SEC+701 Quizes
A large organization faces increasing threats from unauthorized devices trying to gain access to its network. The chief information security officer (CISO) seeks to modify the company's network infrastructure to incorporate a more rigorous method of validating both users and devices before granting access to resources. Which network access control method should the CISO implement to ensure rigorous validation of both users and devices, offering the highest level of security against unauthorized access to the company's network resources?
802.1X
An indie game developer created a browser based on the Chromium project. The developer must ensure that anyone using the browser is safe from invalid certificates. What service should the developer contract with to ensure that the browser blocks revoked certificates?
A Certificate Authority (CA) or owner can revoke or suspend a certificate for many reasons. A Certificate Revocation List (CRL) is a list of no longer valid certificates.
After a company hires a new chief information security officer (CISO), the chief executive officer (CEO) requests the CISO to hire staff for the new team. The purview of the team will be monitoring and protecting critical information assets throughout the company. What BEST describes the location of this new team within the structure of the company?
A Security Operations Center (SOC) is the team responsible for security-related activities within a company.
A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?
A service level agreement (SLA)
A small development company just set up a web server and must ensure a secure customer connection. How does it set up a digital certificate on its web server?
A subject must complete a Certificate Signing Request (CSR) and submit it to the CA to get a certificate.
The network administrator for a large corporation recently detected multiple unauthorized intrusion attempts on the network. As a result, the team deployed an intrusion detection system (IDS) and an intrusion prevention system (IPS). The team aims to block malicious traffic and automatically receive alerts on suspicious activities. The administrator needs to choose an approach that offers real-time protection against active threats and can modify or reject traffic in the network. Based on the desired outcomes and functionality the network administrator requires, which system should the team primarily focus on for real-time traffic modification and blocking active threats?
Active intrusion prevention system (AIPS)
What is the process of encryption called?
Algorithm
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
An intrusion prevention system (IPS
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
An intrusion prevention system (IPS)
A leading financial institution is enhancing its security infrastructure by revising user access controls. The IT department, in collaboration with the security team, deliberates on the essential principles to guide their implementation efforts. A primary focus is on ensuring proper authentication and authorization mechanisms are in place. Which of the following measures should the IT department integrate to ensure users are both authenticated and authorized before gaining access to sensitive resources? (Select the two best options.)
Assigning role-based access controls (RBAC) Implementing multifactor authentication (MFA)
An employee unknowingly clicked on a malicious attachment but did not notice any issues right away and assumed nothing happened. A short while later, the security operations center received a notification of a virus attempting to access an IP address outside the company. What is the malicious attachment most likely doing?
Attempting to create a remote connection
What component of modern access controls determines what rights subjects should have on each resource?
Authorization
A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development?
Availability
During a cybersecurity seminar, the IT manager presented two significant components of their organization's continuity strategy: Business continuity planning (BCP) and continuity of operations planning (COOP). The team needed clarification about the distinctive attributes of each component. Which statement BEST distinguishes business continuity planning from continuity of operations planning in the context of an organization's overall continuity approach?
BCP focuses on recovery and business continuity functions; COOP maintains essential operations during disruptions.
A software development company pushes a critical update for its operating system, addressing security vulnerabilities. The chief information security officer (CISO) schedules a meeting with the security team to discuss the specifics of one of these vulnerabilities exploited in recent cyberattacks. Based on common operating system vulnerabilities, which of the following has insufficient or missing data validation mechanisms that lead to the system interpreting unintended command execution?
Buffer overflow
A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?
Capacity planning
A large certificate-issuing company lost its reputation due to poor business practices. Its higher signing authority revoked the ability to issue new certificates, and browsers now show it as invalid. What describes the position that the company once had but has now lost?
Certificate Authority
A large multimedia company is in the process of creating new marketing campaign for a soon-to-be-released movie. However, before releasing the campaign, the company noticed an increase in fake accounts mimicking it online with a similarly-looking campaign. What could the company do to mitigate this issue?
Check for brand impersonation
An organization's security officer is actively developing a new data protection strategy. The plan aims to fortify the integrity of data stored on the company's servers to uphold the confidentiality, integrity, and availability (CIA) triad principles. In this development process, which data protection method should the security officer primarily implement to ensure the accuracy and consistency of data over its entire life cycle, according to the principles of the CIA triad, particularly focusing on enhancing the "integrity" aspect?
Checksum verification
Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an IaaS model for a cloud environment?
Client
A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)
Company data can be accounted for when the employee leaves the organization If a security incident occurs on the device, the correct employee can be notified
An engineer for a small company is trying to explain the importance of security to the company's owner. The owner feels the company does not need permissions added to the shared drive. What security concept Should the engineer detail for the owner of the company to ensure the security of the shared drive?
Confidentiality
Which of the following would be best suited for constantly changing environments?
Containers
A company moved its office supplies to another room and instituted a new security system for entry. The company implemented this after a recent server outage. What category of security control BEST describes the function of this recent implementation?
Corrective
A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?
Create a change control request
A cybersecurity specialist is preparing to perform a vulnerability scan on an organization's infrastructure. The organization's management wants the scan to be as thorough as possible without directly compromising any systems or accessing sensitive data. The cybersecurity specialist considers both credentialed and non-credentialed scans to determine which will best suit the organization's requirements. In the described situation, if aiming to gather detailed vulnerability data from the system by logging into it using pre-defined accounts, which type of scan is the specialist planning to conduct?
Credentialed scan
Which of the following would not commonly be available as an IaaS service offering?
Customer relationship management (CRM) packages offered in the cloud would be classified as Software as a service (SaaS), since they are not infrastructure components.
A large multinational software company experienced a ransomware attack. After running a forensic audit and recovering data from backups, the company found that it was an organized, illicit, nonpolitical group that attempted to extort it. What describes the attack that occurred to the company?
Cybercrime
An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?
Data in transit
A small company needs to ensure it protects the SQL data against theft while in use. What type of encryption would BEST fit its needs?
Database-level encryption
A security analyst is reviewing server configurations in an organization during a vulnerability assessment. The analyst finds that someone left the default vendor passwords active on a critical server holding customer data. Additionally, someone is running unnecessary services on the server, and no one has patched it for several months. In this scenario, which vulnerability would adversaries MOST likely exploit first to gain unauthorized access to the critical server?
Default vendor passwords not changed
A security administrator reviews the network configurations of a recently deployed server. The administrator notices that certain unnecessary services have access to the server, potentially creating vulnerabilities. The administrator decides to refine the access control list (ACL) to enhance the server's security. Which action will the security administrator MOST likely take when refining the ACL to ensure that only necessary services communicate with the server, thereby reducing potential attack vectors?
Deny all traffic and allow exceptions based on requirement
The network security engineer at a financial corporation is reviewing the current firewall setup. The corporation faces threats from various cyberattacks, some of which leverage application-specific vulnerabilities. The engineer is considering whether to deploy Layer 4 or Layer 7 firewalls for enhanced security. If the primary concern is to secure against application-specific attacks, which of the following strategies should the network security engineer consider implementing?
Deploy Layer 7 firewalls on all network edges
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?
Deploying a SASE solution to remote employees
A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?
Detective
After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?
Detective
Which of the following methods is a replacement for Wi-Fi Protected Setup (WPS) as a more secure means of configuring client devices with the necessary information to access a Wi-Fi network?
Device Provisioning Protocol (DPP)
A small enterprise needs an encryption scheme to ensure perfect forward secrecy. It needs something that can help future-proof its security while it grows. Which encryption scheme would meet the needs of the enterprise?
Diffie-Hellman
A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after testing the website, an error message in the browser stated that the connection was insecure. What should the marketing firm purchase and set up so that the page shows that it is secure?
Digital certificate
The cybersecurity team at a multinational corporation suspects that someone in the company is falsifying email communication records to shift blame for missed deadlines. To ensure non-repudiation, the cybersecurity team must implement a solution. What should the cybersecurity team implement to guarantee non-repudiation in email communication, ensuring that the sender cannot deny their emails' authenticity?
Digital signatures
An information technology manger conducted an audit of the company's support tickets. The manger noticed a trend with the tickets, where the majority were for new computer setups. What security control function would the manger's implementation of a new standard operating procedure have?
Directive
A company is migrating its shared drives to a cloud repository service. While the majority of its drives use job titles for automated access, it has a few one-off project drives that it wants a specific owner to choose who has access to them. Which control type would fit these one-off drives?
Discretionary access control
A chief executive officer pushed back against the information technology department's proposal to set up disk encryption on all devices. What BEST describes why the CEO should approve the proposal instead of pushing back against it?
Disk encryption protects stolen devices from data theft.
Wanda is responsible for a series of seismic sensors placed at remote locations. These sensors have low-bandwidth connections, and she would like to placed computing power on the sensors to allow them to preprocess data before it is sent back to the cloud. What term best describes this approach.
Edge computing
A major technology company plans to renovate its headquarters, emphasizing both physical and digital security. The head of the security department is looking to enhance the building's main entry points and contemplates integrating advanced gateways with innovative locking mechanisms. In relation to securing a major technology company's main entry points, which approaches will BEST harness the potential of gateways and locks to ensure optimal security? (Select the two best options.)
Employ network gateways that scrutinize incoming traffic for malicious activity Implement biometric locks that grant access based on unique physiological characteristics
The chief information officer (CIO) tasked the network administrator with redeveloping the credential policy for the company. While working on the new policy, the chief executive officer (CEO) asked why having more than one factor to log into the computers was important. Why is just having a password not enough in today's world?
Employees choose poor passwords
While developing a new security policy, the network administrator suggests to the chief information officer (CIO) that the company remove the password age portion. Why has having a password age policy caused issues for companies? (Select the two best options.)
Employees choose weak passwords when they need to change them frequently. Employees leave passwords readily accessible in their work area.
A security administrator regularly audits the organization's asset inventory to maintain compliance and identify potential vulnerabilities. However, the administrator detected several outdated software applications during the most recent audit. The organization currently lacks a policy to dispose of outdated software, and they store passwords in plaintext on a supposedly secure server. Given the scenario, what actions should the security administrator take to improve the organization's security posture? (Select the two best options.)
Encrypt the stored passwords Introduce a policy disposing of outdated software
A chief information security officer (CISO) wants to add a layer of security to the company's existing security procedures. Which of the following would improve security and also change frequently?
Enforce multifactor authentication
A cybersecurity analyst is reviewing the website of a major financial institution. The analyst suspects that vulnerabilities might allow an attacker to exploit Cross-site Scripting (XSS) and SQL Injection (SQLi) vulnerabilities. When examining the website for potential XSS and SQLi vulnerabilities, what are common indicators a cybersecurity analyst should look for? (Select the two best options.)
Error messages that disclose database information Input fields that do not sanitize user input
An organization's cybersecurity team has recently set up a new firewall and intrusion detection system (IDS) to strengthen the security of its enterprise infrastructure. The IDS, however, has sent a high number of false positive alerts, which hampers efficient threat monitoring. The team believes adjusting the firewall rules will decrease these false positives without weakening the network's security. What strategy should the cybersecurity team implement to fine-tune their firewall rules to reduce the IDS's false positives, ensuring a robust security infrastructure?
Establish firewall rules for specific threat intelligence
The security manager at a multinational enterprise is devising a plan to enhance the physical security of the organization's data center. The data center hosts critical infrastructure, and a security breach could severely impact operations. The security manager aims to apply appropriate physical isolation principles to secure the infrastructure. What critical strategy should the security manager employ to enhance the data center's physical security through effective physical isolation?
Establish separate, secure areas for network equipment
A medium-sized software development company recently introduced a bug bounty program to identify and mitigate vulnerabilities in their flagship application. The security manager plans to coordinate the program's rules and engagement policies. When setting up a bug bounty program for vulnerability management, which activities should the security manager prioritize to ensure the program's effectiveness and ethical participation? (Select the two best options.)
Establishing a clear scope of which assets researchers can test Providing a secure platform for researchers to report findings
An organization's security team is in the process of implementing new security measures for managing its hardware, software, and data assets, increasing its overall protection. The team plans to implement network segmentation, store passwords in plaintext in a secure server, establish a policy for outdated software disposal, and perform regular asset inventory audits. Considering the initiatives the security team proposes, what relevant and secure practices directly relate to managing hardware, software, and data assets effectively and efficiently while ensuring data protection? (Select the two best options.)
Establishing a policy disposing of outdated software Performing regular audits of asset inventory
The cybersecurity team at a multinational corporation is collaborating with the facilities department to design a new data center. The team seeks to integrate top-tier physical security controls into the site layout to maximize protection against potential threats. The discussions revolve around the best strategies to ensure the safety of the data center. When designing the physical security controls for the site layout of the new data center, which strategy would be MOST effective in deterring unauthorized access and providing a comprehensive security layer?
Establishing a security perimeter with layered access controls
In the context of enhancing resilience and recovery in security architecture following a cybersecurity incident, which of the following strategies would be the MOST effective for the chief information security officer (CISO) to implement to ensure rapid restoration of systems and minimal downtime during future incidents?
Establishing a well-documented and regularly tested IRP
An organization decides to revamp its cloud infrastructure. The IT manager instructs the team to initiate the process by ensuring the starting configurations for all systems adhere to specific security settings. This effort aims to create a foundation that facilitates the consistent application of security techniques across all systems. When the IT team works on the organization's cloud infrastructure to establish a foundation for consistent security techniques, which approach BEST reflects using secure baselines?
Establishing standardized configurations for devices and software
A company uses a popular password manager. It noticed unusual breaches in its systems and forced a password reset on all employees' accounts. What is a consideration when using third-party software for any computer function?
Every vendor is at risk of threats.
An organization recently conducted a vulnerability scan of its network infrastructure. The security team followed up on the results, remediating all vulnerabilities flagged by the scanner. However, a month later, an external penetration tester was able to exploit a known vulnerability that the scanner had missed. What BEST describes the vulnerability scanner's failure to detect an actual vulnerability present in the system?
False negative
A security analyst at a large corporation initiates a vulnerability scan on the company's web application. Upon completion, the results show several potential vulnerabilities. One of these vulnerabilities, identified as "Potential SQL Injection," is a concern. However, after further inspection, the analyst realizes this vulnerability does not exist in the application and the scanner has made an error. Given the scenario above, what term BEST describes the vulnerability scanner's identification of the "Potential SQL Injection" that does not exist in the application?
False positive
A manufacturing company recently bought out another similar company. They need to link each company's directory systems together to access their resources without merging the two. How can they link the two directory systems together?
Federation
After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is assessing the companies security posture to identify deficiencies from the framework's recommendations. What process can the CISO run to get a better sense of what the company needs to improve upon?
Gap analysis
A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider
Geographic dispersion
An outside nongovernment-affiliated group posted a message online claiming responsibility for shutting down the pipeline of a large oil and gas company. The group claims to have performed this through a vulnerability in the company's supervisory control and data acquisition (SCADA) equipment that controls the flow through the pipes. What BEST describes this group of attacks?
Hacktivist
A large corporation is evaluating potential hardware suppliers and service providers for its new data center expansion. The IT team aims to select vendors that adhere to security best practices to minimize vulnerabilities. When assessing the security posture of hardware suppliers and service providers, which factors are essential for the corporation to consider to ensure reduced vulnerabilities in its data center operations? (Select the two best options.)
Hardware components' origin transparency Supply chain verification processes in place
A security consultant is working with a client to improve security practices. How can the consultant describe cryptographic hashing so the client is more likely to accept recommendations?
Hashing allows any plaintext length to look the same length as ciphertext.
What component of a virtualization platform is primarily responsible preventing VM escape attacks?
Hypervisor
An accountant received a phone call from an individual requesting information for an ongoing project. The individual stated to be from a known vendor the company is working with. Before giving the information over, the accountant should protect against what?
Impersonation
The chief information security officer (CISO) at a medium-sized healthcare company conducts an audit of the company's current security infrastructure. The company has Next Generation Firewalls (NGFWs) deployed at all external network boundaries, and the CISO is evaluating the possibility of supplementing or replacing the NGFWs with Unified Threat Management (UTM) devices. If the primary concern is to increase the network's security without introducing significant management complexity, which of the following strategies should the CISO consider implementing?
Implement UTM devices internally and maintain NGFWs at network boundaries
An organization operates a large data center that supports critical business operations. Recently, the organization has struggled with frequent power interruptions leading to downtime and loss of data. To address this issue, the chief information security officer (CISO) decides to review the data center's resilience and recovery strategies, particularly emphasizing backup power. To increase the resilience and recovery capabilities of the data center and ensure operations continue even during a power failure, which of the following options should the CISO consider? (Select the two best options.)
Implement a UPS Deploy a redundant power supply unit in each server
An IT security consultant is reviewing the advanced data protection strategies of a multinational corporation. The corporation recently experienced a significant data breach that affected one of its primary databases, leading to significant downtime and a loss of trust among its stakeholders. The consultant notes that while the company has robust preventive measures, its resilience and recovery procedures need enhancement. Based on the importance of resilience and recovery in security architecture, which of the following strategies would the consultant MOST likely recommend to strengthen the corporation's approach to advanced data protection after a cybersecurity incident?
Implement a redundant data storage solution with automated failover capabilities
A healthcare organization stores sensitive patient information. The data protection officer (DPO) wants to implement strategies to manage these data assets effectively, ensuring they remain secure from unauthorized access. Which strategies should the DPO employ to understand and enhance the security posture of the data assets and ensure the organization adheres to best practices in data asset management? (Select the two best options.)
Implement data classification based on sensitivity Conduct regular data audits
The network security analyst at a large organization must develop an effective strategy to secure the enterprise network infrastructure. The company operates in multiple regions with varying data regulations and faces increasingly sophisticated cyber threats. The analyst aims to implement appropriate security principles to minimize the network's attack surface. What key strategy should the network security analyst adopt to ensure the MOST robust security of the enterprise network infrastructure while minimizing the attack surface?
Implement network segmentation and isolation
A software company implements Secure Shell (SSH) to manage remote servers securely within its enterprise infrastructure. The IT department is aware of the risks associated with improper SSH configurations and wants to optimize the settings to minimize those risks. To improve security and protect against potential vulnerabilities, what configuration should the IT department implement for the SSH protocol to enhance the secure management of remote servers in the enterprise infrastructure?
Implement public key authentication for SSH
A security analyst at a large organization aims to minimize the attack surface. To reach this goal, the analyst seeks to reduce the vulnerabilities an attacker can exploit, decrease the amount of code in use, and limit system interactions. Which strategy should the security analyst implement to achieve this objective effectively?
Implement the principle of least privilege
The IT department in a large multinational corporation faces challenges managing secure communications for remote desktop connections. The increasing number of remote employees has made it essential to ensure that their remote desktop connections are secure. The IT department is considering various measures to establish secure communication. Given the challenges the corporation faces, what approach should the IT department adopt to ensure secure communications for remote desktop connections while maintaining the manageability and performance of the enterprise infrastructure?
Implement transport layer security for all remote desktop connections
A large technology company has recently experienced a significant system failure due to a cyberattack. The chief information security officer (CISO) is conducting a post-incident review to identify ways to improve the organization's resilience and recovery capabilities. The CISO wants to focus on strategies that could have prevented the system downtime or minimized its duration and impact. From a resilience and recovery standpoint in security architecture and continuity of operations planning (COOP), which of the following strategies would the CISO MOST likely recommend implementing to enhance the organization's ability to prevent or quickly recover from similar incidents in the future? (Select the two best options.)
Implementing a detailed incident response plan Establishing a redundant data center
The network administrator in an organization is reinforcing the security measures of the company's enterprise infrastructure, with a key focus on port security. In an environment with dynamic port usage where different applications request ports on an ad-hoc basis, the administrator must consider the most secure method of assigning and managing these ports to mitigate security risks. To secure the enterprise infrastructure optimally, what key measure should the network administrator prioritize in terms of port security?
Implementing a dynamic port allocation and management system
The security manager of a multinational organization is on a mission to apply security principles to a newly planned regional office that will connect with its existing global infrastructure. This task aims to minimize the attack surface and construct suitable security zones. While developing the network architecture for the new office, what primary security aspect must the manager prioritize to certify the efficiency of the security zones and reduce the organization's attack surface?
Implementing network segmentation
A recent security flaw allowed a malicious actor to access sensitive data even though the data never left the server and there is full drive encryption. Which data state did the malicious actor MOST likely compromise?
In use
Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?
Infrastructure as code
A leading fintech company plans to migrate its primary financial application to a public cloud environment. Before the transition, the cloud security specialist reviews the application's architecture to ensure its resistance against potential cloud-based application attacks. Given the specific vulnerabilities associated with cloud platforms, which attack method would be the MOST effective against a cloud-based application that has not appropriately secured its Application Programming Interface (API)?
Injection attack targeting the application's API
A security engineer discovered that an active employee copied sensitive information from the company's shared drive and sold it online. What actor describes this employee?
Insider threat
A recently terminated employee copied sensitive information from the company's share drive right before permanently leaving. This employee is what kind of threat to the company?
Internal
A security team in a multinational organization decides to improve the security of their inter-office communications. They agree to use a tunneling protocol that can offer confidentiality, sender authentication, and message integrity. They need a protocol that operates at the network level. Which protocol BEST fulfills the team's requirements for securing inter-office communications and operates at the network level?
Internet Protocol Security
The security team at a company is adopting a cybersecurity framework to standardize its security measures across different departments. The team lead wants to ensure that the selected framework encompasses all the critical aspects of cybersecurity. What should the security team lead confirm the cybersecurity framework covers to provide a comprehensive security posture?
It covers risk assessment, incident response, and access control.
A healthcare organization has tasked a new security lead to improve its data protection strategy. The organization is heavily dependent on medical devices, electronic health records, and communication systems that are all interconnected. How can the security lead reason with the executive leadership team to implement secure baselines for network devices, software, and other components to the executive leadership team?
It enhances IT security and operational efficiencies.
A cybersecurity team plans to improve the resilience of their organization's IT infrastructure. The lead architect suggests implementing continuity of operations planning (COOP) to address potential disruptions and keep critical operations running during unexpected events. What primary objective BEST describes the purpose of implementing COOP within an organization's security architecture?
It ensures continuous critical operations during disruptions
An organization's security team has begun integrating third-party threat feeds into its vulnerability management strategy. The security manager believes this will enhance the ability to identify and respond to emerging threats more effectively. Within vulnerability management, what primary advantage does incorporating third-party threat feeds offer an organization's security posture?
It increases situational awareness and response capability to threats and vulnerabilities.
Why might it be a bad policy to set up permissions individually instead of using an access control methodology?
It is harder to manage.
A managed service provider (MSP) company decided to delay the implementation of new antivirus software for its clients after discovering that the vendor could not patch its software automatically. Why might a company NOT want software that cannot update automatically?
It may not fix newly found vulnerabilities.
A security consultant assesses a company's server room to determine how well it can maintain operations during power interruptions. The consultant evaluates the integration of power distribution units (PDUs) and backup power generators within the security architecture. Considering the goal of ensuring resilience and recovery in the server room during power interruptions, what primary role does the backup power generator play in conjunction with the PDU?
It provides prolonged power to PDUs after exhausting UPS power.
An organization's security analyst joins two information-sharing organizations to enhance the company's vulnerability management strategy. These organizations promise to share real-time threat intelligence, best practices, and resources. In the context of vulnerability management, which primary advantages do information-sharing organizations offer to improve an organization's security posture? (Select the two best options.)
It provides real-time threat intelligence feeds tailored to industry specifics. It facilitates collaboration and exchange of best practices among member organizations.
A data center manager is evaluating the resilience and recovery capabilities of the company's server room. The manager wants to ensure that in the event of power fluctuations or outages, the company's servers remain operational and maintain data integrity. The manager focuses on the role of power distribution units (PDUs) and Uninterruptible Power Supplies (UPSs) in this context. In enhancing the resilience and recovery capabilities of the server room concerning power interruptions, which primary function does the UPS provide to the servers that directly support this goal
It provides temporary power to prevent data loss.
An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?
Jump server
Which technology replaced NT LAN Manager in Active Directory?
Kerberos
Which of the following practices is critical for device hardening by providing a standard set of guidelines or checklists for configuring devices securely?
Least functionality principle
One of the company's accountants submitted a ticket stating they could not access a particular section of the accounting software. Why might the accountant not have access to every part of the accounting software?
Least privilege
An enterprise's IT security team is implementing a new infrastructure design to optimize security. The team evaluates various security principles, considering the organization's expanding remote workforce and increasing reliance on cloud resources. Given the changing dynamics of the enterprise infrastructure, what should the IT team prioritize to ensure a robust security posture for both on-premises and cloud environments? (Select the two best options.)
Least privilege Network segmentation
A company using Windows Server technology needs to link its Active Directory to a third-party service to allow single sign-on. Which service that uses the standard X.500 would work for the company?
Lightweight Directory Access Protocol
An organization's security team performs vulnerability assessments quarterly to identify potential risks in its infrastructure. During a recent vulnerability assessment, the security team identified a critical vulnerability in a server located in a heavily air-conditioned room with numerous entryways. Which factor is MOST likely to reduce the risk of vulnerability exploitation among the environmental variables?
Limited physical access to the server room
An employee traveling in Europe for vacation submitted a ticket as they could not access their work email. Which policy does the company use?
Location-based authentication
A small defense contractor is setting up a new shared drive system and needs the proper controls to ensure that only those with the correct classification can access any given folder or file. Which control type would meet these requirements?
Mandatory access control
A cybersecurity analyst at a tech firm is integrating Open Source Intelligence (OSINT) methodologies into the company's vulnerability management program. The analyst seeks to use publicly available information to understand potential threats better and improve the firm's security posture. When the cybersecurity analyst integrates OSINT into the vulnerability management program, which will the analyst MOST likely prioritize to maximize the effectiveness of the security framework? (Select the two best options.)
Monitoring deep web sources for threat indicators Analyzing publicly available forums for emerging threat patterns
A company needs to improve its security posture regarding credentials. Which security policy changes would implement the National Institute of Standards and Technology (NIST) updated guidelines?
Multifactor authentication
The government organization in charge of managing the personnel records of the country's military service members reported that another country had access to its database. Who BEST describes the adversary that breached the personnel records database?
Nation-state
After restoring a file from a backup, the owner of a small company wants to understand better the purpose of permissions. A particular situation occurred, and even though there are permissions on the shared drive, why does the company still not know who deleted the file? The engineer explained that enabling file auditing would help pinpoint all changes to the shared drive and who made them. How would this help prevent the lack of knowing who changed the files?
Non-repudiation
Which of the following allows for the attribution of messages to individuals?
Non-repudiation
A cloud administrator is configuring five compute instances under the same subnet in a VPC. Which of the following must the administrator configure to meet this requirement?
One security group
During a recent audit, a company noticed a troubling trend where people had their passwords on sticky notes in their work area. The employees stated that the password policy made it too difficult to remember them. Which policy should the company change to alleviate this issue?
Password complexity
A company hires a team of penetration testers to evaluate the security posture of its newly developed web application. After a comprehensive analysis, the testers submit their findings, detailing potential vulnerabilities. The company's security officer reviews the report and contemplates the essential differences between how threat actors and penetration testers would exploit the identified vulnerabilities. What distinct motive differentiates a professional penetration tester from a threat actor when it comes to exploiting vulnerabilities in a system?
Penetration testers identify vulnerabilities improving security.
The IT team in a large company has recently completed a comprehensive inventory of all hardware, software, and data assets. The team is also in charge of asset tracking for the company. The team leader, concerned about maintaining effective security, is trying to understand how proper asset management relates to security. Which practices would directly contribute to enhancing the company's security posture through effective asset management and tracking? (Select the two best options.)
Perform regular audits of asset inventory Establish a policy for the disposal of outdated software
An accounts payable clerk received an email requesting payment information for materials for an ongoing project. The email appears to be from a known vendor. Before giving the information over, what should the clerk protect against?
Phishing
After a recent server outage, the company discovered that an employee accidentally unplugged the power cable from the server while grabbing some office supplies from the nearby shelf. What security control did the company lack that led to the server outage?
Physical
What BEST describes text that is not encrypted?
Plaintext
Maggie, the new CTO at your organization, wants to reduce costs by utilizing more cloud services. She has directed the use of a cloud service instead of purchasing all the hardware and software needed for an upcoming project. She also wants to ensure that the cloud provider maintains all the required hardware and software. Which of the following BEST describes the cloud computing service model that will meet these requirements?
Platform as a service (PaaS) delivers hardware and software tools to users over the internet. Usually, these tools are needed for application development
A tech company recently moved to a new facility and seeks to bolster its physical security posture. The security team proposes integrating security guards and surveillance cameras as part of the security measures. The chief security officer (CSO) wants to ensure these implementations effectively deter, detect, and report potential security incidents. Given the scenario, which actions will maximize the effectiveness of security guards and cameras in enhancing the organization's physical security? (Select the two best options.)
Position cameras to monitor critical access points and sensitive areas Implement security guard rotations and unannounced spot checks
In a recent company meeting, the network administrator discussed the upcoming growth projections for the next year. The IT team ensures that the organization's infrastructure can sustain the anticipated growth in user demand and traffic volume. Which risk poses the MOST significant threat if the IT team fails to address the infrastructure needs for the forecasted growth adequately?
Potential for service degradation or unavailability
Which of the following security control types does an acceptable use policy best represent?
Preventive
A recently hired information technology manager wants to implement more automation regarding the onboarding procedure. What process describes setting up accounts so a new employee can automatically access the software and file shares from the human resource platform?
Provisioning
Tony purchases virtual machines from Microsoft Azure exclusively for use by his organization. What model of cloud computing is this?
Public Cloud
A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after running a test on the website, an error message in the browser stated that the connection was insecure. What should the marketing firm use to ensure this error message does not show up?
Public key infrastructure
A multinational corporation has hired a lead IT consultant to assess the security of its various systems, including Windows and Linux servers, desktops, and mobile devices in different countries. To ensure consistent security across all these systems, which of the following tools would the consultant recommend the organization use to automate the deployment of secure baseline configurations?
Puppet
A global finance company faced a massive cyberattack. The attacker successfully bypassed perimeter defenses and encrypted a significant portion of the company's stored financial records. The company's incident response team quickly intervened, neutralizing the threat. Now, the chief information security officer (CISO) focuses on implementing strategies to enhance resilience and ensure a rapid recovery should a similar event occur. Considering the company's recent incident and its determination to bolster resilience and advanced data protection, which of the following actions should the CISO prioritize to MOST directly ensure the organization can efficiently recover from similar cybersecurity events in the future?
Regularly testing and updating data backup and recovery solutions
A multinational corporation wants to ensure the security of its digital assets. The IT department focuses on refining its hardware and software asset management practices as part of its initiative. They analyze the potential security implications associated with properly managing these assets to guide their actions. Which actions contribute directly to improved security through effective hardware and software asset management in securing digital assets? (Select the two best options.)
Regularly updating software to the latest versions Tracking and documenting all hardware assets in a centralized inventory system
The security team at a financial services company is performing a gap analysis to identify deficiencies in their existing security posture. The team lead aims to understand where the organization stands in terms of information security and where it needs to be to meet its security goals. What critical information would the security team lead seek during the gap analysis to ascertain the organization's current security status and desired state? (Select the two best options.)
Regulatory requirements and recent audit findings Current security practices and desired security objectives
Which of the following is the most common data loss path for an air-gapped network?
Removable devices
A newly hired chief information security officer (CISO) met with the human resources (HR) department to discuss how to better manage the company's access to sensitive information. In what way does this meeting fall under the responsibility of the new CISO?
Reviewing user permissions
An information technology (IT) manager is trying to persuade the chief financial officer (CFO) to sign off on a new support and update contract for the company's visualized environment. The CFO sees this as a waste of money as the company already has the environment up and running. The IT manager explained to the CFO that the company will no longer receive security updates to protect the environment. What describes the level of hazard posed by NOT keeping the systems up-to-date?
Risk
A network administrator is cleaning up the company's shared drive resources. Through an audit, the administrator discovered that the company did not properly manage the permissions over the years. Which control type should the administrator change the permissions to that gives access determined by the job?
Role-based access control
An organization's security team has hired a penetration tester to assess the vulnerabilities in its digital infrastructure. The penetration tester has a clear set of guidelines and is about to start the test. When engaging in vulnerability management within an organization, which activities will the penetration tester MOST likely undertake to ensure a comprehensive assessment? (Select the two best options.)
Running exploitation tools against known vulnerabilities Assessing the environment for potential weak points
A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?
SSO stands for single sign-on,
In what cloud security model does the cloud service provider bear the most responsibility for implementing security controls.
SaaS
A security engineer is investigating why the company website's encryption failed to prevent a threat actor from stealing its data. The engineer noticed that the encryption was easily reversible. What could the engineer add to the encryption to ensure the generation of a unique random value?
Salt
A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?
Sanitization
A security administrator plans to enhance the security posture of an organization's computing infrastructure. The administrator starts by documenting the current state of all system configurations and intends to establish a foundation to enforce security standards. Given the scenario, which security technique is the security administrator preparing to implement that ensures consistent application of security configurations across all systems in the organization?
Secure baselines
The cybersecurity manager of a rapidly growing technology startup has just acquired a set of new Internet of Things (IoT) devices to enhance its smart office environment. However, the manager has concerns about the security of these devices due to recent reports of IoT vulnerabilities. To address this, what method would the organization use to enhance the security of these devices by changing their default configuration?
Secure baselines
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?
Secured zones
A security analyst at a technology firm is enhancing the vulnerability management process within the organization. The analyst receives an email with a list of newly discovered vulnerabilities affecting various software applications. To standardize the reference and communication of software vulnerabilities in a consistent and easily understandable manner, which standards should the security analyst primarily consider?
Security Content Automation Protocol and Common Vulnerabilities and Exposures
A real estate investment firm wants to implement Single Sign-On (SSO) for its dozens of services and software. The firm found a vendor to implement that request using the Extensible Markup Language (XML) standard. What solution does this vendor use for SSO?
Security assertion markup language (SAML) allows for federating a network or cloud system. SAML assertions and claims between the principal, the relying party, and the identity provider use Extensible Markup Language as their structure.
An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?
Segmentation
A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?
Serverless framework
A large multimedia company is experiencing a distribution denial of service (DDoS) attack that has led the company's platform to become unresponsive. Customers are submitting tickets complaining that they can no longer access the platform and cannot complete their work. What BEST describes what the company is going through?
Service disruption
A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?
Setting up a VPN and placing the jump server inside the firewall
An IT administrator observes that a significant number of mobile devices within the organization have applications installed from outside official app stores. Concerned about the security implications, the administrator decides to assess the vulnerabilities introduced by this practice. Which of the following BEST describes the process that allows users to install applications on their devices from sources other than official app stores, potentially exposing the device to malware or unauthorized data access?
Sideload
A coworking office wants to upgrade its Wi-Fi encryption to Wi-Fi Protected Access 3 (WPA3). Which feature of WPA3 replaces the pre-shared key (PSK) exchange protocol in WPA2 to ensure an attacker cannot intercept the Wi-Fi password even when capturing data from a successful login?
Simultaneous authentication of equals (SAE
An accountant received a phone call from an individual requesting information for an ongoing project. The call came from an unrecognized number, but the individual seemed believable and persuasive. Before giving the information over, what should the accountant protect against?
Social engineering
A cancer diagnostic clinic must transfer a large amount of data to a cloud vendor to migrate from its on-premises server. However, the amount of data would make the transfer over the internet take extensive time due to the limited bandwidth the clinic's internet provides. Instead, it wants to ship an encrypted copy of the data to the vendor. What type of encryption would BEST fit the clinic's needs?
Symmetric algorithm
A construction company that receives several emails with attachments from its vendors ran into an issue with one of the emails it received. A malicious actor created an email with an attachment that appeared to be from a known vendor. As a result, the malicious actor tricked an employee into clicking on that attachment. How did the malicious actor convince the employee to click on the attachment?
That actor used an e-mail lure.
A Certificate Authority (CA) had its issuing authority revoked, and its certificates expired. How might those certificates still appear valid, even though they should be on the Certificate Revocation List (CRL)?
The CRL still requires updating.
Greg would like to find a reference document that describes how to map cloud security controls to different regulatory standards. What document would best assist with this task?
The Cloud Security Alliance (CSA) Cloud Control Matrix (CCM) is a reference document designed to help organizations understand the appropriate use of cloud security controls to various regulatory standards.
After deploying a mobile device management system to all its computers, a company noticed a small subset failed to encrypt their hard drives. After inspection, those devices do not have the correct component required for the drive encryption to function. Which security component would the company need to install for the drive encryption to work?
The Trusted Platform Module (TPM) chip holds the cryptographic secrets and hardware state to help secure an encrypted hard drive.
An employee reported seeing an individual outside the office drop a few thumb drives. The employee grabbed those devices and brought them to the information technology (IT) department. After conducting forensics on the devices using air-gapped machines, the IT team determined that the individual was trying to trick employees into plugging the devices into their computers to steal information. What was the malicious actor attempting on an unsuspecting employee?
The actor used a physical lure.
A medium-sized mechanical engineering firm wants to better define the account creation process during the onboarding of new hires. It is looking to ensure that the new hires have the right programs, file permissions, and security controls completed ahead of time through automation. What modern access control implementation would aid the company's account creation process?
The company typically implements modern access control as an identity and access management (IAM) system. The company would want to implement an IAM system to ensure proper creation of accounts and their associated permissions.
The security team at a major corporation has discovered multiple vulnerabilities during its latest assessment. The security manager must prioritize these vulnerabilities to ensure that the most critical ones get addressed first. In the context of vulnerability management and prioritization, which criteria are MOST crucial for the security manager to consider when determining the urgency of addressing a specific vulnerability?
The potential impact of the vulnerability on the organization's core operations
A security engineer noticed a high volume of images sent from the company networks to a popular gaming social media platform. After reviewing the images, the security engineer saw that the images were seemingly benign. Why might these images still be a threat?
They contain steganography
A large organization security operations center (SOC) notices in its Extended Detection and Response (XDR) antivirus software that a phished e-mail gained access to the company's ticketing system, then to the virtual private network (VPN) software, and lastly, to the company's file share. What did the SOC find?
Threat vector
A contractor only works for a company from 9 a.m. to 12 p.m. What kind of restriction could the company set up on the contractor's account to prevent using it outside that range?
Time-based restrictions
Ciphertext refers to data that went through an encryption algorithm. Creating ciphertext makes it less likely for third parties to intercept and read. Why might a company want a longer key length?
To decrease the chances of the ciphertext cracking
A sole proprietorship construction company contacted an information technology (IT) consultant for technical support for a computer issue. After resolving that issue, the consultant suggested the construction company enable computer encryption. Why might the company want to enable encryption on its computers' hard drives?
To prevent data removal from a stolen device
A system administrator at a software development company is working on integrating package monitoring into the organization's vulnerability management strategy. The administrator aims to track software packages and applications to ensure they remain free from vulnerabilities and continue to support the firm's security framework. As the system administrator incorporates package monitoring into the vulnerability management process, which actions will MOST likely get prioritized to enhance the effectiveness of this approach? (Select the two best options.)
Tracking outdated software packages Monitoring software repositories for new updates
Ursula would like to link the networks in her on-premises datacenter with cloud VPCs in secure manner. What technology would help her best achieve this goal?
Transit gateway
An engineering firm wants to implement biometric authentication on its computers. However, it has a small subset of devices that must be compatible, even though it has the camera equipment. Which component are those computers lacking?
Trusted Platform Module (TPM) is a cryptoprocessor implemented as a module within the CPU on a computer or mobile device. A modern computer system needs TPM chips for many encryption tasks.
A construction contractor received a phone call from a prospective client that the contractor's website looked off from what they expected. After an investigation, the construction company discovered that the prospect went to a similar-looking website but did not get to the real one. What caused the client to go to an incorrect website?
Typosquatting
A project manager's assistant received an email requesting information for an ongoing project. The email attempted to convince the assistant that the project would fail to complete on time if they did not receive the information. Before giving the information over, what should the assistant project protect against?
Urgency
Which of the following is NOT an example of infrastructure as code?
Using a cloud provider's web interface to provision resources
A newly established e-commerce company experienced increased web-based attacks on its online shopping platform. As a result, the company installed a Web Application Firewall (WAF) to enhance its security infrastructure. What primary function should the network security manager ensure the WAF is performing to protect the online platform from the most common types of web-based threats, such as Cross-site Scripting (XSS), Structured Query Language (SQL) Injection, and Cross-site Request Forgery?
Validate input and output
An employee travels out of the country for work but still needs to access the company's shared drive. What would the information technology department need to set up on that employee's computer to connect to the shared drive outside the office?
Virtual private network
An organization's internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?
WAF
A local business receives numerous complaints from frequent repeat customers about fraud occurring after they ordered delivery through the company's website. The company became a victim of what type of attack?
Watering hole attack
After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?
Web-based administration
A consultancy recommended that a large construction company should encrypt its wireless network. Currently, the network is set to open and allows any device to connect to it, even employees' personal devices. What encryption product would help the company secure its wireless networks?
Wi-Fi Protected Access
A company's IT security specialist decides to upgrade the wireless network infrastructure to enhance data protection during transmissions. Recognizing the importance of strong encryption for wireless data, the specialist evaluates the various encryption standards available. Which wireless encryption standard offers the MOST robust security for protecting wireless data transmissions and has become the preferred choice for many organizations?
Wi-Fi Protected Access 3
A medium-sized enterprise is revamping its wireless network infrastructure to improve security. The IT manager decided to update the company's Wi-Fi authentication method as the first step. The main objective is to have a solution that ensures the identity of the connecting devices while also providing an additional layer of security for user authentication. Which Wi-Fi authentication method BEST fits the IT manager's requirement to validate device identity and robust user authentication for the company's wireless network infrastructure?
Wi-Fi Protected Access 3-Enterprise
After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?
Wired
A systems administrator is working on a solution with the following requirements: Provide a secure zone. Enforce a company-wide access control policy. Reduce the scope of threats. Which of the following is the systems administrator setting up?
Zero Trust
An information security analyst at a tech company reviews a security report outlining recent attack vectors against the company's systems. The analyst identifies potential risks related to unpatched software vulnerabilities still unknown to the vendor and risks associated with weak cryptographic algorithms. The analyst wants to prioritize these risks to decide on immediate remedial action. Based on the provided scenario, what BEST describes an unknown vulnerability in software that the vendor has yet to discover or patch, and that attackers are actively exploiting?
Zero-day vulnerability
During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?
access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0
A company's web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non- encrypted websites?
http://
