A.3.1 Security+ SY0-701 Domain 1: General Security Concepts
Which of the following security challenges refers to the rapid and broad spread of an attack, often affecting a large number of computers in a relatively short amount of time? answer Sophisticated attacks Attack scale and velocity Data encryption Proliferation of attack software
Attack scale and velocity
You are a cybersecurity expert implementing a zero trust model in a large organization. You are tasked with designing the control and data planes. Which of the following strategies should you prioritize and why? answer Prioritize the data plane to ensure that data traffic flows securely and efficiently across the network. Focus on the control plane to ensure that all network devices are properly configured and managed. Balance your focus between the control and data planes, ensuring both are optimized for security and efficiency. Neither, focus on the application plane to ensure that applications are secure and function properly.
Balance your focus between the control and data planes, ensuring both are optimized for security and efficiency.
A security manager decides to enhance the physical security of a warehouse storing high-value tech equipment by installing a deterrent at the perimeter to prevent vehicle-based attacks. Which security measure would be the MOST suitable for this purpose? answer Access control vestibule Access badge Bollards Fencing
Bollards
John, a security analyst, is using a smart card to gain access to a secure server room. He simply waves his card near the card reader and the door unlocks. Later, he uses the same card to log into his computer by inserting it into a card reader. Based on this information, is John using a contact or contactless smart card? answer Neither a contact nor contactless smart card, because smart cards cannot be used both ways. Contactless smart card, because he waved the card near the door's card reader. Contact smart card, because he inserted the card into his computer's card reader. Both a contact and contactless smart card, because he used the card both by inserting it into a reader and by waving it near a reader.
Both a contact and contactless smart card, because he used the card both by inserting it into a reader and by waving it near a reader.
The head of IT security at a financial institution is working to enhance the directive controls in place within the company. Which of the following should the institution implement? Building access procedures Biometric access control systems Closed-circuit television surveillance cameras Intrusion detection systems (IDS)
Building access procedures
You are the IT manager at a large corporation. The company has been using a legacy application for several years. The application is critical for daily operations but it's not compatible with newer technologies the company plans to adopt. The vendor no longer supports the application and it has known security vulnerabilities. What should you do? answer Ignore the new technology and focus on finding a new vendor to support the legacy application. Develop a plan to phase out the legacy application while adopting the new technology. Immediately stop using the legacy application and switch to the new technology. Continue using the legacy application and hope no security breaches occur.
Develop a plan to phase out the legacy application while adopting the new technology.
An information technology manager conducted an audit of the company's support tickets. The manager noticed a trend with the tickets, where the majority were for new computer setups. What security control function would the manager's implementation of a new standard operating procedure have? answer Corrective Deterrent Compensating Directive
Directive
You are the IT Security Manager for a multinational corporation. The company is undergoing a major restructuring, which includes employee layoffs, role changes, and new hires. Given the situation, which of the following account maintenance practices would be the MOST effective in ensuring the security of your systems? answer Implementing a policy that requires all employees to change their passwords immediately. Requiring all employees to undergo a new round of security training. Disabling the accounts of all employees who have been laid off and reviewing the access rights of remaining employees. Implementing a policy that requires all employees to use a password manager.
Disabling the accounts of all employees who have been laid off and reviewing the access rights of remaining employees.
A large multinational corporation has multiple domains that share the same contiguous DNS namespaces, as well as domains with different DNS namespaces. The IT department is tasked with organizing these domains. Which of the following options best describes how the domains should be grouped? answer Domains with the same contiguous DNS namespaces should be grouped into a forest, and all forests should be grouped into a tree. All domains should be grouped into a single forest, regardless of their DNS namespaces. Domains with the same contiguous DNS namespaces should be grouped into a tree, and all trees should be grouped into a forest. Domains with different DNS namespaces should be grouped into a tree, and all trees should be grouped into a forest. All domains should be grouped into a single tree, regardless of their DNS namespaces.
Domains with the same contiguous DNS namespaces should be grouped into a tree, and all trees should be grouped into a forest.
You are a cybersecurity specialist and you have implemented fake telemetry as part of your organization's defense strategy. An attacker has just probed your network. Which of the following type of information might your fake telemetry system provide to the attacker? answer Login credentials of your organization's employees. False credentials or false IP address information. Credit card information of your organization's customers. IP address information of your organization's servers.
False credentials or false IP address information.
A data center must enhance its security measures to prevent unauthorized access to its facility. The center are considering different methods to achieve this goal. What should the data center implement first to ensure a strong physical barrier against intrusions? answer Biometric authentication Fencing Video surveillance Security guard patrols
Fencing
After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is assessing the company's security posture to identify deficiencies from the framework's recommendations. What process can the CISO run to get a better sense of what the company needs to improve upon? answer Implement business continuity plan Penetration test Implement disaster recovery plan Gap analysis
Gap analysis
An IT department is using a technique to assess the differences in performance between their systems, looking to see if the systems meet the established requirements. Which of the following terms BEST describes the technique the IT department is using? Gap analysis Authorization models Non-repudiation Zero trust
Gap analysis
The IT department of a corporation evaluates its security mechanisms to identify areas lacking sufficient protection. Which of the following techniques should the IT department employ? answer Authorization models Non-repudiation Zero trust Gap analysis
Gap analysis
Which of the following statements correctly describe the characteristics of generic containers in Active Directory? (Select two.) answer Generic containers cannot hold other organizational units. Generic containers are created by default. Generic containers can be moved, renamed, or deleted. Generic containers have numerous properties you can edit. Generic containers are used to organize Active Directory objects.
Generic containers are created by default. Generic containers are used to organize Active Directory objects.
Which of the following objects identifies a set of users with similar access needs? answer Permissions SACL DACL Group
Group
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do? answer Manually refresh Group Policy settings on his computer. Add his user account to the ACL for the shared folder. Manually refresh Group Policy settings on the file server. Have Marcus log off and log back in.
Have Marcus log off and log back in.
Which of the following statements about honeyfiles are true? (Select two.) answer Honeyfiles can only be created by system administrators. Honeyfiles are used to block all types of malicious traffic. Honeyfiles are designed to provide real data to the attacker. Honeyfiles work with network intrusion detection systems (NIDs) and can help prevent false positives. Honeyfiles are named in a way that makes them attractive to hackers, enticing them to open or execute them.
Honeyfiles work with network intrusion detection systems (NIDs) and can help prevent false positives. Honeyfiles are named in a way that makes them attractive to hackers, enticing them to open or execute them.
You want to create a collection of computers on your network that appear to have valuable data but actually store fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the attacker's methods. Which feature should you implement? answer Extranet NIDS NIPS Honeynet
Honeynet
A tech company recently moved to a new facility and seeks to bolster its physical security posture. The security team proposes integrating security guards and surveillance cameras as part of the security measures. The chief security officer (CSO) wants to ensure these implementations effectively deter, detect, and report potential security incidents. Given the scenario, which actions will maximize the effectiveness of security guards and cameras in enhancing the organization's physical security? (Select two.) answer Place two cameras on the locations where there are security guards positioned. Place cameras in highly visible areas, but do not connect them to any recording device. Implement security guard rotations and unannounced spot checks. Position cameras to monitor critical access points and sensitive areas. Allow security guards to monitor camera feeds only during break times.
Implement security guard rotations and unannounced spot checks. Position cameras to monitor critical access points and sensitive areas.
A large multinational corporation has recently experienced a significant data breach. The breach was detected by an external cybersecurity firm, and the corporation's IT department was unable to prevent or detect the breach in its early stages. The CEO wants to ensure that such a breach does not happen again and is considering several options to enhance the company's security posture. Which of the following options would be the MOST effective in preventing and detecting future data breaches? answer Conducting regular cybersecurity training for all employees. Implementing a dedicated Computer Incident Response Team (CIRT). Hiring an external cybersecurity firm to conduct regular penetration testing. Increasing the budget for the IT department to purchase more advanced security software.
Implementing a dedicated Computer Incident Response Team (CIRT).
Change management is not just for implementing software updates or hardware changes. For example, version control refers to capturing changes made to important documents a company needs. What are some documents that would utilize version control? (Select three.) answer Transactional documents Important data Financial records Faxes Employee timecards Code Diagrams
Important data Code Diagrams
What is the primary function of Active Directory as a centralized database in a network? It stores and organizes all user accounts and security information. It serves as a backup system for all files in the network. It provides internet access to all computers in the network. It manages the power supply to all computers in the network.
It stores and organizes all user accounts and security information.
Which of the following controls is an example of a physical access control method? answer Smart cards Locks on doors Access control lists with permissions Hiring background checks Passwords
Locks on doors
Which type of control makes use of policies, DPRs, and BCPs? answer Operational Preventative Technical Managerial
Managerial
Which of the following are control categories? (Select three.) answer Physical Deterrent Managerial Technical Operational Compensating Preventative
Managerial Technical Operational
Match each Active Directory term on the left with its corresponding definition on the right. Keyboard Instructions Logical organization of resources Correct Answer: Organizational unit Collection of network resources Correct Answer: Domain Collection of related domain trees Correct Answer: Forest Network resource in the directory Correct Answer: Object Group of related domains Correct Answer: Tree
Match each Active Directory term on the left with its corresponding definition on the right. Keyboard Instructions Logical organization of resources Correct Answer: Organizational unit Collection of network resources Correct Answer: Domain Collection of related domain trees Correct Answer: Forest Network resource in the directory Correct Answer: Object Group of related domains Correct Answer: Tree
Match each smart card attack on the left with the appropriate description on the right. Keyboard Instructions Software attacks Correct Answer: Exploits vulnerabilities in a card's protocols or encryption methods. Eavesdropping Correct Answer: Captures transmission data produced by a card as it is used. Fault generation Correct Answer: Deliberately induces malfunctions in a card. Microprobing Correct Answer: Accesses the chip's surface directly to observe, manipulate, and interfere with a circuit.
Match each smart card attack on the left with the appropriate description on the right. Keyboard Instructions Software attacks Correct Answer: Exploits vulnerabilities in a card's protocols or encryption methods. Eavesdropping Correct Answer: Captures transmission data produced by a card as it is used. Fault generation Correct Answer: Deliberately induces malfunctions in a card. Microprobing Correct Answer: Accesses the chip's surface directly to observe, manipulate, and interfere with a circuit.
A company transmits data across a network, ensuring the non-repudiation security principle. What is the key benefit this provides to both the sender and the recipient of the data? answer Both parties should not trust anything inside or outside the network. Both parties have control over authentication, authorization, and accounting. Neither party can deny the authenticity of the data. Both parties can adapt their identity dynamically.
Neither party can deny the authenticity of the data.
When sending confidential data over a network, a company wants to ensure both parties involved cannot deny the validity of the transmitted data. Which security principle should they prioritize? Non-repudiation Adaptive identity Zero trust Authentication, authorization, and accounting (AAA)
Non-repudiation
A properly implemented change plan for an international company helps keep business operations moving forward. Restarts, dependencies, and downtime are hand-in-hand with change management. When is the BEST time to implement changes? (Select two.) Off-peak times Maintenance windows During holidays Peak times After the work day
Off-peak times Maintenance windows
An acceptable use policy requires the system to encrypt confidential information while in transit. All employees must use secure email when exchanging proprietary information with external vendors. Which of the following describes this type of acceptable use policy? Operational Technical Preventive Managerial
Operational
You want to use CCTV to increase your physical security, and you want the ability to remotely control the camera position. Which camera type should you choose? answer C-mount PTZ Dome Bullet
PTZ
Which of the following BEST describes compensating controls? answer Monitors network activity and informs the security team of a potential security event. Attempts to fix any controls that aren't working properly. Partial control solution that is implemented when a control cannot fully meet a requirement. Discourages malicious actors from attempting to breach a network.
Partial control solution that is implemented when a control cannot fully meet a requirement.
After a recent server outage, the company discovered that an employee accidentally unplugged the power cable from the server while grabbing some office supplies from the nearby shelf. What security control did the company lack that led to the server outage? Physical Operational Technical Managerial
Physical
When setting up a new server room for sensitive data storage, a tech company seeks to enhance preventive measures against unauthorized access. Which measure would be MOST effective for this purpose? answer Video surveillance Server encryption Physical security Intrusion detection system (IDS)
Physical security
After an unauthorized access incident in the server room over the weekend, the IT department of a company decides to implement new security controls to deter similar future incidents. Which of the following should they implement? answer Introducing a key control system for office desks Installing a network-connected smoke detector system in the server room Applying reflective window film to the server room windows Placing visible signs indicating surveillance and severe penalties for unauthorized entry
Placing visible signs indicating surveillance and severe penalties for unauthorized entry
A manufacturing company is looking to enhance its security measures by implementing deterrent controls in its facility, specifically the server room. Which of the following options would be MOST effective? Placing visible signs indicating surveillance and severe penalties for unauthorized entry. Installing a network-connected smoke detector system in the server room. Introducing a key control system for office desks. Applying reflective window film to the server room windows.
Placing visible signs indicating surveillance and severe penalties for unauthorized entry.
You are a system administrator for a company that uses Linux servers. One of your tasks is to implement a new smart-card login system for all employees. Which Linux authentication method would you use to accomplish this? answer Secure Shell (SSH) Password checked against a hash stored in /etc/shadow Local user account names stored in /etc/passwd Pluggable Authentication Module (PAM)
Pluggable Authentication Module (PAM)
A security analyst wants to ensure that the privileges granted to an individual align with the role within the organization. What is the primary tool that the analyst should implement? answer Authenticating systems Policy enforcement point Non-repudiation Zero trust
Policy enforcement point
A corporation's IT department is integrating a new framework that permits, ascertains, and applies various resources in accordance with established company policies. Which principle should the department incorporate? answer Authorization models AAA Zero trust Policy-driven access control
Policy-driven access control
The information technology department in a large organization is implementing a new system where the system allows, determines, and enforces various resources based on predefined company guidelines. Which concept is the department implementing? answer AAA Zero trust Authorization models Policy-driven access control
Policy-driven access control
A company installed a new locking cabinet in the computer room to hold extra flash drives and other supplies. Which type of security control did the company configure? answer Compensating Containment Deterrent Preventive
Preventive
Which technology is primarily used by smart cards to store digital signatures, cryptography keys, and identification codes? answer Advanced Encryption Standard (AES) Public Key Infrastructure (PKI) Secure Sockets Layer (SSL) Blockchain technology Hashing algorithms
Public Key Infrastructure (PKI)
A company's IT department has received a request from an employee who is currently working from home. The employee is unable to access the company's internal resources from their home network. As an IT professional, which type of Windows authentication would you recommend to resolve this issue? answer Linux authentication Remote sign-in Windows network sign-in Windows local sign-in
Remote sign-in
In the context of the NIST Cybersecurity Framework, which function involves identifying, analyzing, containing, and eradicating threats to systems and data security? answer Protect Respond Identify Recover
Respond
How can a cybersecurity analyst effectively utilize version control to maintain a historical record of changes and ensure security in the organization's IT systems and applications? answer Revert to previous versions of documents without assessing their impact on security. Use version control solely for policy updates, neglecting changes to code. Implement version control only for critical documents and code. Use version control to track changes in network diagrams and configuration files.
Use version control to track changes in network diagrams and configuration files.
The security operations manager of a multinational corporation focuses on enhancing directive operational controls. Which of the following should the manager implement? answer Firewall to block unauthorized network traffic. Surveillance cameras installed around the premises. User awareness and training programs. Regular vulnerability assessments using automated tools.
User awareness and training programs.
A network administrator for a technology company is introducing a new cybersecurity model to limit data breaches. They wish to enforce a strategy where every system or user inside or outside the network perimeter must prove their legitimacy before accessing resources. What principle would be MOST effective in implementing their new strategy? Zero trust Policy-driven access control Role-based access control Adaptive identity
Zero trust
An organization changes its security posture after a breach and wants to enhance encryption by putting meaures in place to mitigate risk exposures that cannot be directly eliminated by the cyber security team. What type of control is being observed in this situation? answer Detective Technical Compensating Administrative
Compensating
What principle of an organization's information security system ensures that only authorized individuals can access sensitive data, the data remains unaltered during storage and transfer, and the data is always accessible when needed? answer Two-factor authentication Access control list CIA triad Authenticating people
CIA triad
Which option is a benefit of CCTV? answer Reduce the need for locks and sensors on doors. Expand the area visible by security guards. Increase security protection throughout an environment. Provide a corrective control.
Expand the area visible by security guards.
Which of the following BEST describes the domain controller component of Active Directory? answer A domain controller is a specific type of network resource within a domain. A domain controller is a software application that manages the replication of the Active Directory database. A domain controller is a physical device that connects the network to the Active Directory database. A domain controller is a user account that has administrative privileges to manage the Active Directory database. A domain controller is a server that holds a copy of the Active Directory database that can be written to and is responsible for copying changes to Active Directory between the domain controllers.
A domain controller is a server that holds a copy of the Active Directory database that can be written to and is responsible for copying changes to Active Directory between the domain controllers.
An organization's IT department wants to implement a security model responsible for verifying user identities, determining access rights, and monitoring activities within a system. Which concept is MOST appropriate for the department to implement? answer Zero trust RBAC AAA Policy engine
AAA
A company wants to improve the physical security at its headquarters. They need a solution that can help regulate access to the building and deter potential intruders during nighttime. Which physical security measure should they prioritize? answer Closed-circuit television (CCTV) Access control vestibule Perimeter fencing Enhanced lighting
Access control vestibule
What is the name of the service included with the Windows Server operating system that manages a centralized database containing user account and security information?
Active Directory
You are the Chief Information Security Officer (CISO) at a tech company. Your company is facing issues with silos between the development and operations teams, leading to inefficiencies and security vulnerabilities. Which approach should you adopt to encourage collaboration and integrate security considerations at every stage of software development and deployment? Adopting a Development and Operations (DevOps) approach Outsourcing security to a third-party vendor Implementing a new security policy Establishing a Security Operations Center (SOC)
Adopting a Development and Operations (DevOps) approach
Which of the following is an example of a preventative control type? answer Network monitoring applications Real-time monitoring alerts An advanced network appliance Intrusion detection systems
An advanced network appliance
A financial institution receives a significant software update. What is the optimal approach to handle this situation in a change management program? Assess impact, test, get approval, apply update. Update systems with past vulnerabilities only. Apply at next maintenance window without assessment. Apply to critical systems first, then the rest.
Assess impact, test, get approval, apply update.
You are the head of the IT department at a large corporation. Recently, there have been several security breaches, and you suspect that these breaches are due to issues with your Identity and Access Management (IAM) processes. You decide to conduct a thorough review of your IAM processes. Which of the following steps should you prioritize and why? answer Reviewing the identification process to ensure that each user, device, or process on the network is uniquely represented. Assessing the authorization process to determine what rights subjects should have on each resource and whether those rights are being enforced. Checking the authentication process to verify that each subject is who or what it claims to be when attempting to access a resource. Examining the accounting process to track authorized usage of a resource or use of rights by a subject and alert when unauthorized use is detected or attempted.
Assessing the authorization process to determine what rights subjects should have on each resource and whether those rights are being enforced.
Which of the following is the term for the process of validating a subject's identity? answer Identification Authorization Auditing Authentication
Authentication
What is the process of controlling access to resources such as computers, files, or printers called? answer Conditional access Mandatory access control Authorization Authentication
Authorization
Which of the following are often identified as the three main goals of security? (Select three.) answer Assets Availability Non-repudiation Policies Employees Confidentiality Integrity
Availability Confidentiality Integrity
A software patch was inadvertently pushed out early, during the middle of the workday, and has brought business to a halt. The chief executive officer (CEO) demands that the systems return to full operations immediately. What part of the change plan will assist in this task? Backout plan Test results Standard operating procedures Impact analysis
Backout plan
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security risks is MOST pressing? answer Integrity Non-repudiation Availability Confidentiality
Confidentiality
A company moved its office supplies to another room and instituted a new security system for entry. The company implemented this after a recent server outage. What category of security control BEST describes the function of this recent implementation? answer Operational Detective Preventive Corrective
Corrective
After encountering a cyber attack, an organization uses a monitoring solution that automatically restarts services after it has detected the system has crashed. What type of functional security control is the company implementing? answer Compensating Managerial Technical Corrective
Corrective
Which of the following is a limitation of using a DNS sinkhole as a cybersecurity measure? answer DNS sinkholes can prevent malware execution. DNS sinkholes can block all types of malicious traffic. DNS sinkholes are ineffective if the malware uses a public DNS server or its own DNS server. DNS sinkholes can only provide false information for DNS queries.
DNS sinkholes are ineffective if the malware uses a public DNS server or its own DNS server.
A user in a company wants a new USB flash drive. Rather than requesting one through the proper channel, the user obtains one from one of the company's storage closets. Upon approaching the closet door, the user notices a warning sign indicating cameras are in use. What is the control objective of the observed sign? Deterrent Preventive Corrective Detective
Deterrent
Which type of control is used to discourage malicious actors from attempting to breach a network? Deterrent Physical Preventative Detective
Deterrent
A major technology company plans to renovate its headquarters, emphasizing both physical and digital security. The head of the security department is looking to enhance the building's main entry points and contemplates integrating advanced gateways with innovative locking mechanisms. In relation to securing a major technology company's main entry points, which approaches will BEST harness the potential of gateways and locks to ensure optimal security? (Select two.) Employ network gateways that scrutinize incoming traffic for malicious activity. Use gateways to redirect all visitors to the company's promotional website. Implement biometric locks that grant access based on unique physiological characteristics. Install CCTV cameras to increase the effectiveness of the gateways and locks. Install traditional padlocks that require a standard key.
Employ network gateways that scrutinize incoming traffic for malicious activity. Implement biometric locks that grant access based on unique physiological characteristics.
Which of the following are solutions that address physical security? (Select two.) Escort visitors at all times. Require identification and name badges for all employees. Implement complex passwords. Disable guest accounts on computers. Scan all floppy disks before use.
Escort visitors at all times. Require identification and name badges for all employees.
You are the Chief Information Security Officer (CISO) at a large corporation. Your company is expanding rapidly and the complexity of managing security across different business functions is increasing. You need a dedicated team to monitor and protect critical information assets across the organization. Which of the following would be the MOST effective solution? Establishing a Security Operations Center (SOC) Implementing a new security policy Outsourcing security to a third-party vendor Hiring more IT staff
Establishing a Security Operations Center (SOC)
The cybersecurity team at a multinational corporation is collaborating with the facilities department to design a new data center. The team seeks to integrate top-tier physical security controls into the site layout to maximize protection against potential threats. The discussions revolve around the BEST strategies to ensure the safety of the data center. When designing the physical security controls for the site layout of the new data center, which strategy would be MOST effective in deterring unauthorized access and providing a comprehensive security layer? answer Implementing a single, fortified main entrance Distributing security personnel evenly throughout the premises Establishing a security perimeter with layered access controls Placing all servers near windows for easy maintenance
Establishing a security perimeter with layered access controls
To increase the physical security of a secured location, an organization deploys motion detection sensors throughout the grounds and building. What type of sensor uses this technology? answer Microwave sensor Ultrasonic sensor Infrared sensor Pressure sensor
Infrared sensor
The chief security officer (CSO) at a financial organization wants to implement additional detective security controls. Which of the following would BEST represent this type of control? answer Enforcement of access control mechanisms. Implementation of biometric authentication systems. Performing regular system backups. Installation of surveillance camera.
Installation of surveillance camera.
Your computer system is a participant in an asymmetric cryptography system. You've created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, which protection does the hashing activity provide? answer Confidentiality Integrity Availability Non-repudiation
Integrity
The IT director at a financial institution focuses on implementing compensating managerial controls to augment the institution's existing security framework. If a mandated control cannot be put into place, which of the following compensating controls should an analyst recommend as a sufficient substitute? answer Regular employee training on cybersecurity best practices. Using biometric access controls on all company systems. Isolating a critical system that cannot be patched. An automated system that scans and patches software vulnerabilities.
Isolating a critical system that cannot be patched.
What is one of the main advantages of Active Directory being a hierarchical database? answer It allows for automatic software updates. It allows for organization and sorting of user accounts and resources. It allows for faster internet speeds. It allows for increased storage capacity.
It allows for organization and sorting of user accounts and resources.
A recently breached company tasks the cyber team to further restrict end-user permissions. What describes the use of an application allow list? It enforces policies in computer systems and networks. It controls access to files, directories, or systems resources in OSs. It is used in computer systems and networks to enforce policies. It is a list of rules or entries that specify users' access.
It enforces policies in computer systems and networks.
The organization is implementing a significant software upgrade that necessitates application restarts. How can the cybersecurity analyst ensure a smooth transition without causing extended downtime? Schedule the upgrade during nonworking hours to reduce the impact on users. Implement the upgrade without analyzing software dependencies. Conduct the software upgrade without restarting the applications to avoid interruptions. Restart all applications simultaneously to complete the upgrade faster.
Schedule the upgrade during nonworking hours to reduce the impact on users.
Which type of group can be used for controlling access to objects? answer DACL Security Distribution Authorization
Security
A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission? answer Sender's private key Receiver's private key Sender's public key Receiver's public key
Sender's public key
You are the cybersecurity lead at a large corporation. Recently, your organization has been experiencing an increase in SMTP-based attacks such as open relay, DDoS, and spam attacks. You need to devise a strategy to not only mitigate these attacks but also gather information about the attackers' tactics. Which of the following would be the BEST solution? answer Regularly change the email server's IP address to confuse the attackers. Shut down the email server until the attacks cease. Implement a strong firewall and block all SMTP traffic. Set up an email honeypot designed to attract and trap these types of attacks.
Set up an email honeypot designed to attract and trap these types of attacks.
You are a cybersecurity specialist at a large corporation. Your company has been experiencing an increase in cyber attacks recently. To better understand the tactics and techniques of the attackers, you have decided to set up a honeynet. Which of the following is the BEST way to set up and use a honeynet? answer Set up the honeynet with real data and systems to make it more attractive to attackers. Set up the honeynet with decoy systems and ignore it until an attack occurs. Set up the honeynet with decoy systems and monitor it for attacker activity. Set up the honeynet with real systems and ignore it until an attack occurs.
Set up the honeynet with decoy systems and monitor it for attacker activity.
As part of enhancing its data protection strategy, a corporation's IT manager aims to ensure defense-in-depth by integrating a technical control alongside existing managerial and operational controls. Which measure BEST exemplifies a technical security control according to the classification scheme? answer Installing a building access control system Conducting employee cybersecurity training Implementing a risk identification tool Setting up a network intrusion detection system
Setting up a network intrusion detection system
Given the need to prioritize cost-effective solutions for enhancing the company's cybersecurity posture, a global corporation's chief security officer (CSO) considers implementing technical controls over physical controls. Which of the following options is a technical control? Setting up a network intrusion detection system Installing a building access control system Conducting employee cybersecurity training Implementing a risk identification tool
Setting up a network intrusion detection system
You are the IT security manager for a large corporation. The company has been using shared accounts for certain systems due to ease of access and convenience. However, you are considering implementing a policy to prohibit the use of shared accounts. Which of the following are valid reasons for this decision? (Select two.) answer Shared accounts reduce the need for individual user training. Shared accounts can lead to accountability issues. Shared accounts allow for easier password management. Shared accounts can compromise the principle of least privilege. Shared accounts increase the speed of system access.
Shared accounts can lead to accountability issues. Shared accounts can compromise the principle of least privilege.
Which kind of access control technology allows more than just the identity of an individual to be transmitted wirelessly to either allow or deny access? answer Keypad locks Smart card Proximity card Biometric locks
Smart card
You are the head of the cybersecurity team at a large corporation. You notice an increase in network traffic that appears to be legitimate but is causing a slowdown in your systems. Upon further inspection, you find that the traffic patterns vary each time, making it difficult to distinguish from normal traffic. What type of security challenge are you MOST likely facing? answer Attack scale and velocity Proliferation of attack software Sophisticated attack Data breach
Sophisticated attack
An organization frequently implements changes, reconfigurations, and patches to enhance its IT infrastructure's security and efficiency. The cybersecurity analyst must carefully analyze dependencies between services, applications, and interfaces to avoid unintended outages and disruptions during service restarts or downtime events. How does understanding dependencies impact the change management process? (Select the three best options.) answer Informs individuals or groups that are primarily responsible for implementing a specific change. Supports the development of post-change performance monitoring to validate system functionality and quickly detect issues. Helps avoid unintended outages and disruptions during service restarts or downtime events. Guides the development of effective backout plans and downtime contingencies. Increases the involvement of stakeholders in the change management process.
Supports the development of post-change performance monitoring to validate system functionality and quickly detect issues. Helps avoid unintended outages and disruptions during service restarts or downtime events. Guides the development of effective backout plans and downtime contingencies.
A company finds that employees are accessing streaming websites that are not being monitored for malware or viruses. Which type of control can the network administrator implement to protect the system and keep the employees from viewing unapproved sites? answer Corrective Operational Detective Technical
Technical
You are the Chief Information Security Officer (CISO) at a large corporation. You have been tasked with implementing a new security control to protect sensitive customer data. The control must be able to automatically detect and prevent unauthorized access to the data. Which type of control should you implement? answer Operational control Physical control Managerial control Technical control
Technical control
Due to the introduction of security vulnerabilities during a previous change, company leadership wants reassurance that the vulnerabilities will not happen again. The IT department has made several changes to its change management plan. What are items the IT department would add to this plan? (Select three.) answer Stakeholders Test results Balance sheet Impact analysis Rack layout diagram Cable plan Backout plans
Test results Impact analysis Backout plans
A new IT administrator is tasked with managing Active Directory for their company. The administrator needs to understand the types of objects in the tree and the properties of these objects. Which of the following BEST describes the Active Directory component that the new administrator needs to understand? answer The administrator needs to understand the domain controller, as it manages the Active Directory database. The administrator needs to understand the replication process, as it copies changes to Active Directory between the domain controllers. The administrator needs to understand the schema, as it identifies the object classes and their attributes in the tree. The administrator needs to understand the organizational unit, as it subdivides and organizes network resources within a domain. The administrator needs to understand the forest, as it is the highest level of the organization hierarchy.
The administrator needs to understand the schema, as it identifies the object classes and their attributes in the tree.
Which of the following are advantages of using hierarchical databases like Active Directory? (Select two.) They allow for organization of user accounts by location, function, and department. They limit the growth of the Active Directory to meet the needs of your environment. They enable replication of the database to other systems. They allow for decentralized security and management. They require manual recreation of user accounts on every system a user may need to access.
They allow for organization of user accounts by location, function, and department. They enable replication of the database to other systems.
Which of the following are key weaknesses of using smart cards? (Select two.) answer They require a constant power supply to function. They are incapable of performing their own cryptographic functions. They are unable to store digital signatures, cryptography keys, and identification codes. They are vulnerable to eavesdropping that captures transmission data produced by the card as it is used. They are susceptible to software attacks that exploit vulnerabilities in the card's protocols or encryption methods.
They are vulnerable to eavesdropping that captures transmission data produced by the card as it is used. They are susceptible to software attacks that exploit vulnerabilities in the card's protocols or encryption methods.
Which of the following are key benefits of using smart cards? (Select two.) They provide tamper-resistant storage for a user's private key and other personally identifying information (PII). They isolate security-related operations from the rest of the system. They can be used to exploit vulnerabilities in a system's protocols. They allow for unlimited data storage. They can induce malfunctions in the card reader.
They provide tamper-resistant storage for a user's private key and other personally identifying information (PII). They isolate security-related operations from the rest of the system.
What is the purpose of identity and access management (IAM) automation in the onboarding process for new employees in an organization? answer To carefully plan and assess the implementation of changes in the IT system. To establish the rules for the acceptable ways in which network and computer systems may be used by defining acceptable behavior by users. To facilitate knowledge sharing and continuity as employees move into new roles. To automate the provisioning and access management tasks associated with new employees.
To automate the provisioning and access management tasks associated with new employees.
