Domain 4.0 Security Operations Assessment

Which platform features ensure that vulnerability scanners can accurately identify and remain up-to-date regarding known vulnerabilities and misconfigurations? (Select the three best options.)

A.Automatic database updates via a vulnerability feed B.Integration with SCAP Adjusting scan configurations

A software technician delivers a presentation on the capabilities associated with centralizing web filtering. When exploring techniques tied to centralized proxy service employment to protect traffic, what classifies websites into various groupings, such as social networking, webmail, or gambling sites?

A.Content categorization

An organization is enhancing its security measures to combat email-based threats after being targeted in a whaling attack. Regarding email security, what uses tenets from authentication methods and encryption features to define rules for handling messages, such as moving messages to quarantine or spam, rejecting them entirely, or tagging them?

A.DMARC

A cyber architect explores various automated methods for managing access for newly hired employees or employees moving into new roles. Which of the following best represents the benefit of this approach to managing user accounts? (Select the two best options.)

A.It can create, modify, or delete individual user accounts. B.It can create, modify, or delete individual users' access rights across IT systems.

You are tasked with destroying data stored on disk drives. Which of the following choices will accomplish this objective while still allowing the disks to be re-used? (Select the two best options.)

A.Multi-pass overwrite B.Manufacturer-provided disk sanitization utility

A company identifies the need to monitor and secure applications, third-party software, libraries, and dependencies. Which of the following practices directly support this endeavor? (Select the three best options.)

A.Package monitoring B.Software Bill of Materials C.Software composition analysis

The IT department at a small company is revamping its password policies to bolster security. The company wants to ensure employees follow best practices for creating and managing passwords. The department aims to promote a secure environment by implementing password expiration policies. Which method for password management is BEST to promote a secure environment by requiring users to change their passwords after a certain period?

A.Password expiration

Which of the following statements is correct regarding user account provisioning and de-provisioning? (Select the two best options.)

A.Provisioning and de-provisioning of user accounts involve creating, modifying, and removing user accounts to maintain appropriate access levels. B.The principle of least privilege guides the assignment of permissions, ensuring users have only the necessary access for their job roles.

3 of 29 Question An organization's IT security team is researching a method to isolate potentially compromised applications while they run to prevent the scope of damage associated with their exploitation. Which of the following approaches is best suited to this objective?

A.Sandboxing

A company identifies the need to monitor and secure applications, third-party software, libraries, and dependencies. Which of the following practices directly support this endeavor? (Select the three best options.)

A.Software package monitoring B.Software Bill of Materials C.Software composition analysis

The security team wants to improve data access controls via rule-based and time-of-day restrictions. How can rule-based access controls and time-of-day restrictions improve data access controls? (Select the two best options.)

A.To define specific access rules based on employees' roles and responsibilities To restrict access to critical systems during non-working hours to enhance security

A system administrator frequently encounters false positive vulnerability alerts. What are the most effective actions the administrator can take to resolve this issue? (Select the two best options.)

Adjust scanner config based on log reviewB.Use different scanners

24 of 29 Question The network administrator of a small business needs to enhance the security of the business's wireless network. The primary goal is to implement Wi-Fi Protected Access 3 (WPA3) as the main security measure but recognize the need to adjust other wireless security settings to effectively complement WPA3 and create a robust network for all employees to access critical company resources securely. What considerations should the network administrator consider when implementing WPA3 and adjusting wireless security settings? (Select the two best options.)

B. Enabling media access control address filtering to restrict access to authorized devices C. Implementing 802.1X authentication for user devices

An organization reviews recent audit results of monitoring solutions and learns that detection tools generate a high volume of false positives. Which alert tuning techniques can reduce the volume of false positives? (Select the three best options.)

B. Refining detection rules and muting alert levels C. Redirecting sudden alert "floods" to a dedicated group D. Redirecting infrastructure-related alerts to a dedicated group

You are a cybersecurity analyst using a Security Information and Event Management (SIEM) system. You notice the SIEM is flooding your team with too many alerts, many of which are false positives. You decide to adjust the SIEM settings to improve its efficiency. What is the BEST first step to reduce false positives from the SIEM system?

B.Adjust the SIEM's alert thresholds and rules based on past false positives

17 of 29 Question A cyber technician is enhancing application security capabilities for corporate email accounts following a breach. Which of the following options leverages encryption features to enable email verification by allowing the sender to sign emails using a digital signature?

B.DKIM

A cyber technician is enhancing application security capabilities for corporate email accounts following a breach. Which of the following options leverages encryption features to enable email verification by allowing the sender to sign emails using a digital signature?

B.DKIM

The security team noticed that a few users of the company's website have been able to submit malformed data, exposing sensitive data stored in a database. The team wants to enhance the platform's security without impacting its usability. What security control should the security team implement?

B.Implement robust input validation mechanisms to validate all incoming data

The network security manager of a large corporation is planning to improve the efficiency of the company's Security Information and Event Management (SIEM) system. The SIEM system receives data from various sources, including Windows and Linux hosts, switches, routers, and firewalls. To make the data from different sources more consistent and searchable, which functionality should the manager focus on enhancing in the SIEM system?

B.Refine the log aggregation process in the SIEM system

An organization reviews recent audit results of monitoring solutions and learns that detection tools generate a high volume of false positives. Which alert tuning techniques can reduce the volume of false positives? (Select the three best options.)

B.Refining detection rules and muting alert levels C.Redirecting sudden alert "floods" to a dedicated group D.Redirecting infrastructure-related alerts to a dedicated group

A global financial institution has implemented Privileged Access Management (PAM) and password vaulting to protect privileged accounts. Which of the following best describes the primary purpose of password vaulting?

B.Securely store and manage privileged account credentials

You're a junior cybersecurity analyst reviewing logs to monitor for suspicious activities. Understanding the format of logs is crucial for effective analysis. Which log format is MOST likely to be standardized and easily parsed across different systems?

B.Syslog

23 of 29 Question An information security manager fine-tunes a Security Information and Event Management (SIEM) system to detect security incidents promptly. To optimize the system's alerting capability, which approach should the manager consider?

C. Configuring the SIEM system to alert when multiple login failures for the same account occur within a specified time period

A company recently faced a security breach through its network switch. They learned that the attacker was able to access the switch using the default credentials. Which of the following steps should the company take to improve the security of the switch and avoid such breaches in the future?

C.Change the default credentials of the switch

As a digital forensics analyst, you've been tasked with investigating a suspected data breach in your organization. You need to collect evidence from various compromised digital devices. Proper procedures are crucial to ensure that the evidence is admissible in court. Which step is MOST critical when beginning the collection of digital evidence to ensure its admissibility in court?

C.Documenting the scene and creating a chain of custody form

An auditor performs a compliance scan based on the security content automation protocol (SCAP). Which of the following elements represents best practice configuration checklists and rules?

C.Extensible configuration checklist description format

A large government agency is reviewing its preparedness for security incidents and unscheduled downtime. What should the agency develop that lists the procedures, contracts, and resources available to support these emergencies?

C.Incident response plan

A system administrator is reviewing practices designed to directly remediate software vulnerabilities. What practice is the system administrator reviewing?

C.Patching

The IT team at a medium-sized company is upgrading its wireless network security to protect sensitive data and ensure secure communication between devices. They have decided to implement Wi-Fi Protected Access 3 (WPA3). What is the primary purpose of implementing WPA3 on the company's wireless network?

C.To enhance wireless network security with the latest encryption standards

A financial institution plans to repurpose several older servers to expand the resources available in its test environment. The servers contain sensitive customer data. Which of the following represents the appropriate action for repurposing the servers in this manner?

Carry out a sanitization process that includes multiple passes of overwriting and degaussing.

An organization needs a solution for controlling and monitoring all inbound and outbound web content, analyzing web requests, blocking access based on various criteria, and offering detailed logging and reporting of web activity. Which of the following solutions is the MOST suitable in this situation?

Centralized web filtering

A company recently faced a security breach through its network switch. They learned that the attacker was able to access the switch using the default credentials. Which of the following steps should the company take to improve the security of the switch and avoid such breaches in the future?

Change the default credentials of the switch

After finding some of the company's confidential data on the internet, a software team is drafting a policy on vulnerability response and remediation. What remediation practice refers to measures put in place to mitigate the risk of a vulnerability when the team cannot directly eliminate it?

Compensating controls

An organization needs to improve mobile device security by implementing internet access restrictions. The organization needs a solution that provides granular control over traffic and ensures policy enforcement for devices when they are away from the corporate network. Which of the following is most closely associated with ensuring mobile devices remain in compliance with these requirements?

D.Agent-based filtering

A technician is modifying controls to increase security on messaging services. Which of the following provides rules for handling messages, such as moving messages to quarantine or spam, rejecting them outright, or tagging the message?

D.DMARC

24 of 29 Question A security operations analyst suspects that a malware infection on one of the endpoints may have led to unauthorized access. To identify the root cause and trace the malware's activities, which combination of data sources should the analyst prioritize for review?

D.Endpoint logs, log files generated by the OS components of the affected host computer, and logs from the host-based intrusion detection system.

18 of 29 Question A regional bank is facing increased cyber threats and is concerned about the security of its servers. As a security analyst, you have been asked to provide a recommendation designed to improve the security of the servers while maintaining full operation. Which of the following options is the MOST effective?

D.Implement a secure baseline, consistently apply updates and patches, and adhere to hardening guidelines.

A regional bank is facing increased cyber threats and is concerned about the security of its servers. As a security analyst, you have been asked to provide a recommendation designed to improve the security of the servers while maintaining full operation. Which of the following options is the MOST effective?

D.Implement a secure baseline, consistently apply updates and patches, and adhere to hardening guidelines.

15 of 29 Question A cybersecurity manager receives an email from the company's attorneys stating a subpoena has been issued for specific data records to be retained. Which of the following best describes this request?

D.Legal hold

A healthcare organization is preparing to decommission several servers containing sensitive patient information. Which of the following ensures secure data disposal and regulatory compliance?

D.Obtain a certificate of destruction from a third-party provider.

Which of the following options is NOT a challenge typically encountered while implementing web filtering solutions in an enterprise?

Decrease in network latency

A financial services company is decommissioning many servers that contain highly sensitive financial information. The company is committed to environmental sustainability and seeks to minimize waste wherever possible. What is the company's best course of action when decommissioning its servers?

Degaussing the servers, then reselling or recycling them

As a digital forensics analyst, you've been tasked with investigating a suspected data breach in your organization. You need to collect evidence from various compromised digital devices. Proper procedures are crucial to ensure that the evidence is admissible in court. Which step is MOST critical when beginning the collection of digital evidence to ensure its admissibility in court?

Documenting the scene and creating a chain of custody form

Focusing on immediate operational improvements, which of the following benefits are most directly associated with automation in security operations? (Select the two best options.)

Generate tickets for security incidents automatically. B.Rapid escalation of security incidents.

What benefit does certification offer within the context of secure disposal and decommissioning of assets?

It refers to the documentation and verification of the data sanitization or destruction process.

A cybersecurity responder covertly monitors a hacker's activities to prepare a containment and eradication plan. What threat-hunting technique does this describe?

Maneuvering

A healthcare organization is preparing to decommission several servers containing sensitive patient information. Which of the following ensures secure data disposal and regulatory compliance?

Obtain a certificate of destruction from a third-party provider.

The IT department at a medium-sized company is exploring ways to enhance its authentication methods to improve security. They want to choose an authentication approach that balances security and user convenience. Which authentication method eliminates the need for passwords and provides a secure way of verifying a user's identity?

Passwordless authentication

An incident response team is addressing a security issue. What practice involves installing software to remediate known vulnerabilities?

Patching

A company has added several new assets and software to its system and is meeting to review its risk matrix. It wants to ensure risk management efforts focus on vulnerabilities most likely impacting its operations significantly. What is this commonly referred to as?

Prioritization

A multinational bank is working with a third-party security company to develop a real-world scenario designed to evaluate incident response effectiveness. What type of testing scenario does this represent?

Simulation

The cybersecurity expert at a technology firm recommends adding another layer of protection to employee accounts. The expert suggests a physical device that users can insert into compatible systems to verify their identity alongside a password. Which authentication method is the cybersecurity expert recommending for the employees?

Smart Card

Which MFA factor relies on the use of a smart card or key fob to support authentication?

Something you have

The IT team at a medium-sized company is upgrading its wireless network security to protect sensitive data and ensure secure communication between devices. They have decided to implement Wi-Fi Protected Access 3 (WPA3). What is the primary purpose of implementing WPA3 on the company's wireless network?

To enhance wireless network security with the latest encryption standards

A small software company's development team has created an application that handles sensitive user data using a static code analysis tool to support their development efforts. How does static code analysis support software application development processes?

To identify potential security vulnerabilities in the application's source code