CompTIA CertMaster CE for Security+ - Domain 4.0 Security Operations Assessment
A security administrator reviews the configuration of a newly implemented Security Information and Event Management (SIEM) system. The SIEM system collects and correlates data from various sources, such as network sensors, application logs, and host logs. The administrator notices that some network devices, like switches and routers, do not directly support the installed agents for data collection. What approach should the administrator consider to ensure the inclusion of these devices' logs in the SIEM system? A. Configuring the devices to push log changes to the SIEM server using a listener/collector approach B. Implementing an additional data loss prevention (DLP) system for these devices C. Installing additional SIEM servers to handle the data from these devices D. Running a vulnerability scanner on these devices to ensure they are compliant with the SIEM system
A. Configuring the devices to push log changes to the SIEM server using a listener/collector approach
A software technician delivers a presentation on the capabilities associated with centralizing web filtering. When exploring techniques tied to centralized proxy service employment to protect traffic, what classifies websites into various groupings, such as social networking, webmail, or gambling sites? A. Content categorization B. URL scanning C. Block rules D. Reputation-based filtering
A. Content categorization
An organization is enhancing its security measures to combat email-based threats after being targeted in a whaling attack. Regarding email security, what uses tenets from authentication methods and encryption features to define rules for handling messages, such as moving messages to quarantine or spam, rejecting them entirely, or tagging them? A. DMARC B. EDR C. DKIM D. SPF
A. DMARC
A software engineer is reviewing the various capabilities of automation and scripting. What capability does the use of security groups allow for in automation and scripting? A. It assists in reducing the possibility of unauthorized access or excessive permissions. B. It can monitor and enforce compliance and flag risky behaviors. C. It can create seamless workflows and facilitate the development of complex systems. D. It creates, modifies, or deletes user accounts and access rights.
A. It assists in reducing the possibility of unauthorized access or excessive permissions.
In a medium-sized company, the IT security team is enhancing security measures by implementing Privileged Access Management (PAM) tools. The team is considering the adoption of just-in-time (JIT) permissions as part of their strategy. How do JIT permissions support the objectives of PAM tools? A. JIT permissions reduce unauthorized access risk by granting temporary access only when necessary. B. JIT permissions provide users with permanent access to critical systems and sensitive data. C. PAM tools are primarily focused on managing standard user permissions. D. JIT permissions are not suitable for enhancing security in medium-sized companies.
A. JIT permissions reduce unauthorized access risk by granting temporary access only when necessary.
The IT department of a medium-sized company explores various mobile solutions to improve productivity and enable employees to work efficiently on their mobile devices. What is considered a critical strategy that IT departments can use to manage, secure, and enforce policies on smartphones, tablets, and other endpoints? A. MDM B. COBO C. COPE D. CYOD
A. MDM
The IT team of a medium-sized business is planning to enhance network security. They want to enforce minimum security controls and configurations across all network devices, including firewalls, routers, and switches. What should they establish to achieve this objective? A. Network security baselines B. Data encryption protocols C. Intrusion detection systems (IDS) D. Virtual private network (VPN)
A. Network security baselines
The Chief Information Officer (CIO) wants to expand the company's ability to accurately identify network host weaknesses across the company. What can be used to report the total number of unmitigated vulnerabilities for each host, and when consolidated, demonstrate results on the status of hosts across the entire network? A. Network vulnerability scanner B. Package monitoring C. Credentialed scan D. Dynamic analysis
A. Network vulnerability scanner
The IT team of a large multinational corporation is working to improve the security of their enterprise remote access services that connect via wireless networks. They plan to implement Remote Authentication Dial-In User Service (RADIUS) to enhance the enterprise authentication process for remote users. RADIUS provides a centralized authentication and authorization mechanism for users connecting from various locations. The IT team evaluated different authentication protocols alongside RADIUS to ensure a strong and secure remote access solution. Which choice of authentication protocols would be MOST appropriate to complement RADIUS for the company's remote access solution? A. PEAP B. PAP C. WEP D. ARP
A. PEAP
During routine monitoring, an incident response analyst at a prominent corporation notices suspicious network activity on a server. The analyst can access various network data sources. Which data sources would provide the MOST relevant information by offering a frame-by-frame analysis of captured traffic? A. Packet captures B. Network logs C. Firewall logs D. Metadata
A. Packet captures
The IT department at a small company is revamping its password policies to bolster security. The company wants to ensure employees follow best practices for creating and managing passwords. The department aims to promote a secure environment by implementing password expiration policies. Which method for password management is BEST to promote a secure environment by requiring users to change their passwords after a certain period? A. Password expiration B. Password complexity C. Password reuse prevention D. Password recovery via email
A. Password expiration
A company has added several new assets and software to its system and is meeting to review its risk matrix. It wants to ensure risk management efforts focus on vulnerabilities most likely impacting its operations significantly. What is this commonly referred to as? A. Prioritization B. Risk tolerance C. Classification D. Environmental variables
A. Prioritization
A medium-sized organization's IT security team is exploring solutions to enhance application security. They seek a method to effectively isolate potentially compromised applications from the rest of the system, aiming to prevent the spread of threats without compromising the applications' performance and usability. Which of the following security measures is best suited for isolating applications to achieve this goal, considering the need for operational efficiency and threat mitigation? A. Sandboxing B. Firewall C. Antivirus software D. Intrusion detection system (IDS)
A. Sandboxing
After a breach, an organization implements new multifactor authentication (MFA) protocols. What MFA philosophy incorporates using a smart card or key fob to support authentication? A. Something you have B. Something you are C. Somewhere you are D. Something you know
A. Something you have
At a large company, the IT department manages user accounts and permissions for the organization's various systems. The IT team employs a well-structured provisioning and de-provisioning process to create, modify, and remove user accounts and assign permissions to minimize potential security risks. Which statements related to user account provisioning and permission assignments are correct? (Select the two best options.) A. Provisioning and de-provisioning of user accounts involve creating, modifying, and removing user accounts to maintain appropriate access levels. B. The principle of least privilege guides the assignment of permissions, ensuring users have only the necessary access for their job roles. C. Provisioning and permission assignments are exclusively managed by individual users without IT department involvement. D. De-provisioning accounts includes the process of granting additional access to prevent
A & B
The board of directors for a tech support company presents to a new client the benefits of automation and orchestration enhancements for security operations. Focusing on the immediate operational improvements automation brings to security incident handling, which of the following benefits are most directly associated with automation in security operations? (Select the two best options.) A. Generate tickets for security incidents automatically. B. Escalation of security incidents to the appropriate teams without manual intervention. C. Continuous integration and testing D. Press release management
A & B
Upon receiving new storage media drives for the department, an organization asks a software engineer to dispose of the old drives. When considering the various methods, what processes does sanitization involve? (Select the two best options.) A. It refers to the process of removing sensitive information from storage media to prevent unauthorized access or data breaches. B. Its process uses specialized techniques, such as data wiping, degaussing, or encryption. C. It involves the physical or electronic elimination of information stored in media, rendering it inaccessible and irrecoverable. D. Its methods include shredding, crushing, or incinerating storage devices.
A & B
A proprietary software remains mission-critical ten years after its in-house creation. The software requires an exception to the rules as it cannot use the latest in-use operating system (OS) version. How can the IT department protect this mission-critical software and reduce its exposure factor? (Select the two best options.) A. Network segmentation B. Vulnerability feeds C. Compensating controls D. Patching
A & C
An IT admin has been testing a newly released software patch and discovered an exploitable vulnerability. The manager directs the IT admin to immediately report to Common Vulnerability and Exposures (CVE), utilizing the Common Vulnerability Scoring System (CVSS) to base the score for the vulnerability. What could happen if there are delays in completing the report? (Select the two best options.) A. Can lead to delays in remediation B. Verification will resolve the vulnerability C. The vulnerability will be patched D. Increase window of opportunity for attackers
A & D
In a medium-sized company, the IT department manages access to various systems and resources for employees. The team wants to enhance the security posture by implementing better access controls. They use rule-based access controls and time-of-day restrictions to achieve this goal. What are the IT department's objectives in implementing rule-based access controls and time-of-day restrictions? (Select the two best options.) A. To define specific access rules based on employees' roles and responsibilities B. To eliminate the need for user authentication and simplify access management C. To ensure all employees have access to all resources at any time for increased productivity D. To restrict access to critical systems during non-working hours to enhance security
A & D
As a company matures, its attack surface also grows. Additionally, the company becomes an increasingly desirable target for a malicious actor to compromise its systems. A company must monitor all software usage, secure applications, third-party software, libraries, and dependencies. Which of the following would contribute to protecting the business's operations? (Select the three best options.) A. Package monitoring B. Software Bill of Materials C. Software composition analysis D. Credentialed scan
A, B, & C
In a large corporate office, employees use various devices such as laptops, smartphones, and tablets that support both Bluetooth and Wi-Fi connectivity. The office implements strict security measures to protect sensitive data and ensure compliance with industry regulations. However, the IT team noticed some security concerns. What security risks is the IT team primarily concerned about regarding the use of Bluetooth and Wi-Fi in the corporate office? A. Unauthorized access and data interception B. Physical damage to devices C. Incompatibility with devices D. Lack of connectivity
A. Unauthorized access and data interception
The network administrator of a small business needs to enhance the security of the business's wireless network. The primary goal is to implement Wi-Fi Protected Access 3 (WPA3) as the main security measure but recognize the need to adjust other wireless security settings to effectively complement WPA3 and create a robust network for all employees to access critical company resources securely. What considerations should the network administrator consider when implementing WPA3 and adjusting wireless security settings? (Select the two best options.) A. Ensuring backward compatibility with older devices B. Enabling media access control address filtering to restrict access to authorized devices C. Implementing 802.1X authentication for unauthorized devices D.Adjusting signal strength to minimize interference from neighboring networks
B & C
An organization reviews recent audit results of monitoring solutions used to protect the company's infrastructure and learns that detection tools are reporting a high volume of false positives. Which alert tuning techniques can reduce the volume of false positives by either direct influence or through referral processes? (Select the three best options.) A. Identifying and segregating sources of false positive indicators for further analysis B. Refining detection rules and muting alert levels C. Redirecting sudden alert "floods" to a dedicated group D. Redirecting infrastructure-related alerts to a dedicated group
B, C, & D
What type of log file is application-managed rather than through an operating system and may use Event Viewer or syslog to write event data in a standard format? A. Endpoint logs B. Application logs C. OS-specific security logs D. Firewall logs
B. Application logs
An organization is creating a quick reference guide to assist team members when addressing common vulnerabilities and exposures across the enterprise. What does the Forum of Incident Response and Security Teams maintain that generates metrics of a score from 0 to 10? A. CVE B. CVSS C. Vulnerability analysis D. OSINT
B. CVSS
A cyber group is reviewing its web filtering capabilities after a recent breach. Which centralized web-filtering technique groups websites into categories such as social networking, gambling, and webmail? A. Block rules B. Content categorization C. Reputation-based filtering D. URL scanning
B. Content categorization
A new system administrator has been spending the morning manually entering new vulnerability signatures based on Common Vulnerabilities and Exposures (CVE) data and using the Common Vulnerability Scoring System (CVSS) for remediation guidance. To enhance efficiency and ensure the vulnerability scanner remains up-to-date with minimal manual effort, what actions should the administrator have taken instead? (Select the three best options.) A. Automatically update the vulnerability scanner's database via a vulnerability feed B. Integrate the scanner with the Security Content Automation Protocol (SCAP) C. Subscribe to a general IT news feed for updates on emerging technology trends D. Adjust the environmental variables within the vulnerability management system
A, B, & D
A tech department reviews the current model for incident response procedures in response to a serious incident at the company. What part of the process focuses on reviewing the data to determine if it is a genuine incident and then has an appropriate priority level assigned to it? A. Analysis B. Containment C. Eradication D. Detection
A. Analysis
A cyber technician is enhancing application security capabilities for corporate email accounts following a breach. Which of the following options leverages encryption features to enable email verification by allowing the sender to sign emails using a digital signature? A. DMARC B. DKIM C. SPF D. EDR
B. DKIM
Which of the following options is NOT a challenge typically encountered while implementing web filtering solutions in an enterprise? A. Incorrect categorization of websites B. Decrease in network latency C. Overblocking D. Difficulty in handling encrypted traffic (HTTPS)
B. Decrease in network latency
An organization needs to implement web filtering to bolster its security. The goal is to ensure consistent policy enforcement for both in-office and remote workers. Which of the following web filtering methods BEST meets this requirement? A. Utilizing a centralized proxy server B. Deploying agent-based web filtering C. Implementing manual URL blocking D. Relying solely on reputation-based filtering
B. Deploying agent-based web filtering
The IT security team at a corporation has concerns about potential security risks on the cloud platform. They noticed that some employees have been able to submit malformed data, leading to inconsistencies and potential data breaches. The team wants to enhance the platform's security without hindering productivity. In this case, what security measure should the IT security team implement to improve the security of the cloud platform at the corporation? A. Upgrade the cloud infrastructure to improve data processing speed B. Implement robust input validation mechanisms to validate all incoming data C. Enable additional firewall rules to restrict employee access to the platform D. Increase the number of login attempts before locking user accounts
B. Implement robust input validation mechanisms to validate all incoming data
A security specialist is drafting a memorandum on secure data destruction for the organization after a recent breach. What benefit does the certification concept offer when evaluating appropriate disposal/decommissioning? A. It refers to policies and practices governing the storage and preservation of information within the organization for a set period of time. B. It refers to the documentation and verification of the data sanitization or destruction process. C. It is often based on legal, regulatory, or operational requirements. D. It ensures that organizations maintain compliance with relevant regulations and minimize breach risks.
B. It refers to the documentation and verification of the data sanitization or destruction process.
A network security specialist at a tech firm is investigating an atypical spike in alerts from their Security Information and Event Management (SIEM) system. To comprehensively analyze these irregularities, which data source should the specialist prioritize? A. External web traffic statistics. B. Log Data. C. General IT equipment inventory lists. D. Standard operational procedures documentation.
B. Log Data.
A cybersecurity responder monitors a hacker's activities covertly to prepare a containment and eradication plan. This technique involves gaining an informational advantage over an adversary by observing them without their knowledge, allowing for strategic planning and response. What threat-hunting technique is being employed? A. Intelligence fusion B. Maneuvering C. Threat data D. Countermeasures
B. Maneuvering
A cyber security manager is tasked with creating a presentation on the various host operating system logs the newly-hired technicians will encounter when working on company tickets. What logs are generated by appliances, such as a switch or access point, and records the operation and status of the appliance itself? A. macOS logs B. Network logs C. Linux logs D. IPS/IDS logs
B. Network logs
A cyber technician pulls logs on the new Apple iMacs to ensure the company's employees adhere to the policy. What log can provide the technician with the computer's attempted logins or denial when an employee attempts to access a file? A. Firewall logs B. Operating system-specific security logs C. Application logs D. Endpoint
B. Operating system-specific security logs
A cyber team is responding to regulatory requirements after the organization falls victim to a breach. What remediation practice involves the application of updates to systems to fix known vulnerabilities? A. Insurance B. Patching C. Segmentation D. Compensating controls
B. Patching
What significant challenge should a technician be aware of that can arise from the complexity of automation and orchestration when implementing it within their team's workspace? A. It can impact multiple areas of the organization, causing widespread problems. B. Poorly planned strategies can make systems difficult to maintain. C. It can result in poorly documented code, leading to instability and increased costs. D. It can quickly erode if they do not continue the needed patches and updates.
B. Poorly planned strategies can make systems difficult to maintain.
The network security manager of a large corporation is planning to improve the efficiency of the company's Security Information and Event Management (SIEM) system. The SIEM system receives data from various sources, including Windows and Linux hosts, switches, routers, and firewalls. To make the data from different sources more consistent and searchable, which functionality should the manager focus on enhancing in the SIEM system? A. Improve the SIEM system's vulnerability scanning capabilities B. Refine the log aggregation process in the SIEM system C. Enhance the agent-based collection method on the SIEM system D. Implement additional packet sniffers in the network
B. Refine the log aggregation process in the SIEM system
In a multinational corporation, employees across various departments regularly access many cloud-based applications to fulfill their tasks efficiently. The company's security team is grappling with managing user credentials securely and efficiently across these diverse platforms. They are actively looking to improve user authentication and streamline access to these applications while ensuring robust security measures are in place. In this scenario, what technology should the company implement to enable Single Sign-On (SSO) capabilities and ensure secure authentication across its diverse cloud-based applications? A. LDAP B. SAML C. RADIUS D. VPN
B. SAML
A healthcare organization is retiring an old database server that housed sensitive patient information. It aims to ensure that this information is completely irretrievable. What key process should the organization prioritize before disposing of this server? A. Certification of the server's functionality B. Secure destruction of all data stored on the server C. Preservation of all data for future reference D. Repurposing of the server without any modifications
B. Secure destruction of all data stored on the server
A global financial institution with a vast network of offices and data centers has faced increasing cybersecurity threats. The organization's IT team realizes that privileged accounts are a prime target for hackers, and manually managing them poses a significant risk. The company implemented a Privileged Access Management (PAM) solution to strengthen its security posture. As part of the implementation, the IT team focuses on password vaulting, a critical component of PAM. As part of the advanced PAM implementation, which of the following options depicts the primary purpose of password vaulting? A. Enforcing strong password policies B. Securely store and manage privileged account credentials C. Automatically generate and assign passwords for all users D. Complying with regulatory requirements
B. Securely store and manage privileged account credentials
An incident response analyst investigates a suspected network breach in the organization. With access to a Security Information and Event Management (SIEM) tool that aggregates and correlates data from multiple sources, which combination of data sources should the analyst primarily consider to trace the origin and pathway of the breach? A. Trace the origin through packet captures, operating system (OS)-specific security logs, and application logs B. Trace the origin through firewall logs, network logs, and automated SIEM reports to identify suspicious activities and potential breach pathways. C. Trace the origin through authorized activities on endpoint logs, metadata, and automated reports on end-user systems D. Trace the origin through information from activities on firewall logs, network logs, and application logs
B. Trace the origin through firewall logs, network logs, and automated SIEM reports to identify suspicious activities and potential breach pathways.
A large multinational company uses a cloud-based document storage system. The system provides access to documents by considering a combination of factors: the user's department, geographic location, the document's sensitivity level, and the current date and time. For example, only the finance department of a specific region can access its financial reports, and they can do so only during business hours. Which access control model does the company MOST likely use to manage this complex access control? A. Discretionary access control B. Rule-based access controls C. Attribute-based access control D. Role-based access control
C. Attribute-based access control
The IT security team at a large company is implementing more robust authentication measures to safeguard sensitive data and systems. The team is exploring multifactor authentication (MFA) options to bolster security. The company deals with highly confidential information and requires a robust solution. The team has narrowed the choices and is evaluating which aligns BEST with their security needs. Which multi-factor authentication method utilizes unique physical characteristics of individuals to verify their identity? A. Smart cards B. SMS-based one-time passwords C. Biometrics D. Passwords and PINs
C. Biometrics
A financial institution is preparing to decommission a number of its old servers. The servers contain sensitive customer data that needs proper handling to prevent unauthorized access or data breaches. Which strategy should the institution primarily employ to ensure the data on these servers stays irretrievable? A. Use a basic method of overwriting, such as zero filling, once. B. Leave the data on the servers, as the system will eventually overwrite it. C. Carry out a sanitization process that includes multiple passes of overwriting and degaussing. D. Physically destroying the servers is necessary.
C. Carry out a sanitization process that includes multiple passes of overwriting and degaussing.
An organization needs a solution for controlling and monitoring all inbound and outbound web content, analyzing web requests, blocking access based on various criteria, and offering detailed logging and reporting of web activity. Which of the following solutions is the MOST suitable in this situation? A. Manual URL blocking B. Agent-based filtering C. Centralized web filtering D. Content categorization
C. Centralized web filtering
A company recently faced a security breach through its network switch. They learned that the attacker was able to access the switch using the default credentials. Which of the following steps should the company take to improve the security of the switch and avoid such breaches in the future? A. Switch to wireless routers B. Change the switch to a different brand C. Change the default credentials of the switch D. Increase the number of devices that can connect to the switch
C. Change the default credentials of the switch
After finding some of the company's confidential data on the internet, a software team is drafting a policy on vulnerability response and remediation. What remediation practice refers to measures put in place to mitigate the risk of a vulnerability when the team cannot directly eliminate it? A. Insurance B. Patching C. Compensating controls D. Segmentation
C. Compensating controls
An information security manager is fine-tuning a Security Information and Event Management (SIEM) system in a company that has recently reported a series of unauthorized account access attempts. The manager wants to ensure prompt detection of similar incidents for immediate investigation. Which approach should the manager consider to optimize the system's alerting capability? A. Enabling the SIEM system to send an alert for every received threat intelligence feed B. Setting the SIEM system to generate an alert for every single-user login failure C. Configuring the SIEM system to alert when multiple login failures for the same account occur within a specified time period D. Arranging the SIEM system to archive all historical log data for retrospective incident and threat hunting
C. Configuring the SIEM system to alert when multiple login failures for the same account occur within a specified time period
What action of the incident response process limits the scope and magnitude of the incident? A. Detection B. Eradication C. Containment D. Analysis
C. Containment
A tech department evaluates the benefits of automation and scripting after recently acquiring new funding. What capability within automation and scripting allows developers to regularly merge their changes back to the main code branch and evaluate each merge automatically to help detect and fix integration problems? A. User provisioning B. Guardrails C. Continuous integration and testing D. Resource provisioning
C. Continuous integration and testing
After a recent breach, an organization mandates increased monitoring of corporate email accounts. What can the organization use that mediates the copying of tagged data to restrict it to authorized media and services and monitors statistics for policy violations? A. SCAP B. A-V C. DLP D. SNMP trap
C. DLP
An IT auditor is responsible for ensuring compliance with best practice frameworks. The auditor conducts a compliance scan, using the security content automation protocol (SCAP), to measure system and configuration settings against a best practice framework. Which XML schema should the IT auditor use to develop and audit best practice configuration checklists and rules? A. Security content automation protocol B. Open Vulnerability and Assessment Language C. Extensible configuration checklist description format D. Simple Network Management Protocol
C. Extensible configuration checklist description format
A forensic analyst at an international law enforcement agency investigates a sophisticated cyber-espionage case. The analyst must uncover the timeline of document interactions, detect concealed or system-protected files, interpret categories of digital events, and trace digital breadcrumbs left behind during media uploads on social platforms. What combination of data sources would provide the MOST comprehensive information for this multifaceted investigation? A. File metadata and event logs B. Network transaction logs and gateway security logs C. File metadata with extended attributes and network transaction logs D. Event logs and gateway security logs
C. File metadata with extended attributes and network transaction logs
A chief security officer (CSO) is overseeing the deployment of a Security Information and Event Management (SIEM) system in a large organization with a mix of computer systems and network appliances. The CSO has concerns about the system resources that the data collection process on the individual computer systems utilizes. Which method should the CSO consider to minimize the resource usage on these systems while ensuring effective data collection for the SIEM system? A. Deploying additional SIEM systems to distribute the data collection load B. Using a sensor-based collection method on the computer systems C. Implementing an agentless collection method on the computer systems D. Running regular vulnerability scans on the computer systems to optimize their performance
C. Implementing an agentless collection method on the computer systems
During the process of merging two companies, the integrated security team is tasked with consolidating their approaches to managing cybersecurity incidents. Which comprehensive document should be developed to outline the overall strategy and procedures for incident response, encompassing preparation, identification, containment, eradication, recovery, communication protocols, and contacts and resources for responders? A. Playbook B. Communication plan C. Incident response plan D. Incident response lifecycle
C. Incident response plan
A newly hired system admin is reviewing remediation practices and notices the company's practices in one area need strengthening. The system admin knows the importance of this practice due to the protections it affords against the exploitation of vulnerabilities. What remediation practice is the system admin reviewing? A. Compensating controls B. Segmentation C. Patching D. Exceptions and exemptions
C. Patching
A company's network has experienced increased infiltration due to employees accessing dangerous websites from different content categories. The company has decided to enhance its security by implementing reputation-based filtering and content categorization in its web filtering system. Which of the following BEST compares these features? A. Reputation-based filtering sorts by content themes; content categorization rates by past behaviors. B. Reputation-based filtering permits executable downloads; content categorization can restrict social media. C. Reputation-based filtering evaluates sites by past behavior; content categorization sorts by themes like adult content. D. Reputation-based filtering assesses sites through techniques; content categorization focuses on content type.
C. Reputation-based filtering evaluates sites by past behavior; content categorization sorts by themes like adult content.
A tech company is in the process of decommissioning a fleet of old servers. It wants to ensure that sensitive data stored on these servers is fully eliminated and is not accessible in the event of unauthorized attempts. What primary process should the company implement before disposing or repurposing these servers? A. Moving the servers to a secure storage location B. Deleting all the files on the servers C. Sanitizing the servers D. Selling the servers immediately
C. Sanitizing the servers
A multinational company worries that its IT department is getting complacent regarding cybersecurity. The company begins working with an outside company to create a real-world scenario to gauge the IT department's response to a strong attack. This situation represents what type of testing scenario? A. Walkthrough B. Tabletop exercise C. Simulation D. Communication plan
C. Simulation
The IT team at a medium-sized company is upgrading its wireless network security to protect sensitive data and ensure secure communication between devices. They have decided to implement Wi-Fi Protected Access 3 (WPA3). What is the primary purpose of implementing WPA3 on the company's wireless network? A. To ensure seamless compatibility with legacy wireless devices B. To increase the wireless network's speed and performance C. To enhance wireless network security with the latest encryption standards D. To provide additional administrative features for network management
C. To enhance wireless network security with the latest encryption standards
In a small software development company, the development team has created a critical application that handles sensitive user data. The company's security policy mandates conducting a thorough application security assessment before deployment. To achieve this, the team employed a static code analysis tool, taking advantage of its primary feature. How can the development team utilize static code analysis in the critical application's software development process? A. To optimize the application's performance and reduce resource usage B. To enhance the user interface and improve the application's aesthetics C. To identify potential security vulnerabilities in the application's source code D. To evaluate user feedback and enhance user experience
C. To identify potential security vulnerabilities in the application's source code
An organization has implemented a Bring Your Own Device (BYOD) policy, allowing employees to use their personal mobile devices for work-related tasks. Aware of the varying legal ramifications and privacy concerns across different jurisdictions related to controlling personal devices, the organization seeks to enhance the security of these devices within the constraints of these legal and privacy issues. Considering this context, which of the following measures would be the MOST effective way to navigate these complexities while striving to secure employees' mobile devices under the BYOD policy? A. Restricting all access to company resources from mobile devices B. Providing employees with company-owned mobile devices C. Using MDM solutions to centrally control employees' mobile devices D. Enforcing complex passwords for all employee mobile devices
C. Using MDM solutions to centrally control employees' mobile devices
An organization wants to enhance its cybersecurity by implementing web filtering. The company needs a solution that provides granular control over web traffic, ensures policy enforcement even when employees are off the corporate network, and can log and analyze Internet usage patterns. Which of the following strategies BEST meets these requirements? A. Reputation-based filtering B. Centralized web filtering C. Manual URL blocking D. Agent-based filtering
D. Agent-based filtering
In the context of enterprise web management, which method specifically involves the creation and enforcement of criteria—such as specific URLs, domains, IP addresses, content categories, or keywords within the web content—to block access to certain web resources proactively? A. Content categorization B. Reputation-based filtering C. URL scanning D. Block rules
D. Block rules
A technician is modifying controls to increase security on messaging services. Which of the following options check to define rules for handling messages, such as moving messages to quarantine or spam, rejecting them outright, or tagging the message? A. DKIM B. SPF C. EDR D. DMARC
D. DMARC
A financial services company is decommissioning many servers that contain highly sensitive financial information. The company's data protection policy stipulates the need to use the most secure data destruction methods and comply with strict regulatory requirements. The company also has a significant environmental sustainability commitment and seeks to minimize waste wherever possible. What should the company's primary course of action be during this process? A. Storing the servers indefinitely in a secure location to avoid any risk of data leakage B. Incinerating the servers, since it is the most effective method of data destruction C. Overwriting the data on the servers multiple times, then disposing of the servers without any certification D. Degaussing the servers, rendering the data irretrievable, followed by reselling or recycling the servers after certification
D. Degaussing the servers, rendering the data irretrievable, followed by reselling or recycling the servers after certification
A security operations analyst at a financial institution analyzes an incident involving unauthorized transactions. The analyst suspects that a malware infection on one of the endpoints might have led to the unauthorized access. To identify the root cause and trace the activities of the suspected malware, which combination of data sources should the analyst primarily consider? A. Logs from applications involved in the transactions, logs generated by the host's antivirus software, and /var/log/auth.log for authentication and authorization data. B. Network logs, packet captures, and logs generated by network-based vulnerability scanners. C. Firewall logs, system memory metadata, and automated reports from the SIEM tool. D. Endpoint logs, log files generated by the OS components of the affected host computer, and logs from the host-based intrusion detection system.
D. Endpoint logs, log files generated by the OS components of the affected host computer, and logs from the host-based intrusion detection system.
A senior security analyst is refining the incident response processes for a large organization that recently implemented a Security Information and Event Management (SIEM) system. During a simulation of a cybersecurity incident, the analyst observed that the SIEM system generated several alerts that were false positives, leading to unnecessary consumption of resources. On which step should the analyst focus to improve the efficiency of the alert response and remediation process? A. Increasing the frequency of SIEM system reporting to capture more incidents B. Increasing the number of correlation rules in the SIEM system C. Implementing additional threat intelligence feeds in the SIEM system D. Enhancing the validation and quarantine processes in the alert response
D. Enhancing the validation and quarantine processes in the alert response
A global corporation has faced numerous cyber threats and is now prioritizing the security of its servers. The corporation's IT security expert recommends a strategy to improve server security. Which of the following options is likely to be the MOST effective? A. Switch off all security features to enhance server performance and reduce latency. B. Enable all services on the servers to maximize functionality. C. Utilize easily-remembered, simple passwords to improve server manageability. D. Implement a secure baseline, consistently apply updates and patches, and adhere to hardening guidelines.
D. Implement a secure baseline, consistently apply updates and patches, and adhere to hardening guidelines.
Upon starting their workday, a cybersecurity manager receives an email from local law enforcement, showing that a subpoena has been issued to the company requesting all records to be retained for an upcoming court date. What is being placed on the data itself? A. Data acquisition B. Due process C. Digital forensics D. Legal hold
D. Legal hold
In a company, different departments actively access various cloud-based applications and services to perform their tasks efficiently. The company's security team has concerns about the growing complexity and risks of managing user credentials across multiple platforms. To address this concern proactively, the team implements a modern authentication solution that actively provides Single Sign-On (SSO) capabilities, ensuring enhanced user convenience and security. In this scenario, which technology should the organization proactively employ for federation and enabling SSO capabilities effectively across the diverse range of cloud-based applications? A. PKI B. RBAC C. LDAP D. OAuth
D. OAuth
A healthcare organization is preparing to decommission several servers containing sensitive patient information. The organization wants to ensure that it securely disposes of the data on these servers and properly documents this process. What should the organization primarily focus on to ensure secure data disposal and regulation compliance? A. Pass the servers to the IT team for random allocation among employees. B. Sell the servers as soon as possible to reclaim some of the initial investment. C. Keep the servers in storage indefinitely as a backup in case of data loss. D. Obtain a certificate of destruction or sanitization from a third-party provider.
D. Obtain a certificate of destruction or sanitization from a third-party provider.
The IT department at a medium-sized company is exploring ways to enhance its authentication methods to improve security. They want to choose an authentication approach that balances security and user convenience. Which authentication method eliminates the need for passwords and provides a secure way of verifying a user's identity based on the device's hardware or software characteristics? A. Biometric authentication B. Attestation C. Multifactor authentication D. Passwordless authentication
D. Passwordless authentication
A hacker successfully bypasses several protections and exfiltrates sensitive data. The company immediately begins recovery and takes steps to discover the initial problem that allowed the infiltration. This type of investigation is commonly referred to as what? A. Lessons learned B. Analysis C. Recovery D. Root cause analysis
D. Root cause analysis
After experiencing a catastrophic server failure in the headquarters building, what can the company use to monitor notable events such as port failure, chassis overheating, power failure, or excessive CPU utilization? A. SCAP B. DLP C. A-V D. SNMP trap
D. SNMP trap
The cybersecurity expert at a technology firm recommends adding another layer of protection to employee accounts. The expert suggests a physical device that users can insert into compatible systems to verify their identity alongside a password. Which authentication method is the cybersecurity expert recommending for the employees? A. Certificate-Based Authentication B. Hard authentication token C. Biometric authentication D. Smart Card
D. Smart Card
A digital forensic analyst at a healthcare company investigates a case involving a recent data breach. In evaluating the available data sources to assist in the investigation, what application protocol and event-logging format enables different appliances and software applications to transmit logs or event records to a central server? A. Dashboard B. Endpoint log C. Application Log D. Syslog
D. Syslog
In a medium-sized tech company, employees have different roles and responsibilities requiring access to specific resources and data. The IT team is implementing security measures to control access effectively and reduce the risk of unauthorized activities. What security measure could the IT team implement in the tech company to control access effectively and minimize the risk of unauthorized activities? A. Implement intrusion detection systems to monitor and identify potential security breaches B. Implement a firewall to protect the company's network from external threats C. Enforce mandatory password changes every month to enhance password security D. The principle of least privilege to grant employees the minimum needed access based on job roles
D. The principle of least privilege to grant employees the minimum needed access based on job roles
A company plans to upgrade its wireless network infrastructure to improve connectivity and security. The IT team wants to ensure that the new network design provides adequate coverage, minimizes interference, and meets security standards. To achieve this, they conduct a site survey and create a heat map of the area. What is the primary purpose of conducting a site survey and creating a heat map for the company's wireless network upgrade? A. To evaluate the performance and bandwidth usage of the current wireless network B. To identify potential security threats and vulnerabilities in the existing network C. To map out the physical layout of the building and identify potential obstacles affecting wireless signal strength D. To assess wireless signal coverage, identify dead zones, and optimize access point placement for the upgrade
D. To assess wireless signal coverage, identify dead zones, and optimize access point placement for the upgrade
A cyber architect explores various methods to assign needed access for newly-hired employees or employees who have transitioned to a new role. What are the benefits associated with user provisioning? (Select the two best options.) A. It can create, modify, or delete individual user accounts. B. It can create, modify, or delete individual users' access rights across IT systems. C. It can allocate IT servers to users. D. It can assist users by giving access to networks and storage.
A & B
A system administrator frequently encounters false positive vulnerability alerts, which are inaccurately indicating security weaknesses that do not exist. These false alarms are becoming a significant issue, leading to wasted resources and potential neglect of real vulnerabilities. To enhance the accuracy of vulnerability detection and reduce the occurrence of these false positives, what are the most effective actions the administrator can take? (Select the two best options.) A. Adjust scanner config based on log review B. Use different scanners C. Use threat feeds D. Remediation efforts
A & B
A system administrator is assessing the broader context of the company's IT security posture in light of recent expansions in both workstations and servers. This assessment includes understanding the impact of various external and internal factors on the organization's IT infrastructure. Aside from the organization's IT infrastructure itself, what are two other significant factors that should be considered in this assessment? (Select the two best options.) A. External threat landscape B. Regulatory/compliance environment C. Prioritization D. Risk tolerance
A & B