consider implementing? Deploy Layer 4 firewalls on all network edges Rely solely on Layer 4 firewalls for internal traffic Deploy Layer 7 firewalls on all network edges Use Layer 4 firewalls for all internet-facing applications
Deploy Layer 7 firewalls on all network edges Layer 7 firewalls, also known as application layer firewalls, have the ability to inspect, control, and often modify application-level data and are effective against application-specific attacks.
A small enterprise needs a key exchange method to ensure perfect forward secrecy. It needs something that can help future-proof its security while it grows. Which key exchange method would meet the needs of the enterprise? Hash Diffie-Hellman Advanced Encryption Standard Salt
Diffie-Hellman Perfect Forward Secrecy (PFS) mitigates this risk from a basic key exchange. PFS uses Diffie-Hellman (D-H) key agreement to create ephemeral session keys without using the server's private key.
A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after testing the website, an error message in the browser stated that the connection was insecure. What should the marketing firm purchase and set up so that the page shows that it is secure? Digital certificate Certificate Authority Cryptoanalysis Certificate Signing Request
Digital certificate A digital certificate is a wrapper for a subject's public key. It contains information about the subject and the certificate's issuer. The certificate is digitally signed to prove it came from a particular Certificate Authority (CA).
The cybersecurity team at a multinational corporation suspects that someone in the company is falsifying email communication records to shift blame for missed deadlines. To ensure non-repudiation, the cybersecurity team must implement a solution. What should the cybersecurity team implement to guarantee non-repudiation in email communication, ensuring that the sender cannot deny their emails' authenticity? Multifactor authentication (MFA) Data loss prevention (DLP) tools Digital signatures Firewall
Digital signatures Digital signatures provide non-repudiation, ensuring that a party to a communication cannot deny the authenticity of their signature on a document or the sending of a message they originated.
An information technology manager conducted an audit of the company's support tickets. The manager noticed a trend with the tickets, where the majority were for new computer setups. What security control function would the manager's implementation of a new standard operating procedure have? Compensating Deterrent Directive Corrective
Directive A directive control enforces a rule of behavior, such as a policy, best practice standard, or standard operating procedure (SOP).
A company is migrating its shared drives to a cloud repository service. While the majority of its drives use job titles for automated access, it has a few one-off project drives that it wants a specific owner to choose who has access to them. Which control type would fit these one-off drives? Discretionary access control Mandatory access control Role-based access control Multifactor authentication
Discretionary access control The resource owner has primacy in a discretionary access control (DAC) model. Every resource has an owner who creates a file or service, although another user can receive ownership assignment.
A chief executive officer pushed back against the information technology department's proposal to set up disk encryption on all devices. What BEST describes why the CEO should approve the proposal instead of pushing back against it? Disk encryption protects stolen devices from data theft. Disk encryption slows down a computer's performance. The cost of disk encryption is not worth incurring. The company does not have enough sensitive data.
Disk encryption protects stolen devices from data theft. Disk encryption protects against data loss when a malicious actor steals a device. The data remains safe as long as the malicious actor does not have the keys.
The chief information officer (CIO) tasked the network administrator with redeveloping the credential policy for the company. While working on the new policy, the chief executive officer (CEO) asked why having more than one factor to log into the computers was important. Why is just having a password not enough in today's world? Employees choose poor passwords Employee passwords are not secure Employees dislike using passwords Employees choose strong passwords
Employees choose poor passwords With the number of passwords people must remember and the various complexity requirements, people typically choose passwords that threat actors can easily crack and, unfortunately, reuse them across multiple services.
While developing a new security policy, the network administrator suggests to the chief information officer (CIO) that the company remove the password age portion. Why has having a password age policy caused issues for companies? (Select the two best options.) Password age policies allow for more secure passwords. Employees choose weak passwords when they need to change them frequently. Employees follow best practices regarding passwords. Employees leave passwords readily accessible in their work area.
Employees choose weak passwords when they need to change them frequently. Employees leave passwords readily accessible in their work area. With the number of passwords people must remember and the various complexity requirements, people typically choose passwords that threat actors can easily crack and, unfortunately, reuse them across multiple services. With the increasing complexity and short password age policies, it is common for people to write their passwords down in insecure ways, such as sticky notes or unencrypted files on their computers.
A news reporter received an anonymous message containing a potential Pulitzer Prize-winning story. However, the anonymous sender requested the reporter set up a communication system that enforced encryption before sending over details for the story. What is the anonymous sender trying to ensure? The reporter needs to show an interest in the story. The anonymous sender is suspicious of the reporter. Encryption prevents the theft of intellectual property. Encryption allows for confidentiality.
Encryption allows for confidentiality. The purpose of encryption is to allow for confidentiality. It prevents third parties from listening in and knowing what communication is occurring. Encryption is important for things like whistleblower reporting.
Question A chief information security officer (CISO) wants to enhance the identity and access management security procedures in the company by adding an extra layer on top of the existing procedures. Which of the following would help achieve this objective? (Select the two best options.) Increase password length Enable password history Enforce multifactor authentication Enable location-based authentication
Enforce multifactor authentication Enable location-based authentication Adding multifactor authentication (MFA) would have a greater impact on the company's security posture. The CISO needs to consider which method of MFA is the most secure. Location-based policies would cut down on the chance of pray-and-spray tactics of malicious actors. However, a downside could be malicious actors who use Virtual Private Network (VPN) services to bypass this.
An organization's cybersecurity team has recently set up a new firewall and intrusion detection system (IDS) to strengthen the security of its enterprise infrastructure. The IDS, however, has sent a high number of false positive alerts, which hampers efficient threat monitoring. The team believes adjusting the firewall rules will decrease these false positives without weakening the network's security. What strategy should the cybersecurity team implement to fine-tune their firewall rules to reduce the IDS's false positives, ensuring a robust security infrastructure? Disable firewall rules for less critical services Establish firewall rules for specific threat intelligence Increase the intrusion detection system's sensitivity level Create firewall rules to allow all traffic through
Establish firewall rules for specific threat intelligence By basing firewall rules on specific threat intelligence, the team can more accurately filter out potential threats while reducing false positives and maintaining security.
The security manager at a multinational enterprise is devising a plan to enhance the physical security of the organization's data center. The data center hosts critical infrastructure, and a security breach could severely impact operations. The security manager aims to apply appropriate physical isolation principles to secure the infrastructure. What critical strategy should the security manager employ to enhance the data center's physical security through effective physical isolation? Implement biometric security measures at all entry points Install closed-circuit TV surveillance across the office building Establish separate, secure areas for network equipment Increase the number of physical security guards
Establish separate, secure areas for network equipment Establishing separate, secure areas for network equipment is a fundamental aspect of physical isolation. It helps limit access to critical infrastructure, thereby enhancing its security.
A company uses a popular password manager. It noticed unusual breaches in its systems and forced a password reset on all employees' accounts. What is a consideration when using third-party software for any computer function? Costs can be cheaper than doing it all internally. Every vendor is at risk of threats. The risks outweigh the costs. A company cannot hire employees with specific roles.
Every vendor is at risk of threats. There are risks when using any software, including third-party vendor services or software. It is important to analyze a vendor's security posture to protect against breaches.
A manufacturing company recently bought out another similar company. They need to link each company's directory systems together to access their resources without merging the two. How can they link the two directory systems together? Site-to-site VPN Migration Federation Location-based restrictions
Federation Federation directories allow two different subsets of accounts to work together for permissions and access.
After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is assessing the company's security posture to identify deficiencies from the framework's recommendations. What process can the CISO run to get a better sense of what the company needs to improve upon? Implement business continuity plan Penetration test Implement disaster recovery plan Gap analysis
Gap analysis The CISO would be preparing a gap analysis report. This report will show the defects in the company's current security posture against the NIST Cybersecurity Framework (or any other baseline security framework).
An outside nongovernment-affiliated group posted a message online claiming responsibility for shutting down the pipeline of a large oil and gas company. The group claims to have performed this through a vulnerability in the company's supervisory control and data acquisition (SCADA) equipment that controls the flow through the pipes. What BEST describes this group of attackers? Nation-state Hacktivist Insider threat Advanced persistent threat
Hacktivist Hacktivists might attempt to use data exfiltration to obtain and release confidential information to the public domain, perform service disruption attacks, or deface websites to spread disinformation.
A security consultant is working with a client to improve security practices. How can the consultant describe cryptographic hashing so the client is more likely to accept recommendations? Hashing speeds up the encryption process. Hashing slows down the encryption process. Hashing allows any plaintext length to look the same length as ciphertext. Hashing allows the same length of plaintext to be different lengths of ciphertext.
Hashing allows any plaintext length to look the same length as ciphertext. Hashing encrypted data makes it much more difficult to break. Hashing takes any length string and makes it the same length. A hashing algorithm is also useful for proving integrity.
A medium-sized mechanical engineering firm wants to better define the account creation process during the onboarding of new hires. It is looking to ensure that the new hires have the right programs, file permissions, and security controls completed ahead of time through automation. What modern access control implementation would aid the company's account creation process? IAM LDAP CISO CTO
IAM The company typically implements modern access control as an identity and access management (IAM) system. The company would want to implement an IAM system to ensure the proper creation of accounts and their associated permissions.
A newly hired chief information security officer (CISO) is implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework. What first function would help the CISO better develop the company's security policies, such as acceptable use policy (AUP), and build out recommendations for security controls? Protect Identify Detect Respond
Identify The identify function in the National Institute of Standards and Technology's Cybersecurity Framework refers to developing security policies and capabilities. The CISO preparing policies and controls would fall under the identify function.
An accountant received a phone call from an individual requesting information for an ongoing project. The individual stated to be from a known vendor the company is working with. Before giving the information over, the accountant should protect against what? Typosquatting Impersonation Watering hole attack Consensus technique
Impersonation Impersonation simply means pretending to be someone else. Impersonation is possible when the target cannot easily verify the attacker's identity, such as over the phone or via email.
A security analyst at a large organization aims to minimize the attack surface. To reach this goal, the analyst seeks to reduce the vulnerabilities an attacker can exploit, decrease the amount of code in use, and limit system interactions. Which strategy should the security analyst implement to achieve this objective effectively? Install the latest antivirus software Increase the complexity of user passwords Implement the principle of least privilege Replace the wireless network with a wired network
Implement the principle of least privilege Implementing the principle of least privilege ensures that users, systems, and processes have the minimum privileges needed to perform their tasks, thus reducing the attack surface.
The chief information security officer (CISO) at a medium-sized healthcare company conducts an audit of the company's current security infrastructure. The company has Next Generation Firewalls (NGFWs) deployed at all external network boundaries, and the CISO is evaluating the possibility of supplementing or replacing the NGFWs with Unified Threat Management (UTM) devices. If the primary concern is to increase the network's security without introducing significant management complexity, which of the following strategies should the CISO consider implementing? Replace all NGFWs with UTM devices Deploy UTM devices alongside the NGFWs, with both sets of devices fully active Switch off NGFWs and deploy UTM devices, but only activate UTM when detecting a threat Implement UTM devices internally and maintain NGFWs at network boundaries
Implement UTM devices internally and maintain NGFWs at network boundaries Organizations actively create a balance between enhanced security and manageable complexity when they deploy Unified Threat Management devices internally while also maintaining Next Generation Firewalls at network boundaries.
The network security analyst at a large organization must develop an effective strategy to secure the enterprise network infrastructure. The company operates in multiple regions with varying data regulations and faces increasingly sophisticated cyber threats. The analyst aims to implement appropriate security principles to minimize the network's attack surface. What key strategy should the network security analyst adopt to ensure the MOST robust security of the enterprise network infrastructure while minimizing the attack surface? Deploy firewalls at the edge of every network Implement network segmentation and isolation Prioritize the use of public networks over private networks Ensure that all devices use the same security credentials
Implement network segmentation and isolation Implementing network segmentation and isolation is an effective way to minimize the attack surface. It divides a network into multiple segments or subnets, each acting as a separate network, thus isolating potential security threats and containing them within a particular segment.
A software company implements Secure Shell (SSH) to manage remote servers securely within its enterprise infrastructure. The IT department is aware of the risks associated with improper SSH configurations and wants to optimize the settings to minimize those risks. To improve security and protect against potential vulnerabilities, what configuration should the IT department implement for the SSH protocol to enhance the secure management of remote servers in the enterprise infrastructure? Disable SSH version 2 and use only SSH version 1 Implement public key authentication for SSH Enable root logins for SSH Use weak encryption algorithms for SSH
Implement public key authentication for SSH SSH should implement public key authentication to provide more security than password-based authentication and to ward off Brute Force Password Attacks.
The IT department in a large multinational corporation faces challenges managing secure communications for remote desktop connections. The increasing number of remote employees has made it essential to ensure that their remote desktop connections are secure. The IT department is considering various measures to establish secure communication. Given the challenges the corporation faces, what approach should the IT department adopt to ensure secure communications for remote desktop connections while maintaining the manageability and performance of the enterprise infrastructure? Implement transport layer security for all remote desktop connections Disable all firewall rules for remote desktop connections Establish virtual private network tunnels without encryption protocols Enable open access to remote desktop connections for manageability
Implement transport layer security for all remote desktop connections Transport layer security (TLS) provides secure communication for remote desktop connections by encrypting the data transmitted between the end user and the remote desktop server, reducing the risk of data breaches.
The network administrator in an organization is reinforcing the security measures of the company's enterprise infrastructure, with a key focus on port security. In an environment with dynamic port usage where different applications request ports on an ad-hoc basis, the administrator must consider the most secure method of assigning and managing these ports to mitigate security risks. To secure the enterprise infrastructure optimally, what key measure should the network administrator prioritize in terms of port security? Keeping all ports open to ensure application functionality Implementing a dynamic port allocation and management system Assigning all applications a static port number Blocking all incoming and outgoing connections on all ports
Implementing a dynamic port allocation and management system Implementing a dynamic port allocation and management system aids in optimizing security by reducing the attack surface, as the system only opens the ports when needed and promptly closes them when not in use.
The security manager of a multinational organization is on a mission to apply security principles to a newly planned regional office that will connect with its existing global infrastructure. This task aims to minimize the attack surface and construct suitable security zones. While developing the network architecture for the new office, what primary security aspect must the manager prioritize to certify the efficiency of the security zones and reduce the organization's attack surface? Enabling ports Increasing redundant network paths Setting up Single Sign-on (SSO) Implementing network segmentation
Implementing network segmentation Network segmentation involves dividing a network into smaller parts, creating distinct security zones. Network segmentation limits an attacker's ability to move laterally within a network, thereby minimizing the attack surface.
A company is in the process of selecting an appropriate architecture for its upcoming software deployment. The IT manager is weighing the security implications of different architecture models, specifically the differences between cloud and traditional network architectures. Which statements are accurate when considering the distinct security implications associated with both architectures? (Select the two best options.) In cloud architectures, the cloud service provider and the customer often split security responsibilities. Encryption of data during transit is specific only to traditional network architectures. Traditional network architectures place more emphasis on physical access control to network devices. Cloud architectures solely rely on customers for physical hardware management and security.
In cloud architectures, the cloud service provider and the customer often split security responsibilities. Traditional network architectures place more emphasis on physical access control to network devices. Cloud service providers and customers actively share security tasks in cloud architectures, with each party having clear, delineated responsibilities to maintain the system's integrity. In traditional network architectures, companies frequently store their physical devices onsite. Consequently, they must implement rigorous access control measures to thwart unauthorized access or tampering.
A recent security flaw allowed a malicious actor to access sensitive data even though the data never left the server and there is full drive encryption. Which data state did the malicious actor MOST likely compromise? In transit At rest In use Through Bluetooth
In use Data in Use (or data in processing) refers to the state in which data is present in volatile memory, such as system Random Access Memory (RAM) or Central Processing Unit (CPU) registers and cache. The security flaw allows for data exploitation while in use.
A small defense contractor is setting up a new shared drive system and needs the proper controls to ensure that only those with the correct classification can access any given folder or file. Which control type would meet these requirements? Multifactor authentication Role-based access control Mandatory access control Discretionary access control
Mandatory access control Security clearance levels form the basis of mandatory access control (MAC). Rather than defining access control lists (ACLs) on resources, each object receives a classification label. Depending on the clearance level, a subject receives access to that resource.
A security engineer discovered that an active employee copied sensitive information from the company's shared drive and sold it online. What kind of actor describes this employee? Insider threat Nation-state Hacktivist Advanced persistent threat
Insider threat An insider threat is someone within the company who intentionally or unintentionally increases risk or takes company data outside the organization's security controls.
A recently terminated employee copied sensitive information from the company's shared drive right before permanently leaving. This employee is what kind of threat to the company? External Nation-state Hacktivist Internal
Internal An insider threat is someone within the company (internal) who intentionally or unintentionally increases risk or takes company data outside the organization's security controls.
A security team in a multinational organization decides to improve the security of their inter-office communications. They agree to use a tunneling protocol that can offer confidentiality, sender authentication, and message integrity. They need a protocol that operates at the network level. Which protocol BEST fulfills the team's requirements for securing inter-office communications and operates at the network level? Hypertext Transfer Protocol Secure Secure Shell Internet Protocol Security Transport Layer Security
Internet Protocol Security Internet Protocol Security (IPSec) provides confidentiality, sender authentication, and message integrity by functioning at the network level.
The security team at a company is adopting a cybersecurity framework to standardize its security measures across different departments. The team lead wants to ensure that the selected framework encompasses all the critical aspects of cybersecurity. What should the security team lead confirm the cybersecurity framework covers to provide a comprehensive security posture? The framework covers the procedures for incident response. It proactively covers threat intelligence and event correlation. It covers the technical controls and access management. It covers risk assessment, incident response, access control, security awareness and training.
It covers risk assessment, incident response, access control, security awareness and training. Risk assessment, incident response, and access control, including awareness and training, are the vital components of a comprehensive cybersecurity framework. They ensure that well-rounded security measures are effective against a variety of threats.
Why might it be a bad policy to set up permissions individually instead of using an access control methodology? It is harder to manage. It allows for more control. It allows for less control. It is easier to manage.
It is harder to manage. Setting each permission individually may be an easier option if a file share is small. However, as file shares grow, maintaining this style of permissions can increase complexity.
A managed service provider (MSP) company decided to delay the implementation of new antivirus software for its clients after discovering that the vendor could not patch its software automatically. Why might a company NOT want software that is unable to update automatically? It can save the company money. It may not fix newly found vulnerabilities in a timely manner. It will require less effort not purchasing software. It will require less effort to update software.
It may not fix newly found vulnerabilities in a timely manner. The ability to automatically update is crucial in the cybersecurity landscape, where new threats emerge rapidly. Antivirus software that cannot update automatically may fail to address these new threats quickly, leaving clients' systems exposed to emerging security risks.
Which technology replaced NT LAN Manager in Active Directory? Kerberos Virtual Private Network Fast IDentity Online Unique security identifier
Kerberos The preferred system for network authentication in a Windows environment is Kerberos, which replaces the legacy system NT LAN Manager (NTLM) authentication.
One of the company's accountants submitted a ticket stating they could not access a particular section of the accounting software. Why might the accountant not have access to every part of the accounting software? Licensing Discretionary access control Mandatory access control Least privilege
Least privilege To increase the security posture of any given system, users should only have the necessary access (least privilege) to complete their work and nothing more.
An enterprise's IT security team is implementing a new infrastructure design to optimize security. The team evaluates various security principles, considering the organization's expanding remote workforce and increasing reliance on cloud resources. Given the changing dynamics of the enterprise infrastructure, what should the IT team prioritize to ensure a robust security posture for both on-premises and cloud environments? (Select the two best options.) Least privilege Network segmentation Allow all outbound traffic Centralize all data storage without backups
Least privilege Network segmentation The least privilege principle ensures that users have only the access they need, reducing the risk of insider threats and accidental data breaches. It is vital in both cloud and on-premises environments. Segmenting the network can isolate potential threats and prevent them from moving laterally across the enterprise. It is particularly essential as enterprises grow and diversify their digital assets.
A company using Windows Server technology needs to link its Active Directory to a third-party service to allow single sign-on. Which service that uses the standard X.500 would work for the company? Virtual Private Network Lightweight Directory Access Protocol Application Programming Interface Local Security Authority Subsystem Service
Lightweight Directory Access Protocol Lightweight Directory Access Protocol (LDAP) is a protocol companies use for accessing network directory databases. LDAP stores information about authorized users, their privileges, and other organizational information.
An employee traveling in Europe for vacation submitted a ticket as they could not access their work email. Which policy does the company use? Password management Password age Multifactor authentication Location-based authentication
Location-based authentication Location-based access policies would need a temporary exemption option to allow for travel. Location-based access policies prevent access to company systems outside a specified area (typically the company's state).
A company needs to improve its security posture regarding credentials. Which security policy changes would implement the National Institute of Standards and Technology (NIST) updated guidelines? Password reuse Single-factor authentication Multifactor authentication Password history
Multifactor authentication Multifactor authentication has taken place as the recommendation by NIST, coupled with decreasing complexity and age requirements. Additionally, it adds another layer to prevent malicious actors from gaining access.
The governmental organization in charge of managing the personnel records of the country's military service members reported that another country had accessed its database. Who BEST describes the adversary that breached the personnel records database? Insider threat Hacktivist Nation-state Advanced persistent threat
Nation-state Nation-state actors are the root cause of many attacks, particularly on energy, health, and electoral systems. The goals of state actors are primarily disinformation and espionage for strategic advantage.
After restoring a file from a backup, the owner of a small company wants to understand better the purpose of permissions. A particular situation occurred, and even though there are permissions on the shared drive, why does the company still not know who deleted the file? The engineer explained that enabling file auditing would help pinpoint all changes to the shared drive and who made them. How would this help prevent the lack of knowing who changed the files? Confidentiality Non-remediation Non-repudiation Availability
Non-repudiation Non-repudiation means a person cannot deny doing something, such as creating, modifying, or sending a resource. For the company, this would mean enabling file auditing on its file share.
The chief information security officer (CISO) is leading a security team to scrutinize the security implications as an enterprise transitions its legacy monolithic application to a microservices architecture, aiming to enhance scalability and efficiency. In the process of this shift from a monolithic application to a microservices architecture, which security concern should the team and the CISO prioritize? On-path attack susceptibility from increased network traffic between microservices The risk of increases in outdated software on workstations Microservices architecture could decrease the number of firewalls needed The shift to microservices requires upgrading physical server hardware
On-path attack susceptibility from increased network traffic between microservices The microservices architecture involves a higher number of internal interactions between services, increasing the attack surface for on-path attacks. On-path attacks intercept and potentially alter communications between two parties without their knowledge, posing a significant security concern.
A company wants to set up single sign-on (SSO) without passing credentials through to each piece of software and cloud service. Which protocol would meet this requirement? Kerberos Fast IDentity Online Virtual Private Network Open Authorization
Open Authorization The Open Authorization (OAuth) protocol is a system that facilitates the sharing of information (resources) within a user profile between sites. The user can link that identity to an OAuth consumer site without giving the password to the consumer site.
During a recent audit, a company noticed a troubling trend where people had their passwords on sticky notes in their work area. The employees stated that the password policy made it too difficult to remember them. Which policy should the company change to alleviate this issue? Password complexity Password reuse Password history Password management
Password complexity Modifying the password complexity policy to allow for longer but easily remembered passwords can aid in lowering the number of people saving their passwords insecurely.
An accounts payable clerk received an email requesting payment information for materials for an ongoing project. The email appears to be from a known vendor. Before giving the information over, what should the clerk protect against? Typosquatting Coercion Phishing Consensus technique
Phishing Phishing is a combination of social engineering and spoofing. It persuades or tricks the target into interacting with a malicious resource disguised as a trusted one.
After a recent server outage, the company discovered that an employee accidentally unplugged the power cable from the server while grabbing some office supplies from the nearby shelf. What security control did the company lack that led to the server outage? Managerial Technical Operational Physical
Physical Physical controls such as alarms, gateways, locks, lighting, and security cameras deter and detect access to premises.
A company has expanded its operations to a new location and is setting up its network infrastructure. A significant part of this setup includes strategically placing devices for optimal security and efficiency. How should the network security manager decide the optimal placement of the intrusion detection system (IDS) in the new network topology to ensure maximum visibility and efficiency without impacting overall network performance? Place the IDS outside the firewall Place the IDS at the end of the network Place the IDS directly behind the router Place the IDS near the servers
Place the IDS directly behind the router Placing the IDS directly behind the router ensures visibility of all incoming and outgoing traffic, which is crucial for detecting any unusual patterns or potential threats.
A recently hired information technology manager wants to implement more automation regarding the onboarding procedure. What process describes setting up accounts so a new employee can automatically access the software and file shares from the human resource platform? Multifactor authentication Following least privilege Enabling a password reuse policy Provisioning
Provisioning Provisioning is the process of setting up a service according to a standard procedure or best practice checklist. Linking multiple systems together can increase the automation of onboarding procedures.
A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after running a test on the website, an error message in the browser stated that the connection was insecure. What framework should the marketing firm use to ensure this error message does not show up? Public key infrastructure Certificate authority Cryptanalysis Typosquatting
Public key infrastructure Public key infrastructure (PKI) refers to a framework of Certificate Authorities (CAs), digital certificates, software, services, and other cryptographic components deployed to validate subject identities.
The security team at a financial services company is performing a gap analysis to identify deficiencies in their existing security posture. The team lead aims to understand where the organization stands in terms of information security and where it needs to be to meet its security goals. What critical information would the security team lead seek during the gap analysis to ascertain the organization's current security status and desired state? (Select the two best options.) Employee feedback on current security policies only Regulatory requirements and recent audit findings The data from recent security audits Current security practices and desired security objectives
Regulatory requirements and recent audit findings Current security practices and desired security objectives A gap analysis also comprehensively reviews current regulatory requirements to ensure compliance, avoid penalties, and findings from recent audits to leverage insights from external evaluations.A gap analysis comprehensively reviews current security practices to establish a clear baseline and desired security objectives to provide a clear target.
An accountant received a phone call from an individual requesting information for an ongoing project. The call came from an unrecognized number, but the individual seemed believable and persuasive. Before giving the information over, what should the accountant protect against? Social engineering Coercion Typosquatting Brand impersonation
Social engineering Social engineering refers to eliciting information from users or getting them to perform some action for the threat actor.
A newly hired chief information security officer (CISO) met with the human resources (HR) department to discuss how to better manage the company's access to sensitive information. In what way does this meeting fall under the responsibility of the new CISO? Monitoring audit logs Reviewing user permissions Documenting access controls Managing security-related incident response
Reviewing user permissions Working with human resources to ensure the proper user permissions for their given role falls under the security aspect of the chief information security officer.
An information technology (IT) manager is trying to persuade the chief financial officer (CFO) to sign off on a new support and update contract for the company's virtualized environment. The CFO sees this as a waste of money since the company already has the environment up and running. The IT manager explained to the CFO that the company will no longer receive security updates to protect the environment. What describes the level of hazard posed by NOT keeping the systems up-to-date? Vulnerability Threat Risk Insider threat
Risk Risk is the level of hazard posed by vulnerabilities and threats. When a company identifies a vulnerability, it calculates the risk as the likelihood of exploitation by a threat actor and the impact of a successful exploitation.
A network administrator is cleaning up the company's shared drive resources. Through an audit, the administrator discovered that the company did not properly manage the permissions over the years. Which control type should the administrator change the permissions to that gives access determined by the job? Role-based access control Multifactor authentication Discretionary access control Mandatory access control
Role-based access control Role-based access control (RBAC) means an organization defines its permission requirements in terms of the tasks that an employee or service must be able to perform. Each set of permissions is a role.
A real estate investment firm wants to implement Single Sign-On (SSO) for its dozens of services and software. The firm found a vendor to implement that request using the eXtensible Markup Language (XML) standard. What solution does this vendor use for SSO? SAML VPN LDAP LSASS
SAML Security assertion markup language (SAML) allows for federating a network or cloud system. SAML assertions and claims between the principal, the relying party, and the identity provider use eXtensible Markup Language as their structure.
After a company hires a new chief information security officer (CISO), the chief executive officer (CEO) requests the CISO to hire staff for the new team. The purview of the team will be for monitoring and protecting critical information assets throughout the company. What BEST describes the location of this new team within the structure of the company? SOC NOC Help desk MSP
SOC A Security Operations Center (SOC) is the team responsible for security-related activities within a company.
A security engineer is investigating why the company website's encryption failed to prevent a threat actor from stealing its data. The engineer noticed that the encryption was easily reversible. What could the engineer add to the encryption to ensure the generation of a unique random value? Trusted Platform Module Salt Internet Protocol Security Plaintext
Salt A salt is a security countermeasure that mitigates the impact of precomputed hash table attacks by adding ("salting") a random value to each plaintext input.
An organization's flat network segment currently hosts a mailbox server, a client network, and a mail transfer server, all of which need enhanced security. Which redesign option BEST segregates the network according to the OSI model and secure architecture principles to mitigate vulnerabilities? Segregate with VLANs and control inter-VLAN traffic with ACLs. Monitor the mail server with a WAF at the application layer. Strengthen router ACLs and enable IPsec for data-in-transit. Create a DMZ for the mail transfer server and separate others with port security.
Segregate with VLANs and control inter-VLAN traffic with ACLs. VLANs with ACLs create secure segments, providing effective internal traffic control without affecting other layers. This approach not only enhances network performance but also significantly improves security by isolating different network segments.
A large multimedia company is experiencing a distributed denial of service (DDoS) attack that has led the company's platform to become unresponsive. Customers are submitting tickets complaining that they can no longer access the platform and cannot complete their work. What BEST describes what the company is going through? Service disruption Data exfiltration Disinformation Insider threat
Service disruption Service disruption prevents an organization from working as it usually does. This disruption could involve an attack on its website, such as a denial of service attack or using malware to block access to servers and employee workstations.
A company is deciding between migrating its infrastructure to a cloud-based model or maintaining its traditional network architecture. The chief technology officer (CTO) lists several security considerations for both models. The security analyst identified the considerations inherently tied to the cloud-based model due to its distinct nature. Based on its unique characteristics, which security considerations are more closely associated with a cloud-based architecture? (Select the two best options.) Firmware update regularity across all devices Shared responsibility between service providers and customers Data encryption during transit between internal nodes Dependency on the service provider's infrastructure for physical hardware security
Shared responsibility between service providers and customers Dependency on the service provider's infrastructure for physical hardware security Cloud-based architectures often use a shared responsibility model where the service provider and the customer have distinct roles in ensuring the system's security. Cloud architectures often place the responsibility of physical hardware management and security on the service provider, differentiating it from traditional models where the company is responsible for its own physical hardware.
A growing company's IT department is weighing the pros and cons of different architectural models for its next project. The debate narrows down to cloud architecture versus traditional network architecture. During a team meeting, the head of IT security asks a newly hired network specialist to identify the primary security consideration when comparing cloud architecture to traditional network architecture. Based on the conversation in the IT department, which security consideration is MOST directly associated with cloud architecture compared to traditional network architecture? A need for regular network hardware/firmware updates Shared responsibility model with service providers Encryption of data transmitted over local networks Requirement for secure physical access to network devices
Shared responsibility model with service providers In cloud services, the division of security responsibilities between the cloud service provider and the customer creates a shared responsibility model.
A rapidly growing startup's IT department is deliberating on optimal architectural models to support its expansion. The team examines cloud architectures and traditional network architectures. The lead network engineer queries a systems analyst about the chief security implication of a cloud architecture in contrast to a conventional network setup. Based on the discussion between the IT department and the lead network engineer, which security consideration is MOST directly associated with cloud architectures over traditional network setups? Shared responsibility with cloud service providers Periodic firmware updates for on-premises routers Encryption protocols for LAN communication Physical security measures for on-site servers
Shared responsibility with cloud service providers Cloud architectures often come with a shared responsibility model where both the cloud provider and the customer have designated security roles. This model is unique to cloud deployments instead of traditional on-premises network setups.
A cancer diagnostic clinic must transfer a large amount of data to a cloud vendor to migrate from its on-premises server. However, the amount of data would make the transfer over the internet take extensive time due to the limited bandwidth the clinic's internet provides. Instead, it wants to ship an encrypted copy of the data to the vendor. What type of encryption would BEST fit the clinic's needs? Symmetric algorithm Asymmetric algorithm Plaintext Cryptography
Symmetric algorithm A symmetric algorithm is one in which the same secret key performs encryption and decryption. Only authorized persons should know or have the secret key.
After deploying a mobile device management system to all its computers, a company noticed a small subset failed to encrypt their hard drives. After inspection, those devices do not have the correct component required for the drive encryption to function. Which security component would the company need to install for the drive encryption to work? CRL CPU TPM RAM
TPM The Trusted Platform Module (TPM) chip holds the cryptographic secrets and hardware state to help secure an encrypted hard drive.
A Certificate Authority (CA) had its issuing authority revoked, and its certificates expired. How might those certificates still appear valid, even though they should be on the Certificate Revocation List (CRL)? The company was a Root CA. The CA blocked companies from adding it to the CRL. The company did not implement a CRL. The CRL still requires updating.
The CRL still requires updating. When an entity revokes a certificate, they add it to a Certificate Revocation List. However, it requires a browser to check the list and for the Certificate Authority (CA) to provide the list. If this does not happen, an invalid certificate may still work.
An employee reported seeing an individual outside the office drop a few thumb drives. The employee grabbed those devices and brought them to the information technology (IT) department. After conducting forensics on the devices using air-gapped machines, the IT team determined that the individual was trying to trick employees into plugging the devices into their computers to steal information. What was the malicious actor attempting on an unsuspecting employee? The actor used an email lure. The actor tried to improve the company's security posture. The actor used a physical lure. The actor was not being malicious.
The actor used a physical lure. A physical lure would likely involve a phone call, a dropped thumb drive, or in-person social engineering.
A construction company that receives several emails with attachments from its vendors ran into an issue with one of the emails it received. A malicious actor created an email with an attachment that appeared to be from a known vendor. As a result, the malicious actor tricked an employee into clicking on that attachment. How did the malicious actor convince the employee to click on the attachment? The actor used an email lure. The actor used a physical lure. The actor offered help to improve employee workflow. The actor exploited an outdated email encryption protocol.
The actor used an email lure. Sending out an email with an attachment with similar wording as a company would expect is an excellent way to get people to click them accidentally. Adding additional content to the email can help add legitimacy to the malicious attachment.
A global organization contemplates shifting its on-premises data center to a cloud-based infrastructure for improved scalability and cost-efficiency. Still, the chief information security officer (CISO) expresses concerns over potential security implications that this transition might trigger. Under these circumstances, which choice outlines a genuine security concern that the CISO must confront when migrating from an on-premise data center to a cloud-based infrastructure? The organization may lose direct physical control over its servers. The organization will need to manage more physical servers. The organization will need to build its own cloud infrastructure. The organization will have to maintain a higher number of network devices.
The organization may lose direct physical control over its servers. When transitioning to a cloud-based infrastructure, an organization typically transfers its data to servers managed by a third-party cloud service provider. This process can potentially lead to a loss of direct physical control over the servers, a legitimate security concern for the organization.
An engineering firm wants to implement an authentication design that uses a framework for password authentication. What statement is not accurate regarding password authentication? The user chooses either a roaming authenticator, such as a security key, or a platform authenticator implemented by the device OS. The relying party uses a private key to verify the signature and authenticate the account session. The user registers with a web application or service, referred to as a relying party. When presented with an authentication challenge, the user performs the local gesture to unlock the private key.
The relying party uses a private key to verify the signature and authenticate the account session. To the contrary, part of the passwordless authentication framework involves the relying party to use the public key, not private, to verify the signature and authenticate the account session.
A security engineer noticed a high volume of images sent from the company networks to a popular gaming social media platform. After reviewing the images, the security engineer saw that the images were seemingly benign. Why might these images still be a threat? They contain plaintext They contain ciphertext They contain steganography They contain phishing
They contain steganography Steganography embeds information within an unexpected source, such as a message hidden in a picture. Covertext describes the container document or file that it resides within.
A large organization's security operations center (SOC) noticed in its Extended Detection and Response (XDR) antivirus software that a phished email gained access to the company ticketing system, then to the virtual private network (VPN) software, and lastly, to the company's file share. What did the SOC find? Threat actor Hacktivist Threat vector Service disruption
Threat vector A threat vector is the path that a threat actor uses to execute a data exfiltration, service disruption, or disinformation attack. Sophisticated threat actors will make use of multiple vectors.
A contractor only works for a company from 9 a.m. to 12 p.m. What kind of restriction could the company set up on the contractor's account to prevent using it outside that range? Location-based restrictions Password restrictions Time-based restrictions Mandatory access control
Time-based restrictions A time-based restriction would prevent access to corporate resources outside a set schedule. The company should set this account policy.
Why might a company want a longer key length? To improve the performance of the algorithm To slow down the initial encryption To increase the chances of the ciphertext cracking To decrease the chances of the ciphertext cracking
To decrease the chances of the ciphertext cracking Increasing the key length will improve the algorithm's security by decreasing the chance of cracking the ciphertext. Furthermore, adding salting and hashing will greatly reduce the chances of malicious actors gaining access to the data.
A large financial firm recently brought its information technology (IT) back in-house. It made this decision after facing issues with its third-party vendor not properly securing its systems from outside threats. What consideration did the financial firm deliberate regarding the managed service provider (MSP) and returning to IT in-house services? To limit risks to supply-chain attacks. To limit risk to insider threats To limit risks to nation-state threats To improve the company's security posture
To limit risks to supply-chain attacks. By bringing things in-house, a company can limit risk in relation to supply-chain attacks.
A sole proprietorship construction company contacted an information technology (IT) consultant for technical support for a computer issue. After resolving that issue, the consultant suggested the construction company enable computer encryption. Why might the company want to enable encryption on its computers' hard drives? To slow down data removal from a stolen device. To prevent phishing To prevent data removal from a stolen device To prevent theft
To prevent data removal from a stolen device Enabling hard drive encryption is a basic step to prevent data loss in the event of a stolen device. Without it, anyone can easily access the stolen device, regardless of needing a password.
A construction contractor received a phone call from a prospective client that the contractor's website looked off from what they expected. After an investigation, the construction company discovered that the prospect went to a similar-looking website but did not get to the real one. What caused the client to go to an incorrect website? Phishing Impersonation Watering hole attack Typosquatting
Typosquatting Typosquatting means that the threat actor registers a domain name very similar to a real one, hoping that users will not notice the difference and assume they are browsing a trusted site.
A project manager's assistant received an email requesting information for an ongoing project. The email attempted to convince the assistant that the project would fail to complete on time if they did not receive the information. Before giving the information over, what should the assistant protect against? Urgency Typosquatting Consensus technique Brand impersonation
Urgency Coercion or the use of urgency refers to the intimidation of the target with a bogus appeal to authority or penalty, such as getting fired or not acting quickly enough to prevent some dire outcome.
A newly established e-commerce company experienced increased web-based attacks on its online shopping platform. As a result, the company installed a Web Application Firewall (WAF) to enhance its security infrastructure. What primary function should the network security manager ensure the WAF is performing to protect the online platform from the most common types of web-based threats, such as Cross-site Scripting (XSS), Structured Query Language (SQL) Injection, and Cross-site Request Forgery? Monitor traffic and block DDoS attacks Inspect HTTPS traffic Validate input and output Encrypt data in transit
Validate input and output A WAF primarily validates input and output. It safeguards against web-based threats by scrutinizing the data sent and received from the web application to ensure compliance with defined security rules.
An employee travels out of the country for work but still needs to access the company's shared drive. What would the information technology department need to set up on that employee's computer to connect to the shared drive outside the office? Mandatory access control Virtual private network Discretionary access control Multifactor authentication
Virtual private network Setting up a virtual private network (VPN) allows individuals to access corporate resources outside the corporate infrastructure. Without a VPN, employees cannot access a file share if they are not at their office.
A local business received numerous complaints from frequent repeat customers about fraud occurring after they ordered delivery through the company's website. What type of attack did the customers become victims of? Consensus technique Watering hole attack Typosquatting Coercion
Watering hole attack A watering hole attack relies on a group of targets that use an unsecured third-party website, allowing the attacker to infect a company's computers.
A consultancy recommended that a large construction company should encrypt its wireless network. Currently, the network is set to open and allows any device to connect to it, even employees' personal devices. What encryption product would help the company secure its wireless networks? Transport Layer Security Trusted Platform Module Internet Protocol Security Wi-Fi Protected Access
Wi-Fi Protected Access Wi-Fi Protected Access (WPA) secures the traffic sent over a wireless network. Based on this scenario, the company needs to encrypt the wireless traffic.