https://www.udemy.com/course/comptia-security-sy0-701-practice-tests/learn/quiz/6111172#content
CompTIA Security+ (SYO-701) – Results
Back to result overview
Attempt 2
All domains
- 90 all
- 0 correct
- 0 incorrect
- 90 skipped
- 0 marked
Collapse all questions
Question 1Skipped
What is the main duty of the risk owner for a critical security risk identified in the organization’s risk register related to an outdated and vulnerable software application?
Procuring of replacement software
Explanation
Procuring replacement software is not the main duty of the risk owner for a critical security risk related to an outdated and vulnerable software application. While replacing the software may be a necessary step in mitigating the risk, the primary responsibility of the risk owner is to oversee the risk mitigation progress and status.
Identification of software vulnerabilities
Explanation
Identifying software vulnerabilities is an important task in addressing security risks related to outdated and vulnerable software applications, but it is not the main duty of the risk owner. The risk owner’s primary responsibility is to monitor the risk mitigation progress and status to ensure that appropriate actions are being taken to address the identified risks.
Development of software security policies
Explanation
Developing software security policies is essential for establishing guidelines and procedures to prevent security risks related to outdated and vulnerable software applications. However, this task is not the main duty of the risk owner. The risk owner’s primary responsibility is to monitor the risk mitigation progress and status to ensure that the organization’s security posture is improving.
Correct answer
Monitoring of the risk mitigation progress and status
Explanation
Monitoring the risk mitigation progress and status is the main duty of the risk owner for a critical security risk related to an outdated and vulnerable software application. The risk owner is responsible for overseeing the implementation of risk mitigation measures, tracking progress, and ensuring that the organization’s security vulnerabilities are being addressed effectively.
Overall explanation
5.2 Explain elements of the risk management process.
The main duty of the risk owner of a critical security risk identified in the organization’s risk register is the monitoring of the risk mitigation progress and status. The owner ensures that risk mitigation activities are tracked to be on schedule, and stakeholders are reported the current state of the risk**.**
Domain
5.0 Security Program Management and Oversight
Question 2Skipped
Which cryptographic method should Robert use to protect the confidentiality of a message he wants to send to Roberto over an untrusted network?
Correct answer
Asymmetric encryption with the public key of Roberto
Explanation
Using asymmetric encryption with the public key of Roberto is the correct choice for protecting the confidentiality of a message sent over an untrusted network. By encrypting the message with Roberto’s public key, only Roberto, who holds the corresponding private key, will be able to decrypt and read the message, ensuring confidentiality.
Asymmetric encryption with the private key of Robert
Explanation
Using asymmetric encryption with the private key of Robert would not be suitable for protecting the confidentiality of a message sent over an untrusted network. The private key is meant to decrypt messages, not encrypt them for confidentiality.
Asymmetric encryption with the public key of Robert
Explanation
Asymmetric encryption with the public key of Robert would not be the best choice for protecting the confidentiality of a message. Public keys are used for encryption, but using Robert’s public key would mean anyone with Roberto’s public key could decrypt the message.
Asymmetric encryption with the private key of Roberto
Explanation
Asymmetric encryption with the private key of Roberto would not be the appropriate method for protecting the confidentiality of a message. Private keys are used for decryption, not encryption, and using Roberto’s private key would not ensure confidentiality.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
Robert should use asymmetric encryption with the public key of Roberto to protect the confidentiality of a message he wants to send over an untrusted network. When Robert encrypts the message with the public key of Roberto, only the private key of Roberto will be able to decrypt the message and since only Roberto has access to the private key no one else will be able to read the message but him.
Domain
1.0 General Security Concepts
Question 3Skipped
Which cloud model is best suited for a global enterprise with a mixture of both critical sensitive data and non-sensitive data who are concerned about their data security and compliance?
Correct answer
Hybrid
Explanation
The hybrid cloud model provides the flexibility to store critical sensitive data in a private cloud environment while leveraging the cost-effectiveness and scalability of the public cloud for non-sensitive data. This approach allows the organization to address security and compliance concerns while optimizing resource utilization.
Community
Explanation
The community cloud model involves sharing infrastructure and resources with a specific group of organizations. While it may offer some level of security and compliance tailored to the community’s needs, it may not provide the necessary customization and control required for a global enterprise with a diverse data landscape.
Private
Explanation
While the private cloud model offers enhanced control and security over data, it may not be the most suitable option for a global enterprise with a mix of sensitive and non-sensitive data. The limitations in scalability and flexibility of a private cloud may hinder the organization’s ability to efficiently manage and store both types of data.
Public
Explanation
The public cloud model may not be the best fit for a global enterprise with critical sensitive data, as it involves sharing resources with other organizations. This shared environment may raise concerns about data security and compliance, especially for critical data.
Overall explanation
3.1 Compare and contrast security implications of different architecture models.
The hybrid cloud model is best suited for a global enterprise with a mixture of both critical sensitive and non-sensitive data. The enterprise may leverage the benefits of both the public and private clouds. They can use the public cloud for simplified scalability and cost-effectiveness while at the same time running sensitive workloads on the private cloud.
Domain
3.0 Security Architecture
Question 4Skipped
Which security protocol is best suited for a user who wants to grant a mobile application access to her social media account without sharing her login credentials?
Correct answer
OAuth
Explanation
OAuth is a protocol that allows a user to grant limited access to their resources on one site to another site without sharing their login credentials. It is commonly used for granting access to mobile applications, social media accounts, and other online services without exposing sensitive login information. OAuth provides a secure and convenient way for users to authorize third-party applications to access their data.
SAML
Explanation
SAML (Security Assertion Markup Language) is a protocol used for single sign-on authentication and authorization. While SAML is effective for providing secure access to multiple applications with a single set of credentials, it is not specifically designed for granting access to a mobile application without sharing login credentials.
SSL/TLS
Explanation
SSL/TLS is a protocol used to secure communication over the internet by encrypting data between the user’s device and the server. While SSL/TLS provides secure communication, it is not specifically designed for granting access to applications without sharing login credentials.
Diameter
Explanation
Diameter is a protocol used for authentication, authorization, and accounting (AAA) in telecommunications networks. While Diameter is commonly used in network access control scenarios, it is not typically used for granting access to mobile applications without sharing login credentials.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
Open Authorization (OAuth) is a security protocol that is best suited for a user who wants to grant a mobile application access to their social media account without sharing their login credentials. A user can grant a third-party application limited access to their data without sharing their username or password. The user then authorizes the application to access their data through a token-based mechanism.
Domain
4.0 Security Operations
Question 5Skipped
Which multi-factor authentication method provides the highest level of security for a bank that wants to ensure robust protection for their online banking customer accounts?
Correct answer
Hardware security keys
Explanation
Hardware security keys are physical devices that provide a high level of security for multi-factor authentication. They are not susceptible to phishing attacks or interception like other methods, making them one of the most secure options for protecting online banking customer accounts.
One-time passwords from a mobile app
Explanation
One-time passwords from a mobile app provide an additional layer of security through something the user knows (password) and something they have (mobile device). While this method is more secure than just a password, it may not provide the highest level of security compared to other options like hardware security keys.
Biometric authentication
Explanation
Biometric authentication, such as fingerprint or facial recognition, offers a high level of security as it relies on unique physical characteristics of the user. While biometric authentication is secure, it may not be as widely adopted or easily accessible for all users compared to hardware security keys.
Codes sent via SMS text messages
Explanation
Codes sent via SMS text messages offer a form of two-factor authentication by combining something the user knows (password) with something they have (access to their phone). However, SMS messages can be intercepted or compromised, making this method less secure than hardware security keys.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
Hardware security keys provide the highest level of security for a bank that wants to ensure robust protection for their online banking customer accounts. The devices offer strong protection from unauthorized access and are highly resistant to phishing attacks. If the user is to be tricked into entering their credentials into a fake site, the attacker cannot access the account without the physical key. One-time passwords and SMS text messages are vulnerable to potential interception. Biometric data may be stolen if not properly secured, and once it is compromised cannot be changed like a password.
Domain
4.0 Security Operations
Question 6Skipped
The cybersecurity team have noticed some of the critical resources in the data center have become inaccessible without any known cause or maintenance plan scheduled. What indication does the resource inaccessibility portray?
Network congestion
Explanation
Network congestion could potentially impact the performance of accessing resources, but it would not completely block access to critical resources. It may slow down the access or cause intermittent connectivity issues, but it is not the most likely cause of complete inaccessibility.
Traffic re-directions
Explanation
Traffic re-directions may cause issues with accessing resources, but they are usually intentional actions taken by network administrators to optimize traffic flow. In this scenario, the inaccessibility of critical resources is not likely to be caused by traffic re-directions.
Hardware license expiry
Explanation
Hardware license expiry would not typically result in critical resources becoming inaccessible without warning. It is more likely to cause a loss of functionality or features rather than complete inaccessibility.
Correct answer
A potential security incident
Explanation
The sudden inaccessibility of critical resources without any known cause or maintenance plan scheduled is a common indicator of a potential security incident. Security incidents such as unauthorized access, data breaches, or malware infections can lead to the loss of access to critical resources. It is important for the cybersecurity team to investigate further to determine the cause and mitigate any potential security threats.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
The inaccessibility of critical resources in the data center without any known cause or maintenance plan scheduled portrays a potential security incident. The recognition and response to such probable incidents are crucial to prevent or minimize damage to critical resources.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 7Skipped
What type of malware could be responsible for making a user’s computer start behaving strangely and corrupting several files after downloading an email attachment from an unknown source?
Correct answer
Virus
Explanation
A Virus is a type of malware that can replicate itself by attaching to other files or programs. Viruses are known to cause a wide range of issues, including corrupting files, causing strange behavior, and spreading to other systems. In this scenario, a virus is the most likely type of malware responsible for the described behavior after downloading an email attachment from an unknown source.
Logic bomb
Explanation
A Logic bomb is a type of malware that is triggered by a specific event or condition, such as a date or time. While logic bombs can be used to cause damage to a system, they are not typically associated with corrupting files or causing strange behavior after downloading an email attachment.
Trojan
Explanation
A Trojan is a type of malware that disguises itself as a legitimate file or software to trick users into downloading and executing it. While Trojans can cause harm to a user’s computer, they are not typically responsible for corrupting files or causing strange behavior after downloading an email attachment.
Worm
Explanation
A Worm is a type of malware that can replicate itself and spread to other computers on a network. While worms can cause damage by consuming system resources and slowing down networks, they are not typically responsible for corrupting files or causing strange behavior after downloading an email attachment.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
A virus is most likely the malware that would be responsible for a user’s computer start behaving strangely and corrupting several files after downloading an email attachment from an unknown source. A virus can replicate itself by attaching itself to legitimate files to exploit the system. Just like a normal biological virus, a computer virus needs a host to exist and infect other hosts or files.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 8Skipped
The infrastructure team at a rapidly growing e-commerce company is concerned about the impact of the surge in online traffic and transactions due to a successful marketing campaign on their infrastructure. What action can they take to address this concern?
Redesign of the online website
Explanation
Redesigning the online website may improve user experience and performance, but it is a time-consuming process that may not provide an immediate solution to the surge in online traffic and transactions. It is not the most efficient way to address the infrastructure team’s concern.
Setting a limit to the number of allowed transactions
Explanation
Setting a limit to the number of allowed transactions may help control the load on the infrastructure, but it may also restrict legitimate users from completing transactions during peak times. It is not the most effective solution for addressing the concern of a surge in online traffic and transactions.
Security and risk assessment of the infrastructure
Explanation
Conducting a security and risk assessment of the infrastructure is important for identifying vulnerabilities and potential threats, but it may not directly address the immediate concern of handling the surge in online traffic and transactions due to a successful marketing campaign.
Correct answer
Infrastructure capacity planning
Explanation
Infrastructure capacity planning involves assessing the current capacity of the infrastructure and planning for future growth and scalability. This action can help the infrastructure team prepare for and handle the surge in online traffic and transactions effectively, making it the correct choice for addressing their concern.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
The infrastructure team at the e-commerce company can implement infrastructure capacity planning to address their concern about the surge in online traffic and transactions due to their successful marketing campaign. The goal of infrastructure capacity planning is to ensure that the infrastructure of an organization is capable of effectively handling its current and future resource demands to prevent issues in performance and bottlenecks.
Domain
3.0 Security Architecture
Question 9Skipped
An employee has received a text message on his mobile phone in what seems to be his IT department asking him to click on a link to urgently update his account information. What type of attack is he facing?
Text jacking
Explanation
Text jacking is not a recognized term in the context of cybersecurity attacks. It does not accurately describe the scenario where an employee receives a text message asking them to click on a link to update their account information.
Vishing
Explanation
Vishing is a type of phishing attack that occurs over voice calls or VoIP. It does not accurately describe the scenario where an employee receives a text message asking them to click on a link to update their account information.
Whaling
Explanation
Whaling is a type of phishing attack that targets high-profile individuals or executives within an organization. It does not accurately describe the scenario where an employee receives a text message asking them to click on a link to update their account information.
Correct answer
Smishing
Explanation
Smishing is a type of phishing attack that occurs over SMS or text messages. In this scenario, the employee is facing a smishing attack where the attacker is trying to trick them into clicking on a malicious link to steal their account information.
Overall explanation
2.2 Explain common threat vectors and attack surfaces.
The employee is facing a smishing social engineering attack. It involves the use of short message service (SMS) or text messages to deceive individuals into performing unintended actions that could help the attacker compromise their security.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 10Skipped
During a review of logs generated by the intrusion detection system (IDS) at a company, it was noticed that many alerts triggered correspond to a specific signature. What could this situation possibly indicate?
False positives being generated for the specific signature
Explanation
The scenario presented in the question does not directly point to false positives being generated for the specific signature. While false positives are a common concern in intrusion detection systems, the repeated alerts triggered by a specific signature may indicate a different issue.
The logs are full and need to be archived
Explanation
The situation described in the question does not necessarily indicate that the logs are full and need to be archived. While log management is important for maintaining system performance, the specific issue of many alerts triggered by a specific signature points to a different potential cause.
The IDS is experiencing intensive traffic
Explanation
While the IDS experiencing intensive traffic could potentially lead to an increase in alerts triggered, the specific mention of alerts corresponding to a specific signature suggests a more targeted issue related to that signature rather than a general increase in traffic.
Correct answer
An attack attempting to exploit the vulnerability related to that signature
Explanation
The most likely explanation for many alerts triggered by a specific signature in the IDS logs is that an attack is attempting to exploit the vulnerability related to that signature. This situation indicates a targeted effort to exploit a specific weakness in the system, requiring immediate attention and response.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
The intrusion detection system (IDS) at a company generating alerts corresponding to a specific signature could possibly indicate an attack attempting to exploit the vulnerability related to that signature. A signature-based IDS is designed to detect patterns of known attacks that have their signatures stored in its database. The signatures are based on the characteristics or behaviors associated with known vulnerabilities or attack patterns.
Domain
4.0 Security Operations
Question 11Skipped
What is the most possible reason the IT team has noticed that multiple user accounts are being locked out frequently with no apparent explanation even though the users have been allowed a certain number of incorrect attempts to login before lockout?
The firewall is blocking legitimate login attempts
Explanation
The firewall blocking legitimate login attempts would not result in multiple user accounts being locked out frequently. If the firewall were blocking legitimate login attempts, users would not even be able to attempt to log in, let alone trigger a lockout mechanism.
An updated password policy
Explanation
An updated password policy could potentially lead to users being locked out if they are not aware of the new requirements. However, this would not explain why multiple user accounts are being locked out frequently with no apparent explanation, especially if the users have been allowed a certain number of incorrect login attempts before lockout.
Correct answer
A credential attack
Explanation
A credential attack is the most likely reason for multiple user accounts being locked out frequently with no apparent explanation, even if the users have been allowed a certain number of incorrect login attempts before lockout. In a credential attack, malicious actors use automated tools to repeatedly try different username and password combinations to gain unauthorized access to user accounts, triggering the lockout mechanism.
Multiple users have all coincidentally forgotten their passwords
Explanation
Multiple users coincidentally forgetting their passwords would not lead to frequent lockouts of user accounts. Even if users forgot their passwords, they would not trigger the lockout mechanism unless they attempted to log in with incorrect credentials multiple times.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
A credential attack is the most possible reason multiple user accounts are being locked out frequently with no apparent explanation. Malicious actors repeatedly guess passwords through brute forcing or try combinations resembling a list of stolen credentials to try and gain unauthorized access.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 12Skipped
What is expected by an organization in the attestation process for an identity and access management (IAM) system they have implemented to enhance their security?
Creation of digital signatures to be used for user authentication
Explanation
Creation of digital signatures for user authentication is not directly related to the attestation process for an IAM system. While digital signatures can enhance security, the attestation process focuses on verifying and confirming user access permissions.
Logging of the user activities performed
Explanation
Logging of user activities performed is important for monitoring and auditing user actions, but it is not the primary focus of the attestation process for an IAM system. The attestation process primarily involves verifying and confirming user access permissions to maintain security and compliance.
Automated granting of access rights to all users
Explanation
Automated granting of access rights to all users is not expected in the attestation process for an IAM system. The attestation process involves verifying and confirming user access permissions periodically to ensure security and compliance.
Correct answer
Periodic verification and confirmation of user access permissions
Explanation
Periodic verification and confirmation of user access permissions is a crucial aspect of the attestation process for an IAM system. This helps organizations ensure that users have appropriate access rights and permissions, reducing the risk of unauthorized access.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
Periodic verification and confirmation of user access permissions is expected by an organization in the attestation process for their identity and access management (IAM) system. It is performed to ensure that users have the appropriate access rights and permissions necessary to support their function in the systems they have access to and prevent illegitimate access to the systems.
Domain
4.0 Security Operations
Question 13Skipped
A tourism agency wants to encrypt its client’s data with an algorithm that provides strong security and performance as it upgrades its data security techniques. Which algorithm should they consider?
ElGamal
Explanation
ElGamal is a public-key encryption algorithm that is primarily used for encrypting messages and securing communications. While it offers strong security, it may not provide the same level of performance and efficiency as AES, especially when encrypting large amounts of data. For the tourism agency’s goal of encrypting client data with a focus on security and performance, AES would be a more suitable choice compared to ElGamal.
Correct answer
AES
Explanation
AES (Advanced Encryption Standard) is a widely adopted symmetric encryption algorithm that provides strong security and high performance. It is commonly used for encrypting sensitive data in various applications and is recommended for organizations looking to enhance their data security techniques. Compared to other algorithms like ECC and ElGamal, AES is considered a more suitable choice for encrypting client data due to its proven security and efficiency.
DSA
Explanation
DSA (Digital Signature Algorithm) is a digital signature algorithm rather than an encryption algorithm. While it is used for verifying the authenticity of digital messages, it is not typically used for encrypting data. AES, on the other hand, is a symmetric encryption algorithm that is widely recognized for its strong security and performance in data encryption.
ECC
Explanation
ECC (Elliptic Curve Cryptography) is a strong encryption algorithm that provides high security with smaller key sizes compared to other encryption algorithms. While it is known for its efficiency and performance, AES is generally considered a more widely used and recommended choice for data encryption due to its proven track record and widespread adoption in various security applications.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
The tourism agency can use the advanced encryption standard (AES) to encrypt its client’s data. The algorithm is widely recommended for its efficient performance and strong security. It supports key sizes of 128, 192, and 256 bits.
Domain
1.0 General Security Concepts
Question 14Skipped
An IT administrator seeks to perform a change in the production environment to apply a critical security patch on all servers at her company that follow a change management policy. What step should be taken?
Correct answer
Seek approval from the change management board
Explanation
Seeking approval from the change management board is crucial in following the company’s change management policy. This step ensures that the proposed change, in this case, applying a critical security patch, is reviewed, approved, and scheduled appropriately to minimize risks and disruptions to the production environment.
Disconnect the servers from the network till the patch is applied
Explanation
Disconnecting the servers from the network until the patch is applied may prevent potential security risks, but it is not a recommended approach in a production environment that follows a change management policy. It is essential to follow the established procedures and seek approval from the appropriate stakeholders before implementing any changes to ensure proper coordination and communication.
Perform an emergency change
Explanation
Performing an emergency change without proper evaluation and approval can introduce unnecessary risks and potentially cause disruptions to the production environment. Emergency changes should be reserved for situations where immediate action is required to mitigate severe security threats or system failures.
Immediately apply the security patch to the servers
Explanation
Immediately applying the security patch to the servers without following the change management policy can lead to unforeseen issues, conflicts with existing configurations, or disruptions to critical services. It is important to adhere to the established procedures to maintain the stability and security of the production environment.
Overall explanation
5.1 Summarize elements of effective security governance.
The IT administrator should seek approval from the change management board to apply a critical security patch on all servers at her company that follow a change management policy. This practice ensures that the changes undergo an assessment of their impact on security, compliance, and system stability. The board shall determine if the change aligns with the goals and objectives of the organization and the overall strategy of change management.
Domain
5.0 Security Program Management and Oversight
Question 15Skipped
A company conducted an incident response analysis after experiencing a data breach incident that exposed their confidential information and identified several key lessons learned. Which lessons are most relevant for them to improve their incident response plan?
Timely updating all threat signatures
Explanation
Timely updating all threat signatures is important for maintaining a strong cybersecurity posture, but it is more related to proactive security measures rather than incident response. While updating threat signatures can help prevent future incidents, it is not directly related to improving the incident response plan based on lessons learned from a data breach incident.
Correct answer
Employee security awareness training
Explanation
Employee security awareness training is a critical component of incident response as human error and negligence are common causes of security incidents. By educating employees on cybersecurity best practices, organizations can reduce the likelihood of future incidents and improve their overall incident response capabilities. Therefore, based on the lessons learned from a data breach incident, prioritizing employee security awareness training is crucial for enhancing the incident response plan.
Enhancing recovery procedures
Explanation
Enhancing recovery procedures is crucial for ensuring business continuity and minimizing the impact of a data breach incident. While this is an important aspect of incident response, it focuses more on post-incident recovery rather than improving the incident response plan based on lessons learned.
Strengthening the perimeter defenses
Explanation
Strengthening perimeter defenses is essential for preventing unauthorized access to the network and systems, but it is more focused on preventing incidents rather than improving the incident response plan based on lessons learned. While perimeter defenses play a significant role in overall cybersecurity, the lessons learned from a data breach incident may highlight other areas that need improvement in the incident response plan.
Overall explanation
4.8 Explain appropriate incident response activities.
Employee security awareness training is the lesson most relevant for the company to improve its incident response plan. Educating the employees helps them to prevent common human error and respond to social engineering attacks effectively. They are equipped with the knowledge and skills to take proactive measures to protect the organization’s data and systems from cyberattacks.
Domain
4.0 Security Operations
Question 16Skipped
The network security technicians at the IT department of a company have disabled all unnecessary services, applied stern access controls, and updated firmware of their network devices in efforts to harden them. What additional measures can they take?
Sharing the router’s configurations on the community forum
Using default login credentials
Correct answer
Disabling remote access management
Enabling universal plug-and-play
Overall explanation
4.1 Given a scenario, apply common security techniques to computing resources.
Disabling remote access management can additionally be performed by network security technicians in an effort to harden their network devices. Unauthorized individuals and external threats can be prevented from exploiting vulnerabilities and gaining control over critical systems.
Domain
4.0 Security Operations
Question 17Skipped
What key benefit does an organization get by retaining experienced security professionals in its cybersecurity team?
Stable network performance
Explanation
Stable network performance is essential for the organization’s operations, but it is not the primary benefit of retaining experienced security professionals. While experienced professionals can help maintain network stability, the key benefit in retaining them lies in factors such as reduced training costs and expertise in handling complex security challenges.
Correct answer
Reduced training costs
Explanation
Retaining experienced security professionals in the cybersecurity team can lead to reduced training costs for the organization. Experienced professionals require less training and onboarding compared to new hires, saving time and resources for the organization.
Improved job satisfaction
Explanation
While improved job satisfaction is an important factor in retaining security professionals, it is not the key benefit that an organization gets by retaining experienced professionals. Job satisfaction can contribute to employee retention but may not directly impact the organization’s bottom line or operational efficiency.
High availability of systems
Explanation
High availability of systems is crucial for the organization’s cybersecurity posture, but it is not the key benefit specifically associated with retaining experienced security professionals. Experienced professionals may contribute to system availability, but other factors such as robust infrastructure and effective monitoring also play a significant role.
Overall explanation
4.7 Explain the importance of automation and orchestration related to secure operations.
An organization benefits from reduced training costs by retaining experienced security professionals in its cybersecurity team. There are fewer training needs required for experienced employees. Furthermore, their knowledge and skills contribute to an effective and efficient security posture.
Domain
4.0 Security Operations
Question 18Skipped
What type of risk appetite is exhibited by an executive team eager to innovate and expand their company’s services aggressively such that they are open to taking calculated risks to gain a competitive edge?
Neutral
Explanation
A neutral risk appetite indicates a lack of preference for either risk-taking or risk-aversion. The executive team described in the question is actively seeking to innovate and expand aggressively, indicating a clear preference for taking calculated risks to achieve their strategic goals.
Conservative
Explanation
A conservative risk appetite is characterized by a cautious approach to risk-taking, where the executive team prioritizes stability and security over aggressive expansion and innovation. This approach is not in line with an executive team eager to innovate and expand aggressively.
Aggressive
Explanation
An aggressive risk appetite typically involves taking high risks in pursuit of high rewards, often without a full assessment of potential consequences. While the executive team in question is open to taking risks, they are more focused on calculated risks to gain a competitive edge rather than blindly pursuing high-risk opportunities.
Correct answer
Expansionary
Explanation
An executive team exhibiting an expansionary risk appetite is eager to innovate and expand their company’s services aggressively. They are open to taking calculated risks to gain a competitive edge, which aligns with their growth-focused strategy.
Overall explanation
5.2 Explain elements of the risk management process.
An executive team eager to innovate and expand their company’s services aggressively such that they are open to taking calculated risks to gain a competitive edge exhibits an expansionary risk appetite. The team is open to embracing risk to achieve growth of their business and competitive superiority. However, a balance must be struck between the expansionary risk approach and the risk mitigation strategy to ensure the gains outweigh the losses.
Domain
5.0 Security Program Management and Oversight
Question 19Skipped
A security administrator has noticed unusual traffic patterns and suspects that one of the certificates that their company’s web server uses to secure its website may have been compromised. What steps should the administrator take to address the issue?
Correct answer
Verify the validity from the certificate revocation list
Explanation
Verifying the validity from the certificate revocation list is a crucial step to address the issue of a potentially compromised certificate. The certificate revocation list contains information about certificates that have been revoked by the certificate authority, allowing the administrator to check if the suspect certificate is still valid.
Generate a new certificate with the same key pair
Explanation
Generating a new certificate with the same key pair may not be the best course of action if the current certificate is compromised. If the key pair is compromised, generating a new certificate with the same key pair could still leave the website vulnerable to attacks. It is recommended to generate a new key pair for enhanced security.
Generate a new key pair for the same certificate
Explanation
Generating a new key pair for the same certificate is a recommended step to address the issue of a potentially compromised certificate. If the key pair is compromised, generating a new key pair will enhance the security of the certificate and help mitigate the risks associated with the suspected compromise.
Create a new certificate authority
Explanation
Creating a new certificate authority is not necessary to address the issue of a potentially compromised certificate on the web server. This step would involve significant administrative overhead and may not directly resolve the security concern related to the suspect certificate. It is more efficient to focus on verifying the validity of the certificate from the revocation list.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
If there is suspicion that one of their company’s certificates may have been compromised, the security administrator should verify the validity from the certificate revocation list. A certificate revocation list (CRL) is a component of a public key infrastructure (PKI) that gives information about certificates that have been revoked before their expiration date.
Domain
1.0 General Security Concepts
Question 20Skipped
The IT department at a medium-sized organization is concerned with maintaining security and service availability considering their rapid growth in online services is causing increased web traffic and processing demands. How may they use capacity planning to aid them?
Correct answer
Assessment of resource needs to accommodate growth
Explanation
Assessment of resource needs to accommodate growth is a key aspect of capacity planning. By analyzing current resource usage and projecting future needs based on growth trends, the IT department can ensure that they have the necessary infrastructure in place to handle increased web traffic and processing demands.
Identification and mitigation of security holes
Explanation
Identification and mitigation of security holes is more closely related to vulnerability management and security assessments rather than capacity planning. While capacity planning may indirectly contribute to security by ensuring resources are available to support security measures, it is not the primary purpose of capacity planning in this context.
Ensuring disaster recovery readiness
Explanation
Ensuring disaster recovery readiness is important for maintaining service availability in case of unexpected events or failures. While capacity planning may indirectly contribute to disaster recovery readiness by ensuring sufficient resources are available, it is not the primary focus of capacity planning in this scenario.
Protecting data using access permissions
Explanation
Protecting data using access permissions is essential for maintaining security, but it is not directly related to capacity planning. Capacity planning focuses on ensuring that the organization has the right resources in place to meet current and future demands, rather than specifically addressing data protection measures.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
The IT department concerned with maintaining security and service availability of their online services facing increased web traffic and processing demands may use capacity planning to perform an assessment of resource needs to accommodate growth. They will be able to determine if they have the necessary resources to support their growth objectives and whether any additional investments are required. The assessment enables the team to ensure that their resources are being utilized efficiently and effectively to meet both current and future needs.
Domain
3.0 Security Architecture
Question 21Skipped
What steps should a medium-sized financial institution that relies on legacy hardware for its automated teller machines (ATMs) take to address the concerns of security?
Perform a security and risk assessment of the ATMs
Explanation
Performing a security and risk assessment of the ATMs is a crucial step for identifying potential vulnerabilities and weaknesses in the legacy hardware. This assessment will help the financial institution understand the security risks associated with the ATMs and develop a plan to mitigate them effectively.
Closely monitor the ATM network traffic
Explanation
Closely monitoring the ATM network traffic is important for detecting any suspicious activities or potential security breaches. However, monitoring alone may not be sufficient to address the security concerns associated with legacy hardware. Developing a comprehensive plan to replace the legacy ATMs is essential for long-term security improvement.
Correct answer
Develop a replacement plan to phase out the legacy ATMs
Explanation
Developing a replacement plan to phase out the legacy ATMs is the most effective way to address security concerns in a medium-sized financial institution. Legacy hardware is often more vulnerable to security threats, and replacing it with modern, secure alternatives will significantly enhance the overall security posture of the institution.
Install additional cameras to monitor the ATMs
Explanation
Installing additional cameras to monitor the ATMs may enhance physical security, but it does not directly address the security concerns related to legacy hardware vulnerabilities. While monitoring is important, it is not a comprehensive solution to address security issues in legacy ATMs.
Overall explanation
2.3 Explain various types of vulnerabilities.
The financial institution relying on legacy hardware for its ATMs should develop a replacement plan to phase out the legacy ATMs to address the concerns of security**.** A strategic and well-structured approach should be followed that ensures secure decommissioning or disposal of the legacy ATMs while maintaining minimal downtime, and service quality.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 22Skipped
What is the primary security benefit of the software development team using automation and scripting to achieve continuous integration and testing as part of their development process?
Simplified designing of user interfaces
Explanation
While automation and scripting can simplify various aspects of software development, such as repetitive tasks and testing procedures, the primary security benefit is not related to the designing of user interfaces. The focus is on enhancing security measures and code quality.
Correct answer
Improved quality of code and detection of vulnerabilities
Explanation
By implementing automation and scripting for continuous integration and testing, the software development team can enhance the quality of their code and detect vulnerabilities early in the development process. This proactive approach helps in identifying and addressing security issues before they become major threats.
Less costs of development and integrations
Explanation
Using automation and scripting for continuous integration and testing may help streamline the development process, but the primary security benefit is not related to cost reduction. The main focus is on improving security measures and code quality.
Quicker deployment of software
Explanation
While automation and scripting can indeed lead to quicker deployment of software, the primary security benefit of using these tools for continuous integration and testing is the improved quality of code and the early detection of vulnerabilities. Speed of deployment is important, but not the main security advantage in this context.
Overall explanation
4.7 Explain the importance of automation and orchestration related to secure operations.
The primary security benefit of the software development team using automation and scripting to achieve continuous integration and testing as part of their development process is improved quality of code and detection of vulnerabilities. Automated testing of the code for vulnerabilities is performed before it is implemented into the production environment and code quality is improved by identifying issues early in the software development lifecycle.
Domain
4.0 Security Operations
Question 23Skipped
A large television broadcasting corporation with a complex network infrastructure to support its operations has employed logical segmentation within its network. What best describes the activity they have performed?
Correct answer
Isolation using VLANs
Explanation
Isolation using VLANs is a common method of logical segmentation where different parts of the network are separated into virtual LANs. This allows for better control over network traffic and can enhance security by isolating different segments from each other.
Monitoring the gateways
Explanation
Monitoring the gateways is an important security practice, but it is not directly related to the concept of logical segmentation. Gateways are points where different networks connect, and monitoring them helps in detecting and preventing unauthorized access, but it is not the same as logical segmentation.
Encrypting the traffic flow
Explanation
Encrypting the traffic flow is a security measure to protect data as it travels across the network, but it is not the same as logical segmentation. Encryption ensures that data is secure from eavesdropping or tampering, but it does not segment the network into different isolated parts.
Physical separation using firewalls
Explanation
Physical separation using firewalls involves physically separating different parts of the network using physical devices like firewalls. While this can provide security, the question specifically mentions logical segmentation, which is achieved through virtual means rather than physical devices.
Overall explanation
3.1 Compare and contrast security implications of different architecture models.
The logical segmentation of a network is best described by isolation using virtual local area networks (VLANs). Network resources may be locally compartmentalized using logical subnets even if they are physically interconnected on the same hardware. VLANs create isolated broadcast domains and enhance security, performance, and manageability.
Domain
3.0 Security Architecture
Question 24Skipped
Which architecture model should a company that is looking for a power-efficient and redundant setup use for a new data center they are planning for, as they expand their operations to ensure uninterrupted service?
Correct answer
Cloud-based microservices
Explanation
Cloud-based microservices architecture is the correct choice for a company looking for a power-efficient and redundant setup. Microservices allow for modular and independent components that can be easily scaled up or down based on demand. This architecture also provides redundancy through distributed services, ensuring uninterrupted service.
Monolithic on-premise services
Explanation
Monolithic on-premise services typically involve a single, large server handling all aspects of the application. While this setup may provide some level of redundancy, it is not the most power-efficient or scalable option for a new data center looking to ensure uninterrupted service.
Hybrid cloud and on-premise deployment
Explanation
Hybrid cloud and on-premise deployment involve a combination of cloud services and on-premise infrastructure. While this setup can provide some level of redundancy and flexibility, it may not be the most power-efficient option for a company looking to expand their operations and ensure uninterrupted service in a new data center.
Distributed peer-to-peer services
Explanation
Distributed peer-to-peer services involve interconnected nodes that communicate directly with each other, without the need for a central server. While this setup may offer some level of redundancy, it may not be the most power-efficient option for a new data center looking to ensure uninterrupted service.
Overall explanation
3.1 Compare and contrast security implications of different architecture models.
Cloud-based microservices can ensure uninterrupted services for a company that is looking for a power-efficient and redundant setup. Cloud-based services provide redundancy, scalability, elasticity, availability, cost-effectiveness, and efficient power management. Applications are broken into independent services that can be deployed and scaled individually. They allow rapid and flexible response to changing user demands while maintaining resilience and uptime.
Domain
3.0 Security Architecture
Question 25Skipped
What is the most appropriate step that should be taken by a software development company to safeguard its intellectual property after it has recently released a new application with a unique algorithm?
Correct answer
Register the copyright for the application’s source code and algorithm
Explanation
Registering the copyright for the application’s source code and algorithm provides legal protection and ownership rights over the intellectual property. This step helps the software development company safeguard its unique algorithm from unauthorized use or reproduction by others.
Hide the intellectual property where it cannot be found
Explanation
Hiding the intellectual property where it cannot be found is not a sufficient or effective method to safeguard intellectual property. It does not provide legal protection or prevent unauthorized use or reproduction of the unique algorithm.
Deny all access to the room with the intellectual property
Explanation
Denying all access to the room with the intellectual property is a physical security measure that may prevent unauthorized physical access to the intellectual property. However, this step alone does not provide legal protection or safeguard the algorithm from intellectual property theft.
Upload the application to a cloud repository
Explanation
Uploading the application to a cloud repository may provide backup and version control for the software, but it does not directly address safeguarding the intellectual property of the unique algorithm. Legal protection through copyright registration is a more appropriate step for safeguarding intellectual property.
Overall explanation
3.3 Compare and contrast concepts and strategies to protect data.
The most appropriate step that should be taken by a software development company to safeguard its intellectual property for its new application is to register the copyright for the application’s source code and algorithm. Legal protection for the company’s unique algorithm shall be provided by the copyright registration. This shall protect their application and algorithm from unauthorized reproduction or use.
Domain
3.0 Security Architecture
Question 26Skipped
What is the level of sophistication of threat actors whose attacks primarily consist of automated bots attempting to exploit known vulnerabilities?
Correct answer
Unsophisticated
Explanation
Automated bots attempting to exploit known vulnerabilities indicate a low level of sophistication in threat actors. These attacks rely on pre-existing tools and techniques rather than advanced methods, making them characteristic of unsophisticated actors.
State-sponsored
Explanation
State-sponsored threat actors are backed by government resources and have the capability to conduct highly targeted and complex attacks for political, economic, or military purposes. Attacks primarily consisting of automated bots do not align with the level of sophistication associated with state-sponsored actors.
Innovative
Explanation
Innovative threat actors are known for developing new and cutting-edge attack techniques that may not be detected by traditional security measures. While automated bot attacks can be effective in exploiting known vulnerabilities, they do not demonstrate the level of innovation typically seen in this category of threat actors.
Advanced
Explanation
Advanced threat actors typically use more sophisticated techniques, such as zero-day exploits or custom malware, to carry out targeted attacks. Automated bot attacks targeting known vulnerabilities are not indicative of this higher level of sophistication.
Overall explanation
2.1 Compare and contrast common threat actors and motivations.
Threat actors whose attacks primarily consist of automated bots attempting to exploit known vulnerabilities are unsophisticated actors. Such attacks are low-level and depend more on opportunity rather than skills and techniques on the part of the threat actors.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 27Skipped
What security concept should the security management at a hydroelectric power plant implement to isolate their critical water turbine alternator system from external threats?
Containerization
Explanation
Containerization is a lightweight form of virtualization that encapsulates an application and its dependencies into a container. While containerization can improve application portability and scalability, it is not primarily used for isolating critical systems from external threats.
Correct answer
Network segmentation
Explanation
Network segmentation involves dividing a network into smaller, isolated segments to prevent unauthorized access and contain potential threats. Implementing network segmentation for the water turbine alternator system would help isolate it from external threats and enhance overall security.
Virtualization
Explanation
Virtualization is a technology that allows multiple operating systems to run on a single physical machine. While virtualization can provide benefits such as resource optimization and flexibility, it is not specifically designed to isolate a critical system from external threats.
Access control
Explanation
Access control is essential for regulating and restricting user access to resources within a system. While access control is important for overall security, it alone may not be sufficient to isolate a critical system from external threats.
Overall explanation
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
The security management at a hydroelectric power plant should implement network segmentation to isolate their critical water turbine alternator system from external threats. The technique divides the network into smaller isolated or separable segments to restrict unauthorized access and enhance security and control. If an attacker gains access to one segment, it will be hard for them to navigate laterally to the other segment.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 28Skipped
What is the most likely motivation of threat actors who have attacked the research and development servers containing the intellectual property of a multinational corporation operating in a highly competitive industry?
Revenge
Explanation
Revenge is not the most likely motivation for threat actors who have attacked research and development servers containing intellectual property. Revenge-driven attacks are usually targeted at specific individuals or organizations for personal reasons, rather than targeting intellectual property for competitive advantage or financial gain.
Ethical
Explanation
Ethical motivations are not typically associated with attacks on research and development servers containing intellectual property. Threat actors with ethical motivations would not engage in unauthorized access or data theft, as their actions would be driven by moral principles and a sense of right and wrong.
Blackmail
Explanation
Blackmail is not the most likely motivation for threat actors who have attacked research and development servers containing intellectual property. Blackmail typically involves threatening to reveal damaging information unless a demand is met, which is different from the goal of stealing intellectual property for competitive advantage or financial gain.
Correct answer
Espionage
Explanation
Espionage is the most likely motivation for threat actors who have attacked research and development servers containing intellectual property. They aim to steal valuable information, such as trade secrets, technology innovations, or research findings, to gain a competitive advantage or profit from selling the stolen data to competitors or other malicious entities.
Overall explanation
2.1 Compare and contrast common threat actors and motivations.
The most likely motivation of threat actors who have attacked research and development servers containing intellectual property is espionage. The act involves theft of confidential information from organizations or individuals without their knowledge or consent often for a competitive advantage.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 29Skipped
What is the advantage an organization has by implementing a backup replication strategy for the daily backups of its critical data?
Enhanced threat analysis
Explanation
While implementing a backup replication strategy can enhance the organization’s overall data protection and recovery capabilities, it is not directly related to threat analysis. Threat analysis involves identifying and mitigating potential security risks and vulnerabilities, which is a separate aspect of cybersecurity strategy.
Automation and simplicity in scheduling backups
Explanation
Automation and simplicity in scheduling backups are important aspects of a backup strategy, but they are not the direct advantages of implementing a backup replication strategy. Replication focuses on creating redundant copies of data for quick recovery, rather than the scheduling and automation of backups.
Reduced cost of backup storage
Explanation
While implementing a backup replication strategy can have benefits such as minimized downtime and quick recovery, it may not directly reduce the cost of backup storage. Replicating backups often requires additional storage resources, which can increase the overall cost of backup solutions.
Correct answer
Minimized downtime from quick recovery
Explanation
Implementing a backup replication strategy for daily backups of critical data allows the organization to quickly recover data in case of a disaster or data loss. By having replicated backups, the organization can minimize downtime and ensure business continuity by restoring data from the replicated copies.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
An organization gains minimized downtime from quick recovery by implementing a backup replication strategy for the daily backups of its critical data. The organization can significantly reduce potential financial and operational losses associated with downtime, ensure critical services and functions are available, and maintain the trust of customers and stakeholders.
Domain
3.0 Security Architecture
Question 30Skipped
What is a crucial step to maintain security in the offboarding procedure of a network administrator who has resigned?
Granting temporary administrative access for retrieving all important data
Explanation
Granting temporary administrative access for retrieving all important data can pose a significant security risk as it allows the departing employee to potentially access sensitive information or make unauthorized changes to the network. This goes against the principle of limiting access to only necessary resources.
Retaining the access of the departing employee to not hurt their feelings
Explanation
Retaining the access of the departing employee to not hurt their feelings is not a valid reason to compromise security. It is essential to prioritize the security of the organization’s data and network over personal feelings. By retaining access, the organization exposes itself to potential security threats and breaches.
Correct answer
Disabling the employee’s access to the systems and network
Explanation
Disabling the employee’s access to the systems and network is a crucial step in maintaining security during the offboarding process. This ensures that the departing employee no longer has the ability to access sensitive information or make changes to the network, reducing the risk of security incidents.
Allowing the departing employee to keep the company-issued device
Explanation
Allowing the departing employee to keep the company-issued device can lead to potential security breaches as the device may still have access to sensitive company information or network resources. It is important to collect all company-issued devices to prevent unauthorized access.
Overall explanation
5.1 Summarize elements of effective security governance.
A crucial step to maintain security in the offboarding procedure of a network administrator who has resigned is disabling the employee’s access to the systems and network. This approach prevents unauthorized use of the company’s resources, data breaches, and illegitimate access to the systems.
Domain
5.0 Security Program Management and Oversight
Question 31Skipped
The IT department wants to minimize the impact of their network security solutions on the system resources while keeping the security robust with a solution that does not require them to install software on the endpoints. What type of solution do they seek?
Correct answer
Agentless
Explanation
An agentless solution does not require the installation of software on the endpoints, which aligns with the requirement of not impacting system resources and avoiding endpoint software installation. It can provide robust security measures without the need for individual endpoint configurations.
Host-based
Explanation
A host-based solution involves installing security software directly on the endpoints, which contradicts the requirement of minimizing the impact on system resources and avoiding endpoint software installation. It is not the most suitable option for achieving the desired outcome in this scenario.
Client-based
Explanation
A client-based solution typically involves installing software on the endpoints, which goes against the requirement of minimizing the impact on system resources and avoiding endpoint software installation. It is not the ideal choice for this scenario.
Serverless
Explanation
A serverless solution focuses on the absence of a dedicated server for processing, which is not directly related to the requirement of minimizing the impact on system resources and avoiding endpoint software installation. It does not address the specific needs outlined in the question.
Overall explanation
2.2 Explain common threat vectors and attack surfaces.
A solution that will not require the IT department to install software on endpoints is an agentless solution. The solution can perform security functions and monitor network traffic without agents logically on the endpoints.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 32Skipped
What is the first and most critical step a digital forensics investigator should take to preserve crucial evidence from a computer at a crime scene?
Correct answer
Creation of a forensic image of the computer
Explanation
The creation of a forensic image of the computer is the first and most critical step a digital forensics investigator should take to preserve crucial evidence from a computer at a crime scene. This process involves making an exact copy of the entire storage device, including all data and metadata, to ensure that the original evidence remains intact for analysis.
Taking pictures of the computer at the crime scene
Explanation
Taking pictures of the computer at the crime scene may be important for documenting the physical state of the computer, but it is not the most critical step in preserving crucial evidence from a computer in a digital forensics investigation.
Switching off the computer
Explanation
Switching off the computer can potentially alter or destroy crucial evidence stored in volatile memory. This action should be avoided until a forensic image of the computer has been created to preserve the state of the system at the time of the investigation.
Analysis of the computer to find evidence
Explanation
Analysis of the computer to find evidence should only be conducted after the crucial step of creating a forensic image of the computer has been completed. Without preserving the evidence through a forensic image, any analysis could potentially alter or compromise the integrity of the data.
Overall explanation
4.8 Explain appropriate incident response activities.
The first and most critical step a digital forensics investigator should take to preserve crucial evidence from a computer at a crime scene is the creation of a forensic image of the computer. At this stage, a bit-by-bit copy of the data is made in a sound manner without any alteration of the original data. This process is essential to maintain the chain of custody and ensure the integrity and admissibility of the evidence in a legal court.
Domain
4.0 Security Operations
Question 33Skipped
What is the main purpose of the IT department providing training to employees on an updated access control policy?
Automatic assignment of access to users
Explanation
Automatic assignment of access to users is a technical aspect of access control that is typically managed by IT systems and tools, not something that would be directly addressed through employee training on an updated access control policy.
Correct answer
Educating users on the importance of access control
Explanation
Educating users on the importance of access control is a crucial aspect of training employees on an updated access control policy. By understanding the significance of access control, employees are more likely to adhere to the policy and help maintain a secure environment.
Creating access permissions for users
Explanation
Creating access permissions for users is a task typically performed by the IT department itself, not something that would be the main purpose of providing training to employees on an updated access control policy.
Simplifying the access management process
Explanation
While training employees on an updated access control policy may lead to a more streamlined access management process, simplifying the access management process is not the main purpose of providing such training. The primary goal is to ensure that employees understand and comply with the policy for enhanced security.
Overall explanation
5.6 Given a scenario, implement security awareness practices.
Educating users on the importance of access control is the aim of the IT department training employees on a new password management policy. Access control measures safeguard sensitive data and systems from unapproved access. Users need to be made aware of their responsibilities in protecting critical data and the access control procedures to follow.
Domain
5.0 Security Program Management and Oversight
Question 34Skipped
What should a cybersecurity analyst do after noticing information from a dark web threat feed service they have subscribed to, talking of the sale of compromised credentials of employees from their organization on the dark web?
Report the issue to the authorities
Explanation
Reporting the issue to the authorities is a crucial step to take after discovering compromised credentials being sold on the dark web. This action can help initiate an investigation, potentially prevent further damage, and hold the perpetrators accountable.
Delete the employees from all systems
Explanation
Deleting the employees from all systems is not the appropriate response to compromised credentials being sold on the dark web. This action can disrupt business operations and may not address the root cause of the issue, which is the compromised credentials themselves.
Correct answer
Inform the affected employees and reset their credentials
Explanation
Informing the affected employees and resetting their credentials is the correct action to take after discovering compromised credentials being sold on the dark web. This step helps protect the employees’ accounts and sensitive information, mitigating the risk of unauthorized access and potential data breaches.
The threat feed may be false so wait for possible noise on the issue
Explanation
Waiting for possible noise on the issue because the threat feed may be false is not a recommended course of action. It is important to take immediate steps to protect the organization and its employees from potential threats rather than waiting for confirmation.
Overall explanation
4.3 Explain various activities associated with vulnerability management.
The cybersecurity analyst should inform the affected employees and reset their credentials after noticing information from a dark web threat feed service talking of the sale of compromised credentials of employees from their organization on the dark web. It is crucial that measures to protect the employees and the organization are considered to mitigate potential threats. Resetting the credentials prevents possible compromise and data exposure. Notifying the employees brings transparency, maintains trust, and provides guidance on securing the accounts.
Domain
4.0 Security Operations
Question 35Skipped
A financial organization handling sensitive data that includes transaction details and history, financial records, and customer personal information has implemented a robust classification system. What is their main goal for classifying their data?
Ensuring all data may be made public
Explanation
Ensuring all data may be made public is not the main goal of data classification in a financial organization. Data classification is focused on identifying and protecting sensitive information, not making all data public.
Sharing of sensitive information with individuals
Explanation
Sharing of sensitive information with individuals is not the main goal of data classification in a financial organization. The primary purpose of data classification is to protect sensitive information and assign appropriate protection levels based on the sensitivity of the data.
Correct answer
Assignment of appropriate protection levels
Explanation
Assignment of appropriate protection levels is the main goal of data classification in a financial organization. By classifying data based on its sensitivity and importance, the organization can apply the necessary security measures to protect it from unauthorized access or disclosure.
Deletion of data that is not required
Explanation
Deletion of data that is not required is not the main goal of data classification. While data classification may help identify data that is no longer needed or has expired, the primary objective is to protect and secure sensitive information through appropriate protection levels.
Overall explanation
3.3 Compare and contrast concepts and strategies to protect data.
The main goal of the financial organization classifying their data is the assignment of appropriate protection levels. This will ensure that sensitive information is adequately safeguarded concerning the requirements for data privacy and security.
Domain
3.0 Security Architecture
Question 36Skipped
What is the aim of a business partners agreement (BPA) established between a small startup and a well-established technology company to collaborate on a new software project where they shall be sharing sensitive development and design documents?
Establishes the roles and responsibilities for both business partners
Explanation
While establishing roles and responsibilities is an important aspect of a business partners agreement (BPA), it is not the primary aim when sharing sensitive development and design documents. The main focus in this scenario would be on legal, security, and data sharing requirements.
Correct answer
Legal and security requirements for the sharing of data are specified
Explanation
This choice is correct because one of the main aims of a business partners agreement (BPA) is to specify the legal and security requirements for the sharing of sensitive data between the two parties. This ensures that both partners understand and agree on how the data will be handled and protected.
Defining the organizational structure of the partnership
Explanation
Defining the organizational structure of the partnership is not the main aim of a business partners agreement (BPA) in the context of sharing sensitive development and design documents. While organizational structure may be addressed in the agreement, the primary focus would be on legal, security, and data sharing aspects.
The terms and conditions for payments are outlined
Explanation
The aim of a business partners agreement (BPA) is not primarily to outline the terms and conditions for payments. While financial aspects may be included in the agreement, the main focus is on other aspects such as data sharing, security, roles, and responsibilities.
Overall explanation
5.3 Explain the processes associated with third-party risk assessment and management.
The aim of a business partners agreement (BPA) established between the startup and technology company to collaborate on the software project where they shall be sharing sensitive documents is to ensure that legal and security requirements for the sharing of data are specified. The BPA includes terms, conditions, and responsibilities of the business partners collaborating on the project.
Domain
5.0 Security Program Management and Oversight
Question 37Skipped
What should be the immediate response from the security operation center of an organization after receiving an alert suggesting a potential intrusion attempt on a critical server?
Correct answer
Perform an investigation of the alert
Explanation
Performing an investigation of the alert is the immediate response that the security operation center should take after receiving an alert suggesting a potential intrusion attempt on a critical server. This investigation will help determine the nature and severity of the alert, identify the potential threat actor, and assess the impact on the organization’s security posture.
Disconnect the server from the network
Explanation
Disconnecting the server from the network may be a drastic measure that could disrupt critical services and potentially hinder the investigation process. It is important to first investigate the alert to understand the nature of the potential intrusion attempt before taking any further action.
Wait for the same alert to appear again
Explanation
Waiting for the same alert to appear again is not a proactive response to a potential intrusion attempt on a critical server. Immediate action should be taken to investigate the alert and mitigate any potential security risks to the organization. Waiting for the alert to reappear could result in further exploitation by threat actors.
Raise an alarm at the organization
Explanation
Raising an alarm at the organization without conducting a thorough investigation of the alert may cause unnecessary panic and confusion among employees. It is essential to first investigate the alert to determine the validity and severity of the potential intrusion attempt before escalating the situation.
Overall explanation
4.4 Explain security alerting and monitoring concepts and tools.
The immediate response from the security operation center of an organization after receiving an alert suggesting a potential intrusion attempt on a critical server is to perform an investigation of the alert. During the investigation, the security team will be able to determine if the intrusion attempt is genuine or a false positive. If it is genuine, they will proceed to analyze the source, nature, and severity of the intrusion.
Domain
4.0 Security Operations
Question 38Skipped
As part of a security audit to improve the security posture of a company’s network, the system administrator has identified several unused and unnecessary software applications installed on the company workstations. What action should the administrator take?
Correct answer
Remove the unnecessary software
Explanation
Removing unnecessary software is the correct action to take to improve the security posture of the company’s network. Unused software increases the attack surface and potential vulnerabilities, so removing them enhances the overall security of the network.
Remove all workstations with unnecessary software from the network
Explanation
Removing all workstations with unnecessary software from the network may be an extreme measure and can disrupt the normal operations of the company. It is more efficient and practical to simply remove the unnecessary software from the workstations rather than removing the entire workstation from the network.
Document all the unnecessary software found
Explanation
While documenting the unnecessary software found is a good practice for inventory and tracking purposes, it is not sufficient to improve the security posture of the network. The primary action should be to remove the unnecessary software to reduce security risks.
Leave the unnecessary software installed for they may be needed one day
Explanation
Leaving unnecessary software installed on workstations poses a security risk as they can be exploited by attackers. It is best practice to remove any software that is not actively used to reduce the attack surface and potential vulnerabilities.
Overall explanation
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
The administrator should remove the unnecessary software after identifying that it is installed on the company workstations. Software that is no longer in use or not required should be uninstalled or disabled. The practice not only reduces the attack surface for potential vulnerabilities but also improves the system performance and frees up storage space.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 39Skipped
What is the purpose of a risk report prepared by the chief information security officer (CISO) to the board of directors with an overview of the organization’s cybersecurity posture?
To convince the board to approve more funds for cybersecurity during budget meetings
Explanation
The purpose of a risk report prepared by the CISO to the board of directors is not solely to convince the board to approve more funds for cybersecurity during budget meetings. While this may be a potential outcome, the primary goal is to provide an overview of the organization’s cybersecurity posture and communicate cybersecurity threats and vulnerabilities.
Evaluation of the KPIs of risk owners
Explanation
Evaluating the Key Performance Indicators (KPIs) of risk owners is not the primary purpose of a risk report prepared by the CISO to the board of directors. While KPIs may be included in the report to provide metrics on cybersecurity performance, the main focus is on communicating threats and vulnerabilities.
Correct answer
Communication of cybersecurity threats and vulnerabilities
Explanation
Communication of cybersecurity threats and vulnerabilities is the main purpose of a risk report prepared by the CISO to the board of directors. This report helps the board understand the current state of cybersecurity within the organization, potential risks, and areas that may require attention or improvement.
To get a lofty bonus and salary increment
Explanation
The purpose of a risk report prepared by the CISO to the board of directors is not to get a lofty bonus and salary increment. The report is intended to provide an objective overview of the organization’s cybersecurity posture and to facilitate informed decision-making by the board regarding cybersecurity measures.
Overall explanation
5.2 Explain elements of the risk management process.
The purpose of a risk report prepared by the chief information security officer (CISO) to the board of directors with an overview of the organization’s cybersecurity posture is the communication of cybersecurity threats and vulnerabilities. The report provides dissemination of the current security posture and the risks faced by the organization to the board, setting their way to make informed decisions related to cybersecurity strategies and investments.
Domain
5.0 Security Program Management and Oversight
Question 40Skipped
Which approach may a medium-sized organization use to effectively block access to websites with known malicious content while allowing access to reputable websites?
Blocking traffic from unknown websites
Explanation
Blocking traffic from unknown websites may not effectively block access to websites with known malicious content, as it relies on identifying and categorizing every single website as either known or unknown. This approach may lead to false positives or negatives, resulting in either blocking reputable websites or allowing access to malicious ones.
Allowing access to HTTPS websites only
Explanation
Allowing access to HTTPS websites only does not guarantee protection against websites with known malicious content. While HTTPS encryption provides security for data transmission, it does not inherently filter out websites based on their reputation or content. Malicious websites can still use HTTPS to deliver harmful content.
Correct answer
Web filtering based on the websites’ reputation
Explanation
Web filtering based on the websites’ reputation is an effective approach for a medium-sized organization to block access to websites with known malicious content while allowing access to reputable websites. By using reputation-based web filtering tools or services, organizations can automatically block access to websites with a history of malicious activities, providing a proactive defense against cyber threats.
Whitelisting approved websites
Explanation
Whitelisting approved websites may limit access to only reputable websites, but it does not specifically target known malicious websites. This approach requires constant maintenance and updating of the whitelist to ensure that all reputable websites are included, which may be challenging for a medium-sized organization.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
A medium-sized organization uses web filtering based on the websites’ reputation to effectively block access to websites with known malicious content while allowing access to reputable websites. The websites are categorized based on their historical behavior, user feedback, security certificates, and known security risks. Poor reputation websites are known for hosting malware, engaging in phishing activities, and performing various cyberattacks.
Domain
4.0 Security Operations
Question 41Skipped
What should be considered primarily by a small business that wants to comply with physical security standards as they plan to relocate their server room to a new location within the same building?
Securing the remote access methods
Explanation
Securing remote access methods is important for overall cybersecurity, but it is not the primary consideration for physical security standards when relocating a server room within the same building. Physical security measures such as temperature and humidity maintenance are more critical for the protection of the server equipment during the relocation process.
Biometric access controls installation
Explanation
While biometric access controls can enhance physical security, they may not be the primary concern for a small business relocating their server room within the same building. Biometric access controls are more relevant for controlling access to the server room, but temperature and humidity maintenance are critical for the equipment’s well-being.
Correct answer
Temperature and humidity maintenance
Explanation
Temperature and humidity maintenance is crucial for the proper functioning of server equipment. Maintaining optimal temperature and humidity levels in the server room is essential to prevent overheating and equipment failure, ensuring the reliability and longevity of the hardware.
Regular endpoint protection updates
Explanation
Regular endpoint protection updates are important for cybersecurity, but they are not directly related to physical security standards for a server room relocation. While cybersecurity measures are essential, the primary focus for physical security compliance during relocation should be on environmental factors like temperature and humidity.
Overall explanation
5.1 Summarize elements of effective security governance.
Temperature and humidity maintenance should primarily be considered by the business as they plan to relocate their server room to a new location within the same building. The correct balance of temperature and humidity can be achieved by heating, ventilation, and air conditioning (HVAC) systems, environmental sensors, precision cooling units, humidifiers, and dehumidifiers. The optimal levels should be maintained for reliable performance and lifetime of the IT equipment. Temperature should be regulated to prevent overheating. Humidity should be controlled as well, for excessively dry conditions can cause static charges and damage sensitive components, while on the other hand, excessive moisture can cause corrosion.
Domain
5.0 Security Program Management and Oversight
Question 42Skipped
The security team of a popular online shopping website is concerned about potential attacks after detecting unusual activities such as multiple login and SQL injection attempts. What mitigation technique can they implement to protect their site’s sensitive data from these web threats?
Denying all traffic containing an SQL query
Explanation
Denying all traffic containing an SQL query may impact the website’s functionality and legitimate user interactions. It is not a practical mitigation technique as SQL queries are essential for the website’s database operations. Blocking all SQL queries can disrupt the site’s operations and user experience.
Correct answer
Installation of a web application firewall
Explanation
Installation of a web application firewall is an effective mitigation technique to protect against web threats such as SQL injection attempts. A web application firewall can filter and monitor HTTP traffic to block malicious requests and prevent attacks from reaching the website’s sensitive data.
Blocking the IP addresses suspected to be malicious
Explanation
Blocking the IP addresses suspected to be malicious can help mitigate potential attacks, but it may not be a comprehensive solution. Attackers can easily change IP addresses or use proxy servers to bypass IP blocking, making it less effective in protecting the site’s sensitive data from web threats.
Rejection of multiple login attempts
Explanation
Rejection of multiple login attempts is a good practice to prevent brute force attacks, but it may not be sufficient to protect against other web threats such as SQL injection attempts. Implementing additional security measures like a web application firewall would provide more comprehensive protection for the site’s sensitive data.
Overall explanation
3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
The security team of the online shopping website can perform the installation of a web application firewall (WAF) to protect their site’s sensitive data from the potential attacks they have observed. A WAF performs inspection and filtering of incoming web traffic to block malicious activities such as SQL injection attempts, cross-site scripting (XSS), malicious packets, etc.
Domain
3.0 Security Architecture
Question 43Skipped
Which segmentation method would be most suitable for a large corporation that wants to enhance its data security to isolate and protect critical configuration files from the general employee network traffic?
Correct answer
VLAN
Explanation
VLANs (Virtual Local Area Networks) are a suitable segmentation method for isolating and protecting critical configuration files within a large corporation. By creating separate VLANs for different types of network traffic, such as separating employee network traffic from critical configuration files, organizations can enhance data security and prevent unauthorized access.
DMZ
Explanation
DMZ (Demilitarized Zone) is a network segment that sits between an internal network and an external network, such as the internet. While DMZs are commonly used to host public-facing services and provide an additional layer of security, they are not the most suitable segmentation method for isolating and protecting specific configuration files within a network.
ACL
Explanation
ACLs (Access Control Lists) are used to control access to network resources based on a set of rules. While they can be used for segmentation and access control, they are more commonly used at the network layer to control traffic flow rather than isolating specific files or resources within a network.
MAC
Explanation
MAC (Media Access Control) address filtering is a method of controlling access to a network based on the physical address of a device. While MAC filtering can be used for segmentation, it is not the most suitable method for isolating and protecting specific files within a network, as it focuses more on device-level access control rather than file-level isolation.
Overall explanation
3.3 Compare and contrast concepts and strategies to protect data.
A virtual local area network (VLAN) is the most suitable segmentation method for a large corporation that wants to isolate and protect critical configuration files from the general employee network traffic. A single physical network is divided into multiple isolated virtual networks. VLANs allow a logical separation of network traffic and can isolate different groups of devices from each other through the different logical segments on the network.
Domain
3.0 Security Architecture
Question 44Skipped
What key should employees at one office use to decrypt confidential information sent by employees at another office when using their organization’s PKI to secure communication between offices?
Their public key
Explanation
Using their public key would not allow employees to decrypt confidential information sent by employees at another office. Public keys are used for encryption, not decryption, in a PKI system.
The sender’s public key
Explanation
The sender’s public key is used for encrypting the information, not decrypting it. Employees at the receiving office would need their private key to decrypt the information.
The sender’s private key
Explanation
Using the sender’s private key to decrypt information sent by employees at another office would not be possible in a PKI system. Private keys are kept secret and should not be shared with others for decryption purposes.
Correct answer
Their private key
Explanation
Employees at one office should use their private key to decrypt confidential information sent by employees at another office. Private keys are used for decryption in a PKI system, ensuring that only the intended recipient can access the encrypted data.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
Employees at one office should make use of their private key to decrypt confidential information sent by employees at another office when using their organization’s public key infrastructure (PKI). In asymmetric encryption, when a sender of a message will encrypt the message with the public key of the receiver because it is publicly available, the corresponding private key of the receiver shall be the only key able to decrypt the message. Since only the receiver has access to the key, only the receiver shall be able to read the message.
Domain
1.0 General Security Concepts
Question 45Skipped
An employee of a small business firm that lacks proper security measures for its wired network infrastructure has accidentally connected a rogue device to the network and introduced a potential security threat. What action should be taken in response to this?
No action is needed as the device poses no confirmed threat
Explanation
No action is needed as the device poses no confirmed threat is incorrect because any unauthorized device connected to a network can potentially pose a security threat. It is essential to take action to prevent any unauthorized access or malicious activities that the rogue device may initiate.
Correct answer
Disconnection of the rogue device from the network
Explanation
Disconnection of the rogue device from the network is the immediate and correct response to mitigate the potential security threat. By removing the unauthorized device, the network can be protected from any malicious activities or unauthorized access that the rogue device may introduce.
Scan the device for vulnerabilities
Explanation
Scanning the device for vulnerabilities may be a valid step to take after disconnecting the rogue device from the network. However, the immediate action should be to remove the unauthorized device to prevent any potential security breaches or unauthorized access.
Switch of the physical switch that connects to the rogue device
Explanation
Switching off the physical switch that connects to the rogue device is not the most effective response to the situation. While it may temporarily disconnect the rogue device, it does not address the root cause of the security threat and may not prevent future incidents of unauthorized access. The best course of action is to physically disconnect the rogue device from the network.
Overall explanation
2.2 Explain common threat vectors and attack surfaces.
Disconnection of the rogue device from the network should be performed in response to an employee accidentally connecting it and introducing a potential security threat. This will prevent any potential unauthenticated software or hardware from gaining direct access to the business firm’s network.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 46Skipped
Robert has connected his smartphone to his headset via Bluetooth as he sits on a bench at a congested shopping mall and suddenly observes his phone making outgoing calls and sending messages without any interaction from him. What attack is Robert facing?
Bluesnarfing
Explanation
Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, such as accessing contact lists or messages. It does not involve making outgoing calls or sending messages without user interaction.
Correct answer
Bluebugging
Explanation
Bluebugging is a type of attack where an attacker takes control of a Bluetooth-enabled device to make outgoing calls, send messages, access data, and perform other malicious activities without the user’s knowledge or consent. This aligns with the scenario described in the question.
Blueprinting
Explanation
BluePrinting attacks involve adversaries capturing detailed information about a device through Bluetooth technology. By analyzing data such as the Bluetooth MAC address, attackers can determine the device’s brand, model, and other specifics. This information helps them narrow down the attack vector and plan more targeted attacks
Bluejacking
Explanation
Bluejacking is the practice of sending unsolicited messages over Bluetooth to Bluetooth-enabled devices. It does not involve making outgoing calls or sending messages without user interaction.
Overall explanation
4.1 Given a scenario, apply common security techniques to computing resources.
Robert is facing a bluebugging attack as he suddenly observes his phone making outgoing calls and sending messages without any interaction from him. The attack involves gaining unauthorized access and control over the target device by leveraging vulnerabilities in the Bluetooth protocol.
Domain
4.0 Security Operations
Question 47Skipped
What should you do if you have received an email from what seems to be your bank, with a link to a login page like your bank’s official website, requesting you to reset your password immediately due to your account being compromised?
Forward the email to your friends and family also registered with the bank
Explanation
Forwarding the email to friends and family registered with the bank can further spread the potential threat to others. It is important to handle suspicious emails with caution and not share them with others until their legitimacy has been verified.
Correct answer
Contact the bank via their official phone number to verify the legitimacy of the email
Explanation
Contacting the bank via their official phone number to verify the legitimacy of the email is the correct course of action. By directly reaching out to the bank through a trusted communication channel, you can confirm whether the email is genuine or a phishing attempt. This helps in protecting your personal information and preventing unauthorized access to your account.
Reply to the email requesting for clarification
Explanation
Replying to the email requesting clarification is not a recommended action as it can potentially expose your personal information to cybercriminals. It is best to avoid engaging with suspicious emails and instead verify the legitimacy of the email through official channels.
Secure your account immediately by clicking the link and resetting your password
Explanation
Clicking the link and resetting your password immediately as requested in the email can lead to your account being compromised. Cybercriminals often use phishing emails to trick individuals into providing their login credentials. It is crucial to verify the authenticity of such emails before taking any action.
Overall explanation
5.6 Given a scenario, implement security awareness practices.
The best step to take if you have received a suspicious email from what seems to be your bank, with a link to a login page requesting you to reset your password is to contact the bank via their official phone number to verify the legitimacy of the email. Phishing emails trick individuals into surrendering confidential information through deceptive techniques, so it is essential that the email is verified to not be a phishing one.
Domain
5.0 Security Program Management and Oversight
Question 48Skipped
What is the most effective way in which a company may ensure password complexity compliance after a recent security audit revealed that some employees use weak passwords?
Perform security audits more frequently
Explanation
Performing security audits more frequently may help identify weak passwords, but it does not directly address the issue of ensuring password complexity compliance. Enforcing a technical implementation of a password policy is a proactive measure that can prevent the use of weak passwords in the first place.
Provide training sessions to employees
Explanation
While providing training sessions to employees can help raise awareness about the importance of password complexity, it may not be the most effective way to ensure compliance. Enforcing a technical implementation of a password policy is a more direct and efficient method to enforce password complexity requirements.
Correct answer
Enforce a technical implementation of a password policy
Explanation
Enforcing a technical implementation of a password policy is the most effective way to ensure password complexity compliance. By implementing specific requirements such as minimum length, use of special characters, and regular password changes, the company can directly enforce strong password practices and reduce the risk of security breaches due to weak passwords.
Advise the users to write down their long passwords on a piece of paper
Explanation
Advising users to write down their long passwords on a piece of paper is not a secure or recommended practice. It can lead to potential security risks if the paper is lost or stolen, compromising the confidentiality of the passwords. Enforcing a technical implementation of a password policy is a more secure and effective way to ensure password complexity compliance.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
The most effective way in which a company may ensure password complexity compliance after a recent security audit revealed that some employees use weak passwords is to enforce a technical implementation of a password policy. The policy enforces specific complexity settings such as the length of the password, the presence of alphanumeric and special characters, the removal of usernames in the password, and so forth.
Domain
4.0 Security Operations
Question 49Skipped
What device can a cryptocurrency trading agency use to securely manage its encryption keys and execute its cryptographic transactions in the online market?
UEFI
Explanation
UEFI (Unified Extensible Firmware Interface) is a firmware interface that is used during the boot process of a computer system. While it plays a role in system initialization and secure boot processes, it is not primarily used for managing encryption keys or executing cryptographic transactions in the online market.
SDK
Explanation
SDK (Software Development Kit) is a set of tools and libraries that developers use to create applications for a specific platform or framework. It is not a device that can be used to securely manage encryption keys or execute cryptographic transactions in the online market. It is more focused on providing resources for application development rather than cryptographic security.
Correct answer
HSM
Explanation
HSM (Hardware Security Module) is a dedicated hardware device that is specifically designed to securely manage encryption keys and perform cryptographic operations. It provides a secure environment for key storage, generation, and encryption, making it an ideal choice for a cryptocurrency trading agency to ensure the security of their transactions in the online market.
VDI
Explanation
VDI (Virtual Desktop Infrastructure) is a technology used to host desktop environments on a centralized server, but it is not specifically designed for securely managing encryption keys or executing cryptographic transactions in the online market. It is more focused on providing virtual desktops to users for remote access and management.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
A cryptocurrency trading agency can use a hardware security module (HSM) to securely manage its encryption keys and execute its cryptographic transactions in the online market. HSMs are tamper-resistant and provide a secure environment for key storage.
Domain
1.0 General Security Concepts
Question 50Skipped
What action will an email security gateway perform when a user receives an email with a suspicious attachment that could potentially contain malware?
Open the attachment for verification
Redirect the email to the security team
Correct answer
Block the email from reaching the mailbox
Allow the email through with a warning
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
An email security gateway will block the email from reaching the mailbox when a user receives an email with a suspicious attachment that could potentially contain malware. Such a proactive measure helps prevent spam, phishing attempts, attachments embedded with malware, and other malicious content from the network.
Domain
4.0 Security Operations
Question 51Skipped
During an investigation of the cause of an unusual increase in traffic between two devices, it was found that an unauthorized rogue device managed to intercept and monitor the communication between the two devices. What type of attack has been achieved?
Credential replay
Explanation
Credential replay attacks involve capturing authentication credentials and replaying them to gain unauthorized access to a system or service. This type of attack does not involve intercepting and monitoring communication between devices as described in the scenario.
Distributed denial-of-service
Explanation
A Distributed Denial-of-Service (DDoS) attack involves overwhelming a target system with a flood of traffic from multiple sources to disrupt its normal operation. It does not involve intercepting and monitoring communication between devices as described in the scenario.
Correct answer
On-path
Explanation
An on-path attack occurs when an unauthorized device intercepts and monitors communication between two legitimate devices. In this scenario, the rogue device managed to intercept and monitor the communication between the two devices, indicating that an on-path attack has been achieved.
Downgrade
Explanation
A downgrade attack involves forcing a system to use weaker security protocols or algorithms to exploit vulnerabilities. It does not involve intercepting and monitoring communication between devices as described in the scenario.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
An on-path attack involves an unauthorized rogue device intercepting and monitoring the communication between two devices. The attack is associated with man-in-the-middle (MITM) attacks where an attacker sits in between the communication of two parties by pretending to be the other party to each party. On-path attacks can be used to steal sensitive data, alter communication, or gain unauthorized access to network traffic. Encryption, digital signatures, and secure communication protocols can be used as a defense against such attacks.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 52Skipped
What is the most appropriate action that a database administrator can take after accidentally deleting a crucial database table?
Contact the sales manager of the database manufacturer
Explanation
Contacting the sales manager of the database manufacturer will not help in recovering the accidentally deleted database table. This action is not related to database recovery processes and will not provide a solution to the issue at hand.
Run away and go back home and pretend nothing happened
Explanation
Running away and pretending nothing happened is not a valid or responsible action for a database administrator to take after accidentally deleting a crucial database table. This behavior does not address the problem or attempt to resolve the data loss issue.
Use information available to rebuild the table from scratch
Explanation
Using information available to rebuild the table from scratch is a possible solution, but it may not be the most efficient or reliable method for recovering the accidentally deleted database table. Depending on the complexity and size of the table, this process could be time-consuming and may not guarantee the recovery of all the original data.
Correct answer
Use the transaction logs to attempt a recovery of the table
Explanation
Using the transaction logs to attempt a recovery of the table is the most appropriate action for a database administrator after accidentally deleting a crucial database table. Transaction logs can help in identifying the changes made to the database and potentially recovering the deleted table by rolling back the transactions.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
After accidentally deleting a crucial database table, the database administrator can use the transaction logs to attempt a recovery of the table. Transaction logs record changes made to the database such as insertions, deletions, or updates. They provide invaluable information to restore an accidentally deleted or modified table or data within the table. The approach can minimize the loss of data.
Domain
3.0 Security Architecture
Question 53Skipped
Which statement below gives an appropriate relationship between the key length and encryption strength?
Encryption is unaffected by the length of the encryption keys
Explanation
The length of encryption keys directly impacts the strength of encryption. Longer keys typically result in stronger encryption, while shorter keys may compromise the security of the encrypted data. Therefore, encryption is indeed affected by the length of the encryption keys.
Stronger encryption is provided by shorter encryption keys
Explanation
Shorter encryption keys do not provide stronger encryption. In fact, shorter keys are more susceptible to brute force attacks and are considered weaker in terms of encryption strength.
Encryption becomes unstable when changing the key length
Explanation
Changing the key length should not make encryption unstable if done correctly. In fact, adjusting the key length to a longer size can enhance the security and stability of encryption by making it more resilient against attacks. It is important to follow best practices when changing key lengths to ensure data security.
Correct answer
Stronger encryption is provided by longer encryption keys
Explanation
Longer encryption keys provide stronger encryption as they increase the complexity of the encryption algorithm, making it more difficult for attackers to decrypt the data without the key. Longer keys offer better security and are essential for ensuring data confidentiality.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
A relationship between the key length and encryption strength is that stronger encryption is provided by longer encryption keys. The key length gives a representation of the number of possible combinations a hacker would need to try before being able to crack it using a brute-force attack. This means a longer key needs more time making it difficult to break. However, the strength of encryption should be balanced with practical considerations for longer keys need more processing power for encryption and decryption.
Domain
1.0 General Security Concepts
Question 54Skipped
What is the primary security concern for a medium-sized business that performs regular onsite backups and stores them in a dedicated room within its data center?
Correct answer
Risk of storing backup copies at the production site
Explanation
Storing backup copies at the production site poses a significant security risk for the business. In the event of a disaster or security breach at the production site, the backup copies stored onsite may also be compromised or unavailable, leading to potential data loss or unauthorized access to sensitive information.
Offsite backups take a long time to backup the data
Explanation
The speed of backing up data to offsite locations is not the primary security concern in this scenario. While it is important to have efficient backup processes, the main focus should be on ensuring the security of the backup copies stored onsite.
Onsite backups take a long time to recover the data
Explanation
The time it takes to recover data from onsite backups is an operational concern rather than a primary security concern. While quick data recovery is important for business continuity, the main security risk lies in storing backup copies at the production site.
Personnel at the production site may see the backups
Explanation
Personnel at the production site being able to see the backups can pose a security risk as they may have unauthorized access to sensitive data. This can lead to data breaches or unauthorized use of the backup data.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
The primary security concern for a business performing regular onsite backups and storing them in a dedicated room within its data center is the risk of storing backup copies at the production site. On-site backups expose organizations to a range of potential threats. In the event of a catastrophic event such as a natural disaster or fire, both the production data and backup will be destroyed.
Domain
3.0 Security Architecture
Question 55Skipped
A corporate firm conducts regular security training sessions and emphasizes the importance of reporting security incidents in its comprehensive security awareness program. What is the importance of a recurring reporting and monitoring program?
To reduce the need for policies and procedures
Explanation
A recurring reporting and monitoring program does not aim to reduce the need for policies and procedures. Policies and procedures are essential components of a comprehensive security program, and reporting and monitoring serve to enforce and enhance compliance with these policies.
Correct answer
To provide ongoing awareness of emerging threats
Explanation
The importance of a recurring reporting and monitoring program is to provide ongoing awareness of emerging threats. By continuously monitoring and reporting security incidents, employees can stay informed about the latest threats and vulnerabilities, enabling them to take proactive measures to protect the organization’s assets.
To convince employees to join the security team
Explanation
The purpose of a recurring reporting and monitoring program is not to convince employees to join the security team. While security training sessions may encourage employees to take an interest in security, the primary goal of reporting and monitoring is to ensure the timely detection and response to security incidents.
To advertise security solutions available in the market
Explanation
The purpose of a recurring reporting and monitoring program is not to advertise security solutions available in the market. While awareness of available security solutions may be beneficial, the primary focus of reporting and monitoring is to ensure the organization’s security posture is maintained and improved over time.
Overall explanation
5.6 Given a scenario, implement security awareness practices.
A recurring reporting and monitoring program helps to provide ongoing awareness of emerging threats. The firm remains proactive in addressing security-related issues and concerns with regard to the rapidly evolving landscape of cyberthreats.
Domain
5.0 Security Program Management and Oversight
Question 56Skipped
What benefit does the implementation of passwordless identity and access management have to the users and institution implementing it?
Data breaches cannot occur
Explanation
While passwordless identity and access management can enhance security and reduce the risk of password-related attacks, it does not guarantee that data breaches cannot occur. Data breaches can still happen through other means, such as vulnerabilities in systems, social engineering attacks, or insider threats.
Correct answer
Reduced risk of password-related attacks
Explanation
Implementing passwordless identity and access management can significantly reduce the risk of password-related attacks, such as phishing, brute force attacks, and password spraying. By eliminating the need for passwords, attackers have one less avenue to exploit for unauthorized access.
Multifactor authentication will not be necessary
Explanation
Multifactor authentication provides an additional layer of security by requiring users to provide multiple forms of verification before accessing resources. Passwordless identity and access management may still incorporate multifactor authentication as an added security measure.
Employees will not need to remember any passwords
Explanation
While employees may not need to remember passwords with passwordless identity and access management, this does not necessarily mean that passwords are completely eliminated from the authentication process. Other forms of authentication, such as biometrics or security keys, may still be required.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
The implementation of passwordless identity and access management provides reduced risk of password-related attacks. It reduces the dependency on traditional passwords that are vulnerable to a variety of attacks. Passwordless authentication leverages the other factors of authentication i.e., something the user has such as a hardware or software token, or something the user is such as biometrics like fingerprints or facial recognition.
Domain
4.0 Security Operations
Question 57Skipped
Which of the following is a key consideration to be outlined in an organization’s disaster recovery policy in the case of a catastrophic data center failure?
Implementation of traffic monitoring at the disaster recovery site
Explanation
Implementation of traffic monitoring at the disaster recovery site, while important for security and performance monitoring, is not a key consideration in the disaster recovery policy for a catastrophic data center failure. The focus in this scenario is on ensuring the continuity of operations and data availability in the event of a disaster.
Vendor support for third-party services
Explanation
Vendor support for third-party services may be important in the overall disaster recovery plan, but it is not a key consideration specifically in the case of a catastrophic data center failure. The primary focus in this scenario is on having a plan in place to migrate operations to a secondary location to ensure business continuity.
Restoration of services at the primary data center
Explanation
Restoration of services at the primary data center is not a key consideration in the disaster recovery policy for a catastrophic data center failure. The primary focus in such a situation is on quickly transitioning operations to a secondary location to minimize downtime and ensure business continuity.
Correct answer
Migration of the operations of the primary data center to a secondary location
Explanation
Migration of the operations of the primary data center to a secondary location is a key consideration in a disaster recovery policy as it ensures continuity of operations in the event of a catastrophic data center failure. Having a secondary location where critical operations can be transferred to allows the organization to minimize downtime and maintain essential services.
Overall explanation
5.1 Summarize elements of effective security governance.
A key consideration to be outlined in an organization’s disaster recovery policy in the case of a catastrophic data center failure is the migration of the operations of the primary data center to a secondary location. The secondary location should be geographically distant from the primary data center to ensure business continuity in the case of regional disasters such as tsunamis, earthquakes, volcanoes, cyclones, landslides, floods, etc.
Domain
5.0 Security Program Management and Oversight
Question 58Skipped
The security team has established a set of mandatory security configurations such as antivirus software, firewall settings, and software patch levels. What security principle are they enforcing?
Defense in depth
Explanation
Defense in depth is a security strategy that involves implementing multiple layers of security controls to protect against various types of threats. While security baselines may be part of a defense-in-depth approach, the specific principle being enforced in this scenario is the establishment of mandatory security configurations, not the layered approach to security.
Threat intelligence
Explanation
Threat intelligence involves gathering and analyzing information about potential threats and vulnerabilities to improve security posture. While security baselines may be informed by threat intelligence, the principle being enforced in this scenario is the establishment of mandatory security configurations, not the intelligence gathered about threats.
Security automation
Explanation
Security automation involves using technology to streamline and automate security processes, such as monitoring, detection, and response. While security baselines may be part of security automation, the specific principle being enforced in this scenario is the establishment of mandatory security configurations, not the automation of security tasks.
Correct answer
Security baselines
Explanation
Security baselines refer to the minimum security settings and configurations that must be applied to all systems within an organization. This includes antivirus software, firewall settings, and software patch levels. By enforcing these mandatory security configurations, the security team ensures a consistent level of security across all systems.
Overall explanation
4.7 Explain the importance of automation and orchestration related to secure operations.
The security team has established and is enforcing security baselines. They help to maintain a consistent security posture by providing a standardized level of security across the organization’s systems. They are not static and should be regularly reviewed and updated to adapt to emerging cybersecurity threats and technology changes over time.
Domain
4.0 Security Operations
Question 59Skipped
A financial institution wants to protect critical data in its database that stores transaction records, including account balances and transaction history, from illicit access. What technique can they implement to effectively maintain the confidentiality and integrity of the data?
Backups
Explanation
Backups are important for data protection and disaster recovery, but they do not directly maintain the confidentiality and integrity of the data in the database. Backups are copies of data that can be used to restore information in case of data loss or corruption, but they do not prevent illicit access to the sensitive data or ensure its integrity.
Correct answer
Encryption
Explanation
Encryption is the correct choice as it is a technique that can effectively maintain the confidentiality and integrity of data. By encrypting the critical data in the database, even if unauthorized users gain access to the data, they will not be able to read or make sense of it without the decryption key. This helps protect the sensitive information from illicit access and maintains its integrity.
Firewall
Explanation
While firewalls are essential for network security and can help prevent unauthorized access to the database, they do not directly maintain the confidentiality and integrity of the data stored within the database. Firewalls control the incoming and outgoing network traffic based on predetermined security rules, but they do not encrypt the data to protect its confidentiality.
Training
Explanation
Training is crucial for educating employees about security best practices and policies, but it is not a technique that directly maintains the confidentiality and integrity of data in the database. While training can help prevent security breaches caused by human error or negligence, it does not provide the necessary encryption or security measures to protect critical data from illicit access.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
The financial institution may implement encryption to effectively maintain the confidentiality and integrity of the critical data in its database. Encryption safeguards the data by keeping it in an unreadable format which an unauthorized individual can not make sense of because they don’t have the decryption key.
Domain
1.0 General Security Concepts
Question 60Skipped
The network engineers at a large corporation with several branch offices spread across the country have configured communication between the branches to allow the internal network data packets to traverse securely over public networks and the internet. How have they managed to achieve this?
SA
Explanation
SA (Security Association) is a one-way relationship between two network entities that describes how they will use security services to communicate securely. While SAs are essential for secure communication, they are not the method used to securely traverse data packets over public networks and the internet.
Correct answer
VPN
Explanation
VPN (Virtual Private Network) is the correct choice as it allows for secure communication between branch offices by creating a private network over a public network infrastructure. VPNs use encryption and tunneling protocols to ensure the confidentiality, integrity, and authenticity of data packets transmitted over the internet.
ISAKMP
Explanation
ISAKMP (Internet Security Association and Key Management Protocol) is a protocol used to establish SAs and manage keys for IPSec. While ISAKMP is an integral part of VPN configurations, it is not the method used to securely traverse data packets over public networks and the internet.
IKE
Explanation
IKE (Internet Key Exchange) is a protocol used in conjunction with IPSec to set up security associations (SAs) and negotiate encryption and authentication keys. While IKE is an important component of VPNs, it is not the method used to securely traverse data packets over public networks and the internet.
Overall explanation
3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
The network engineers have used a virtual private network (VPN) to allow the internal networks of their branch offices to communicate securely over public networks and the Internet. VPNs provide encapsulation and encryption of data packets through a tunnel that traverses across unsecured networks to prevent tampering and eavesdropping.
Domain
3.0 Security Architecture
Question 61Skipped
What type of physical attack involves a malicious actor trying different possible combinations of codes or keys on security devices and door locks to gain unauthorized entry?
Correct answer
Brute force
Explanation
Brute force is the correct choice as it refers to a physical attack where an attacker systematically tries different combinations of codes or keys to gain unauthorized access. This method is time-consuming but can be effective in compromising security devices and door locks.
Shoulder surfing
Explanation
Shoulder surfing is not the correct choice for this question as it refers to a type of attack where an attacker observes a person entering their security code or key to gain unauthorized access. It does not involve systematically trying different combinations of codes or keys on security devices.
Tailgating
Explanation
Tailgating is not the correct choice for this question as it refers to a type of attack where an unauthorized person follows an authorized person into a secure area by closely walking behind them. It does not involve trying different combinations of codes or keys on security devices.
Dumpster diving
Explanation
Dumpster diving is not the correct choice for this question as it refers to a type of attack where an attacker searches through trash or recycling bins to find sensitive information that can be used for further attacks. It does not involve trying different combinations of codes or keys on security devices.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
A malicious actor trying different possible combinations of codes or keys on security devices and door locks to gain unauthorized entry is a brute force attack. It is a trial-and-error approach to systematically attempt to gain physical access through determination and persistence.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 62Skipped
What phase of the incident response plan is being conducted by a cybersecurity incident response team aimed at limiting the spread of malware which they have detected has broken out on their internal network?
Recovery
Explanation
Recovery is not the correct choice in this context. The recovery phase of the incident response plan focuses on restoring the affected systems to normal operation, recovering any lost data, and implementing measures to prevent similar incidents in the future. This phase comes after containment, eradication, and identification of the incident.
Correct answer
Containment
Explanation
Containment is the correct choice in this scenario as it involves the actions taken by the incident response team to prevent the spread of malware within the internal network. This phase focuses on isolating the affected systems, restricting access, and stopping the malware from causing further damage.
Identification
Explanation
Identification is not the correct choice in this situation. The identification phase of the incident response plan involves recognizing and confirming the presence of a security incident, determining the scope and impact of the incident, and gathering information to understand the nature of the threat.
Eradication
Explanation
Eradication is not the correct choice for this question. The eradication phase of the incident response plan involves removing the malware from the affected systems, cleaning up any remnants of the attack, and ensuring that the network is free from any malicious activity. This phase comes after containment.
Overall explanation
4.8 Explain appropriate incident response activities.
The containment phase of the incident response plan would aim at limiting the spread of malware that has been detected to have broken out of the internal network. This phase aims at limiting the spread and impact of the incident by isolating the affected systems. It provides time for the security teams to run investigations and perform remediation and recovery actions.
Domain
4.0 Security Operations
Question 63Skipped
What would most likely be the reason the security team would be able to detect the presence of a script that appears to gather sensitive data and transmit it to an unknown external IP address?
Correct answer
The script’s activity matches known indicators of malicious behavior
Explanation
The detection of the script gathering sensitive data and transmitting it to an unknown external IP address is most likely based on the script’s activity matching known indicators of malicious behavior. By identifying specific behaviors that align with common tactics used by attackers, the security team can effectively detect and respond to potential threats.
Trial and error detection
Explanation
Relying on trial and error detection methods can be time-consuming, inefficient, and ineffective in identifying and responding to security threats. It is crucial for the security team to have a more structured and proactive approach based on known indicators of malicious behavior.
All running scripts are taken as malicious
Explanation
Assuming all running scripts are malicious without any evidence or indicators would be an unreasonable and impractical approach for the security team. It is important to base detection on specific behaviors and indicators rather than a blanket assumption.
The security team have integrated ChatGPT to their detection system
Explanation
Integrating ChatGPT, an AI language model, into the detection system may not directly contribute to detecting scripts gathering sensitive data and transmitting it to unknown external IP addresses. While AI technologies can enhance security capabilities, they are typically used for specific tasks and may not be directly related to identifying malicious script activities.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
The security team would most likely be able to detect the presence of a script that appears to gather sensitive data and transmit it to an unknown external IP address because the script’s activity matches known indicators of malicious behavior. The script’s behavior could be detected as anomalous, could be resembling previously known anomalies, or could already be defined in a signature database of malicious activity**.**
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 64Skipped
A university student has received an email from an unknown source with an attachment of their course summary notes that appears to be harmless. When the student opens the attachment, a malicious program is activated. What type of malware does this attack represent?
Virus
Explanation
A virus is a type of malware that can replicate itself and spread to other files or systems. It typically requires user interaction to spread, such as opening an infected file or program. In this scenario, the student received an email with an attachment, but the virus would need to be executed by the user to infect the system, which is not the case here.
Keylogger
Explanation
A keylogger is a type of malware that records keystrokes on a computer, allowing attackers to capture sensitive information such as passwords and credit card numbers. While keyloggers can be delivered through email attachments, the behavior described in the scenario, where a malicious program is activated upon opening the attachment, is not consistent with a keylogger.
Rootkit
Explanation
A rootkit is a type of malware that is designed to conceal its presence on a system, often giving attackers privileged access and control over the infected machine. While rootkits can be delivered through email attachments, the scenario described focuses on the activation of a malicious program upon opening the attachment, which is more indicative of a Trojan than a rootkit.
Correct answer
Trojan
Explanation
A Trojan is a type of malware that disguises itself as legitimate software to trick users into executing it. Once activated, Trojans can perform various malicious activities, such as stealing data, spying on users, or providing backdoor access to the system. In this scenario, the student unknowingly activates a malicious program by opening the attachment, which aligns with the behavior of a Trojan.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
The university student has been attacked by a trojan. A trojan is a type of malware that poses as a legitimate application but on the other hand, performs malicious actions behind the scenes. They are named after the Trojan Horse used in ancient Greece by the Greeks in the Trojan War to infiltrate the city of Troy. Greek soldiers hid inside a deceptive wooden horse that was presented to Troy in what seemed to be a present symbolizing a sign of peace to end the war. However, when the city of Troy fell asleep, the Greek soldiers led by Achilles came out and burnt the city of Troy down. A Trojan malware behaves in such a way to deceive users that they are harmless while they cause significant damage.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 65Skipped
What is the most effective strategy that should be used by the legal team at a company to protect its legal documents that comprise confidential client data, case files, and contracts?
Implementation of a public cloud storage solution
Explanation
Implementation of a public cloud storage solution may expose the legal documents to potential security risks and unauthorized access. Public cloud storage solutions may not provide the necessary level of security and control required to protect confidential client data, case files, and contracts.
Allowing access to legal data from the personal devices
Explanation
Allowing access to legal data from personal devices may increase the risk of data exposure and security breaches. Personal devices may not have the necessary security measures in place to protect confidential client data, case files, and contracts. Restricting access to authorized devices can help mitigate the risk of data loss and unauthorized access.
Open sharing of legal information within the organization
Explanation
Open sharing of legal information within the organization can compromise the confidentiality and integrity of the legal documents. Legal documents containing confidential client data, case files, and contracts should be restricted to authorized personnel only to prevent unauthorized access and data breaches.
Correct answer
Strong encryption for data at rest and in transit
Explanation
Strong encryption for data at rest and in transit is the most effective strategy to protect legal documents comprising confidential client data, case files, and contracts. Encryption ensures that the data is secure and unreadable to unauthorized users, providing an additional layer of protection against data breaches and unauthorized access.
Overall explanation
3.3 Compare and contrast concepts and strategies to protect data.
Strong encryption for data at rest and in transit is the most effective strategy that should be used by the legal team at a company to protect its legal documents. In the event an unauthorized attacker manages to break security and transfer the stored data to their location or intercept the data as it is being transferred across a network, they will not be able to understand what the data means.
Domain
3.0 Security Architecture
Question 66Skipped
On Saturday a full backup of a database was taken. On Sunday, a backup of all the data that had changed from Saturday was taken. On Monday, a backup of all the data that had changed from Saturday was taken. On Tuesday, a full backup of the database was performed. On Wednesday, a backup of all the data that had changed from Tuesday was taken. On Thursday, a backup of all the data that had changed from Tuesday was taken. What backup technique is this?
Incremental
Explanation
Incremental backups only capture changes made since the last backup, whether it was a full or incremental backup. In this scenario, the backups taken on Monday, and Thursday do not adhere to the incremental backup strategy.
Full
Explanation
Full backups involve backing up all data in the database every time the backup is performed. While the backups on Saturday and Tuesday are full backups, the backups on Sunday, Monday, Wednesday and Thursday do not follow the full backup approach.
Snapshot
Explanation
Snapshots create a point-in-time copy of the database, capturing the entire state at that moment. The backups taken in this scenario do not align with the snapshot methodology as they focus on capturing changed data since specific full backup points.
Correct answer
Differential
Explanation
Differential backups capture all changes made since the last full backup, which is the case for the backups taken on Sunday, Monday, Wednesday and Thursday in this scenario. This aligns with the differential backup technique.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
A differential backup performs a backup of all the data that has been created or modified since the last full backup. The archive bit is not cleared for differential backups. The archive indicates if the file has been archived or backed up. When the archive bit is on, it means that the file has changed since the last backup, giving an indication to back it up. When the archive bit is off, it means that the file has not changed since the last backup, giving an indication to not back it up.
Domain
3.0 Security Architecture
Question 67Skipped
The physical security team at a cloud service enterprise is considering the implementation of security measures to detect unauthorized physical access to a data center that houses their critical servers. Which technology can they employ that is aligned with proximity detection?
Infrared cameras
Explanation
Infrared cameras are used for capturing images in low light or dark environments by detecting infrared radiation. While they can be used for surveillance purposes, they are not directly aligned with proximity detection as they do not specifically detect physical access to a data center.
Pressure sensors
Explanation
Pressure sensors are designed to detect changes in pressure or force applied to a surface. While they can be used for various applications, including security systems, they are not typically used for proximity detection. As such, they may not be the most suitable technology for detecting unauthorized physical access to a data center.
Magnetic stripe readers
Explanation
Magnetic stripe readers are typically used for access control systems that require users to swipe a magnetic card for authentication. While they can be effective for controlling access to specific areas, they are not specifically designed for proximity detection and may not be the best choice for detecting unauthorized physical access to a data center.
Correct answer
Ultrasonic sensors
Explanation
Ultrasonic sensors use sound waves to detect the presence or proximity of objects. They are commonly used for proximity detection in various security systems, making them a suitable technology for detecting unauthorized physical access to a data center housing critical servers.
Overall explanation
1.2 Summarize fundamental security concepts.
The physical security team can employ ultrasonic sensors to detect unauthorized physical access through proximity detection. Ultrasonic sensors emit high-frequency waves beyond the human audible range which bounce off objects and return to the sensor to indicate the presence of the object. The distance of the object can be determined by the time taken for the wave to travel to the object and reflect back to the sensor.
Domain
1.0 General Security Concepts
Question 68Skipped
A malicious attacker sits at a corner in a public library that provides free Wi-Fi and intercepts the wireless communication of the individuals’ devices connected to the hotspot to collect login credentials and personal data. What attack has the attacker performed?
De-authentication
Explanation
De-authentication is not the correct choice in this scenario. De-authentication involves forcefully disconnecting a user from a network, which is different from intercepting and collecting data as in the described attack.
Evil twin
Explanation
Evil twin is not the correct choice in this context. An evil twin attack involves creating a fake Wi-Fi access point to trick users into connecting to it, but it does not involve intercepting and collecting data from legitimate users connected to a public hotspot.
Correct answer
Eavesdropping
Explanation
Eavesdropping is the correct choice because the attacker is intercepting wireless communication to collect sensitive information without the knowledge or consent of the individuals involved. This type of attack is commonly used to steal login credentials and personal data.
Rogue access point
Explanation
Rogue access point is not the correct choice in this situation. A rogue access point is an unauthorized wireless access point that has been installed on a network without explicit authorization, but it does not necessarily involve intercepting and collecting data from connected devices as described in the scenario.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
An eavesdropping attack on a Wi-Fi network involves intercepting the wireless communication of the individuals’ devices connected to the hotspot. The attacker listens in on the wireless traffic and can capture sensitive information such as login credentials and personal data courtesy of successful exploits.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 69Skipped
A cybersecurity investigator is reviewing log data to trace the activities of a suspected malicious insider after an incident occurred involving data alteration. Which logs could provide the necessary metadata for the investigation?
Correct answer
Application logs with login and access information
Explanation
Application logs with login and access information can provide valuable metadata for the investigation, such as timestamps of user logins, accessed files, and actions taken within the application. This information can help trace the activities of the suspected malicious insider and identify any unauthorized alterations to data.
Endpoint logs from all user workstations
Explanation
Endpoint logs from all user workstations may provide information on user activities and system events, but they may not necessarily contain the specific metadata needed to trace the activities of the suspected malicious insider after a data alteration incident. These logs can be useful for monitoring user behavior and identifying potential security incidents on individual workstations.
IDS logs with information on detected threats
Explanation
IDS logs with information on detected threats can be useful for identifying and responding to security incidents, but they may not contain the specific metadata needed to trace the activities of a suspected malicious insider after a data alteration incident. IDS logs typically focus on detecting and alerting on potential threats and may not provide detailed information on user actions or data alterations within the network.
Firewall logs with details on network activity
Explanation
Firewall logs with details on network activity can be helpful in detecting and preventing network-based attacks, but they may not contain the detailed metadata required to trace the activities of a suspected malicious insider after a data alteration incident. While firewall logs can provide information on network connections and traffic, they may not capture user-specific actions within applications or systems.
Overall explanation
4.9 Given a scenario, use data sources to support an investigation.
Application logs with login and access information could provide the necessary metadata for the investigation of the incident that occurred involving data alteration. Information such as the time of login, access events, associated timestamps, and other user activities within the applications are crucial for investigating potential malicious insiders.
Domain
4.0 Security Operations
Question 70Skipped
Which of the following vulnerabilities associated with a group of employees using their mobile devices to connect to public Wi-Fi during their frequent work-related travels raises the most concern?
Hardware defects
Explanation
Hardware defects may pose a risk to the security of mobile devices, but they are not directly related to the vulnerability of connecting to public Wi-Fi. While hardware defects can lead to other security issues, the lack of encryption on public Wi-Fi networks presents a more immediate threat to data security.
Correct answer
Lack of encryption
Explanation
Lack of encryption on public Wi-Fi networks is a significant vulnerability as it exposes data transmitted between devices and the network to potential interception by malicious actors. Without encryption, sensitive information such as login credentials, financial data, and company information can be easily accessed by unauthorized parties.
Unauthorized app usage
Explanation
Unauthorized app usage is a concern in terms of security, but it is not directly related to the vulnerability of connecting to public Wi-Fi. While unauthorized apps can pose risks, the lack of encryption on public Wi-Fi networks is a more immediate concern for data security.
Unscheduled backups
Explanation
Unscheduled backups are important for data protection and recovery, but they are not directly related to the vulnerability of connecting to public Wi-Fi. While backups are crucial for data security, the lack of encryption on public Wi-Fi networks poses a more immediate risk to the confidentiality and integrity of data transmitted over the network.
Overall explanation
2.3 Explain various types of vulnerabilities.
The biggest concern related to a group of employees using their mobile devices to connect to public Wi-Fi during their frequent work-related travels is a lack of encryption. If the device is lost or stolen, the data on the device will not get into the wrong hands because it is encrypted and can only be read by the one with the decryption key.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 71Skipped
Which access control model should the security administrator at a highly classified government facility with strict access control policies in place use to ensure that only the individuals with the highest security clearance can access specific sensitive documents on a secured server storage location?
Rule-based access control
Explanation
Rule-based access control (RBAC) enforces access control policies based on predefined rules set by the system administrator. While it can be effective in enforcing specific access rules, it may not provide the level of granularity and control needed to ensure that only individuals with the highest security clearance can access sensitive documents in a highly classified government facility.
Discretionary access control
Explanation
Discretionary access control (DAC) allows users to determine who can access their resources and what level of access they have. In a highly classified government facility with strict access control policies, relying on individual users to make access decisions may not provide the necessary level of security to ensure that only individuals with the highest security clearance can access sensitive documents.
Role-based access control
Explanation
Role-based access control (RBAC) assigns permissions to users based on their roles within an organization. While it can be effective in managing access to resources based on job responsibilities, it may not be suitable for ensuring that only individuals with the highest security clearance can access specific sensitive documents in a highly classified government facility.
Correct answer
Mandatory access control
Explanation
Mandatory access control (MAC) is the most appropriate access control model for a highly classified government facility with strict access control policies. In a MAC model, access decisions are determined by the system administrator based on security labels and security clearances. This ensures that only individuals with the highest security clearance can access specific sensitive documents on a secured server storage location.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
The security administrator should use a mandatory access control (MAC) model to ensure only the individuals with the highest security clearance can access specific sensitive documents on a secured server storage location. With MAC, access controls are enforced using policies based on pre-defined rules and security labels. It enforces the need-to-know principle to ensure that only authorized users can access specific resources.
Domain
4.0 Security Operations
Question 72Skipped
How can the cybersecurity unit at a financial institution ensure security and user convenience for the two-factor authentication mechanism they have set for employee access to sensitive financial data?
Creating a two-factor authentication procedure
Explanation
Establishing a comprehensive two-factor authentication procedure may provide guidance on implementing security and user convenience, however the soft tokens on a mobile application are the practical and effective solution for implementing the security measure.
Hard tokens disbursed to all employees
Explanation
Hard tokens disbursed to all employees can be a secure option for two-factor authentication, but they may not be as convenient as other methods. Soft tokens on mobile applications can provide a similar level of security with more convenience for users.
Single factor authentication for convenience
Explanation
Single factor authentication for convenience would not ensure the necessary security for accessing sensitive financial data. Two-factor authentication is essential for adding an extra layer of security beyond just a password.
Correct answer
Soft tokens available on a mobile application
Explanation
Soft tokens available on a mobile application are a secure and convenient option for implementing two-factor authentication. Employees can easily access the tokens on their mobile devices, adding an extra layer of security without the need for physical tokens.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
The cybersecurity unit can ensure security and user convenience for the two-factor authentication mechanism they have set up by using soft tokens available on a mobile application. They are generally seen to be more user-friendly in comparison to the physical hardware tokens.
Domain
4.0 Security Operations
Question 73Skipped
An attacker has managed to bypass security controls and gain unauthorized access to a web application by manipulating the HTTP request headers and altering the referrer field to make it look like the request is coming from a trusted internal source. What type of attack has been conducted?
Injection
Explanation
Injection attacks involve inserting malicious code or data into an application to manipulate its behavior. In this scenario, the attacker did not inject any code or data into the application; instead, they manipulated the HTTP request headers, making it different from a typical injection attack.
HTTP Injection
Explanation
HTTP Injection is not a recognized term in the context of security attacks. While the attacker did manipulate the HTTP request headers, the term "HTTP Injection" does not accurately describe the type of attack that occurred in this scenario.
Correct answer
CSRF
Explanation
Cross-Site Request Forgery (CSRF) attacks involve tricking a user into unknowingly executing actions on a web application in which they are authenticated. In this scenario, the attacker manipulated the referrer field in the HTTP request headers to make it appear as if the request came from a trusted source, which aligns with the characteristics of a CSRF attack.
XSS
Explanation
Cross-Site Scripting (XSS) attacks involve injecting malicious scripts into a web application to execute in the browsers of other users. In this scenario, the attacker did not inject scripts into the application; they manipulated the HTTP request headers to impersonate a trusted source, making it different from an XSS attack.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
The attacker has conducted a cross-site request forgery (CSRF) attack on the web application. CSRF attacks trick a user into unknowingly performing an unintended action on a different website or web application where they are authenticated. The attack manipulates the trust relation between the website and the user’s browser by sending malicious requests on behalf of the user. The attacks are prevented by using unique tokens and secure authentication mechanisms.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 74Skipped
Which protocol can two users who want to securely communicate use to share an encryption key over an untrusted network?
Twofish
Explanation
Twofish is a symmetric encryption algorithm used for data encryption, but it is not specifically designed for securely sharing encryption keys over an untrusted network. While Twofish can provide secure encryption of data, it does not offer a key exchange mechanism like Diffie-Hellman for securely sharing encryption keys between users.
Correct answer
Diffie-Hellman
Explanation
Diffie-Hellman is a key exchange protocol that allows two parties to securely generate a shared encryption key over an untrusted network. It enables secure communication by allowing users to establish a shared secret key without transmitting the key itself, making it a suitable choice for securely sharing encryption keys.
MD5
Explanation
MD5 (Message Digest Algorithm 5) is a cryptographic hash function used for data integrity and verification, but it is not suitable for securely sharing encryption keys. MD5 is considered to be weak and vulnerable to collision attacks, making it unsuitable for key exchange.
DES
Explanation
DES (Data Encryption Standard) is a symmetric encryption algorithm used for encrypting and decrypting data, but it is not specifically designed for securely sharing encryption keys over an untrusted network. It is more focused on data encryption itself rather than key exchange.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
Two users who want to securely communicate can use Diffie-Hellman to share an encryption key over an untrusted network. It was developed by Whitfield Diffie and Martin Hellman in 1976. It is based upon the discrete logarithm problem that allows both parties to generate a public-private key pair, exchange their public keys which can be intercepted without issues, and use the exchanged public keys to compute the shared secret key. Other key exchange algorithms are Rivest–Shamir–Adleman (RSA) and Elliptic-curve cryptography (ECC).
Domain
1.0 General Security Concepts
Question 75Skipped
Which security mechanism should a financial institution handling a significant volume of daily electronic transactions consider implementing to ensure the integrity and authentication of these transactions?
Salting
Explanation
Salting is a technique used to add random data to a password before hashing it to make it more secure. While salting is important for password security, it is not directly related to ensuring the integrity and authentication of electronic transactions in a financial institution.
Hashing
Explanation
Hashing is important for data integrity but may not be sufficient for authenticating electronic transactions in a financial institution. While hashing can detect changes to the data, it does not provide the same level of authentication and non-repudiation as digital signatures.
Correct answer
Digital signatures
Explanation
Digital signatures are crucial for ensuring the integrity and authentication of electronic transactions. They provide a way to verify the origin and authenticity of the transaction by using cryptographic techniques to sign the transaction data. This helps prevent tampering and unauthorized modifications to the transaction.
Key stretching
Explanation
Key stretching is a technique used to make cryptographic keys more secure by increasing the time it takes to generate the key. While key stretching is important for key security, it is not specifically designed to ensure the integrity and authentication of electronic transactions in a financial institution.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
A financial institution should consider implementing digital signatures to ensure the integrity and authentication of the transactions it handles. Digital signatures provide a means of verifying that the sender is who they claim to be or in other words authenticating the sender of the message. They also provide integrity checks to validate that the message has not been altered during the transmission, which is crucial for financial transactions. Digital signatures use asymmetric encryption. The sender or owner of the digital signature will encrypt their identity with their private key. Since only the public key of the sender is the key that can decrypt the information, it means that the identity of the sender can be verified or authenticated if the receiver can decrypt the identity information successfully by using the sender’s public key which is available publicly. Furthermore, it is only the sender who has access to the private key that could have encrypted the identity unless the key was compromised. To prove integrity, a hash of the message is likewise encrypted by the sender with their identity information. On the receiver’s end, the hash of the message shall be recomputed. If the hash is the same as that decrypted from the sender’s information, it proves there was no alteration.
Domain
1.0 General Security Concepts
Question 76Skipped
A security administrator decides to use industry-standard benchmarks as a reference for assessing the security posture of their organization’s servers. What is the role of the benchmarks in the assessment?
Identification of unpatched servers
Explanation
The identification of unpatched servers is an important aspect of server security, but it is not the primary role of industry-standard benchmarks. Benchmarks focus on evaluating security settings and configurations to ensure compliance with industry best practices, rather than specifically identifying unpatched servers.
Correct answer
Establishing a baseline for the security settings of the servers
Explanation
Industry-standard benchmarks serve as a reference point for establishing a baseline of security settings on servers. By comparing the current security configurations against these benchmarks, the security administrator can identify areas that need improvement and ensure that the servers meet industry best practices for security.
Determination of server resource utilization
Explanation
Determining server resource utilization is essential for optimizing server performance and capacity planning, but it is not the primary purpose of industry-standard benchmarks used for security assessments. These benchmarks are specifically designed to evaluate security settings and configurations to ensure that servers are configured securely according to industry standards.
Measurements of server hardware performance metrics
Explanation
While server hardware performance metrics are important for monitoring and optimizing server performance, they are not the primary focus of industry-standard benchmarks used for security assessments. These benchmarks are specifically designed to evaluate security settings and configurations, rather than hardware performance.
Overall explanation
4.4 Explain security alerting and monitoring concepts and tools.
Establishing a baseline for the security settings of the servers is the role of the benchmarks in the assessment of the security posture of the servers**.** The benchmarks provide best practices and guidelines for implementing secure configurations to the servers. They encompass various aspects such as access controls, authentication, firewall rules, software settings, etc.
Domain
4.0 Security Operations
Question 77Skipped
A medium-sized accounting firm has identified a critical business process related to client data handling as it conducts a business impact analysis (BIA). What is the objective of including this process in the BIA given that if it is disrupted could result in significant financial loss and reputational damage?
Estimation of financial losses
Explanation
Estimating financial losses is an important part of the BIA process, but the main objective of including the critical business process related to client data handling in the BIA is not just to quantify the potential financial impact. It is more about prioritizing the recovery of the process to minimize financial losses.
Identification of potential threats
Explanation
While identifying potential threats is an important aspect of the business impact analysis (BIA), the objective of including the critical business process related to client data handling in the BIA is not solely to identify threats but to assess the impact of disruptions on the organization.
Establishment of an offsite backup facility
Explanation
Establishing an offsite backup facility is a good practice for business continuity and disaster recovery planning, but the objective of including the critical business process related to client data handling in the BIA is not specifically about setting up backup facilities. It is more about understanding the criticality of the process and prioritizing its recovery.
Correct answer
Prioritization of the recovery of the business process
Explanation
The main objective of including the critical business process related to client data handling in the BIA is to prioritize the recovery of this process. This is crucial because if this process is disrupted, it could lead to significant financial loss and reputational damage for the accounting firm. Prioritizing the recovery of this process ensures that the firm can minimize the impact of any potential disruptions.
Overall explanation
5.2 Explain elements of the risk management process.
The objective of including the critical business process related to client data handling in the business impact analysis (BIA) is for the prioritization of the recovery of the business process. The BIA assists organizations in identifying and categorizing the critical business processes that should be prioritized to ensure continuity of services and business operations in the event of a disruption or disaster. These processes have a direct impact on revenue generation, customer service, and regulatory compliance.
Domain
5.0 Security Program Management and Oversight
Question 78Skipped
What is the role of version control in the change management process involving a change to the network configurations to enhance security?
Speeding up the deployment
Explanation
While version control can help in maintaining consistency and accuracy in deployment processes, its primary role in the change management process is to track and manage changes rather than speeding up deployment. Speeding up deployment is more related to automation and efficient deployment strategies.
Ensuring that the changes are approved
Explanation
Version control primarily focuses on tracking and managing changes to files, code, or configurations. While ensuring that changes are approved is an important aspect of change management, it is not the primary role of version control in this context.
Securing the network from external threats
Explanation
Securing the network from external threats is a critical aspect of network security but is not directly related to the role of version control in the change management process. Version control is more about tracking and managing changes to configurations rather than securing the network itself.
Correct answer
Tracking and managing changes
Explanation
Tracking and managing changes is the main role of version control in the change management process. Version control systems allow for the recording of changes made to network configurations, providing a history of modifications, and enabling the ability to revert to previous versions if needed.
Overall explanation
1.3 Explain the importance of change management processes and the impact to security.
The role of version control in the change management process involving a change to the network configurations is tracking and managing changes. The IT team can maintain a record of the changes for review and possible rollback to previous configurations if need be.
Domain
1.0 General Security Concepts
Question 79Skipped
Which of the following techniques best suits an information technology firm that wants to assess its web application’s security with a comprehensive and real-time analysis?
Correct answer
Dynamic analysis
Explanation
Dynamic analysis involves testing a web application while it is running to identify security vulnerabilities in real-time. This technique can provide a comprehensive assessment of a web application’s security posture by actively interacting with the application and identifying vulnerabilities as they occur.
Bug bounty program
Explanation
Bug bounty programs involve inviting external security researchers to find vulnerabilities in a web application in exchange for monetary rewards. While bug bounty programs can be effective in identifying security issues, they may not provide real-time analysis or comprehensive coverage of all potential vulnerabilities.
Static analysis
Explanation
Static analysis involves analyzing the source code or compiled code of a web application without actually executing the application. While static analysis can identify certain types of security issues, it may not provide real-time analysis or comprehensive coverage of all potential vulnerabilities in a web application.
Risk assessment
Explanation
Risk assessment involves identifying, analyzing, and evaluating potential risks to an organization’s assets, including web applications. While risk assessment is an important component of overall security management, it may not provide the real-time and comprehensive analysis needed to assess the security of a web application in detail.
Overall explanation
4.3 Explain various activities associated with vulnerability management.
Dynamic analysis is best suited to provide a comprehensive and real-time assessment of a web application’s security. It is also known as dynamic application security testing (DAST). The security of the web application is tested while it is up and running in the live environment. Scanning in real-time is performed to identify vulnerabilities, validation flaws, authentication issues, etc.
Domain
4.0 Security Operations
Question 80Skipped
What is the most likely cause of significant spikes in CPU and memory utilization noticed by a network administrator during non-peak hours on a critical server hosting sensitive data and applications without any scheduled or authorized maintenance?
Automatic updates
Explanation
Automatic updates typically occur during non-peak hours to minimize disruption to users. While they can cause spikes in CPU and memory utilization, they are usually scheduled and authorized, unlike the scenario described in the question.
Vulnerability scanning
Explanation
Vulnerability scanning is a proactive security measure to identify weaknesses in a system. While vulnerability scanning can consume CPU and memory resources, it is typically scheduled and authorized. Unauthorized vulnerability scanning may indicate potential malicious activity rather than a routine security measure.
Disk partitioning
Explanation
Disk partitioning involves dividing a physical disk into multiple logical partitions. While disk partitioning can impact storage performance, it is unlikely to cause significant spikes in CPU and memory utilization on a server during non-peak hours without any scheduled maintenance.
Correct answer
Potential malicious activity
Explanation
Potential malicious activity, such as a malware infection or a cyber attack, can lead to significant spikes in CPU and memory utilization on a server hosting sensitive data and applications. This unauthorized activity should be investigated immediately to prevent further damage.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
The most likely cause of significant spikes in CPU and memory utilization during non-peak hours on a critical server without any scheduled or authorized maintenance is potential malicious activity. Timely identification of such activity is a fundamental aspect of threat detection and cybersecurity monitoring to enable organizations to proactively respond to security incidents.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 81Skipped
What risk analysis methodology is a financial institution assessing the risks associated with a potential data breach most likely to use for data gathered on the financial impact and likelihood of such an event occurring?
Ad hoc
Explanation
Ad hoc risk analysis methodology is characterized by being informal, spontaneous, and lacking a structured approach. It may not be suitable for a financial institution to assess the risks associated with a potential data breach as it may not provide a comprehensive and systematic analysis of the financial impact and likelihood of such an event.
Correct answer
Quantitative
Explanation
Quantitative risk analysis methodology involves the use of numerical data and calculations to assess risks, such as financial impact and likelihood, based on measurable factors. This methodology is most likely to be used by a financial institution to assess the risks associated with a potential data breach as it provides a more precise and quantitative assessment.
Recurring
Explanation
Recurring risk analysis methodology involves conducting risk assessments at regular intervals to monitor changes, trends, and new risks. While recurring assessments are important for ongoing risk management, they may not be the most suitable for a financial institution to assess the risks associated with a potential data breach based on the financial impact and likelihood of such an event occurring.
Qualitative
Explanation
Qualitative risk analysis methodology focuses on subjective assessments of risks based on opinions, judgments, and experiences. It may not provide the level of detail and accuracy needed for a financial institution to assess the financial impact and likelihood of a data breach accurately.
Overall explanation
5.2 Explain elements of the risk management process.
The financial institution assessing the risks associated with a potential data breach will most likely use a quantitative risk analysis methodology to analyze data gathered on the financial impact and likelihood of such a breach occurring. The risks are quantified in a numerical manner. Monetary values are assigned to the risks to allow organizations to manage, prioritize, and allocate risk mitigation resources to them effectively.
Domain
5.0 Security Program Management and Oversight
Question 82Skipped
What is the most effective risk mitigation strategy a medium-sized software development company may apply to the risk involving the unintentional inclusion of vulnerabilities in their final product due to coding and testing in a rush?
Outsourcing the software development
Explanation
Outsourcing the software development may introduce additional risks, such as lack of control over the development process, communication challenges, and potential security vulnerabilities in the outsourced code. It does not directly address the risk of unintentional inclusion of vulnerabilities due to rushing through coding and testing.
Meeting the project deadlines through expedited coding and testing
Explanation
Meeting project deadlines through expedited coding and testing is the root cause of the risk involving the unintentional inclusion of vulnerabilities. Rushing through the development process increases the likelihood of overlooking security best practices and introducing vulnerabilities. It is not an effective risk mitigation strategy.
Correct answer
Comprehensive code review before release
Explanation
Comprehensive code review before release is the most effective risk mitigation strategy for addressing the unintentional inclusion of vulnerabilities due to rushing through coding and testing. Code reviews help identify and fix security vulnerabilities, coding errors, and implementation issues before the final product is released, ensuring a more secure and reliable software product.
Reduced frequency of software releases
Explanation
Reducing the frequency of software releases may help alleviate time pressure and allow for more thorough testing and code review. However, it does not directly address the root cause of the risk involving the unintentional inclusion of vulnerabilities due to rushing through coding and testing. Comprehensive code review and proper testing processes are more effective in mitigating this risk.
Overall explanation
5.2 Explain elements of the risk management process.
The most effective risk mitigation strategy that may be applied to the risk involving the unintentional inclusion of vulnerabilities due to coding and testing in a rush is a comprehensive code review before release. The vulnerabilities shall be identified and remediated before a potential inclusion into the final product, so the code adheres to predefined standards and best practices. Likewise, the quality of the code is improved.
Domain
5.0 Security Program Management and Oversight
Question 83Skipped
What does an organization that has set up network segmentation to enhance its network security aim to achieve?
Reduced network latency periods via separation
Explanation
Network segmentation is not primarily aimed at reducing network latency periods. While it can indirectly improve network performance by isolating network traffic, the main goal is to enhance security by isolating different parts of the network.
Correct answer
Reduced attack surface via isolation
Explanation
The main objective of setting up network segmentation is to reduce the attack surface by isolating different parts of the network. By segmenting the network, organizations can contain and mitigate the impact of security incidents, limiting the potential for lateral movement by attackers.
Optimization of network bandwidth usage
Explanation
While network segmentation can indirectly optimize network bandwidth usage by controlling and prioritizing traffic flow, the primary goal is to enhance security by isolating critical network resources and reducing the attack surface.
Consolidation of all network resources at a single point
Explanation
Network segmentation does not involve consolidating all network resources at a single point. On the contrary, it involves dividing the network into smaller, isolated segments to prevent unauthorized access and limit the impact of security breaches.
Overall explanation
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
An organization that has set up network segmentation aims to achieve a reduced attack surface via isolation. This helps to limit potential lateral movements by attackers across the network and contain possible breaches,
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 84Skipped
A user is attempting to connect a personal device that does not meet the security compliance standards, to the corporate network configured with network access control. What is expected to happen?
The controller will force compliance settings on the user’s device
Explanation
The controller cannot force compliance settings on the user’s device. It can only enforce the security compliance standards set for accessing the network.
The user’s device will be granted access to the network
Explanation
Granting access to a device that does not meet security compliance standards would pose a significant security risk to the corporate network. Therefore, the user’s device is not expected to be granted access.
The controller will shutdown the user’s device
Explanation
The controller does not have the capability to shut down the user’s device. Its primary function is to enforce security compliance standards and control network access based on those standards.
Correct answer
The user’s device will be blocked from accessing the network
Explanation
Network access control is designed to block devices that do not meet security compliance standards from accessing the network. This is to prevent potential security threats and protect the integrity of the corporate network.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
The user’s device will be blocked from accessing the network if an attempt is made to connect to the network without meeting the security compliance standards configured by the network access controller. Network access control (NAC) is designed to enforce security policies to make sure that only authorized devices that conform to the policies can access the corporate network and resources.
Domain
4.0 Security Operations
Question 85Skipped
Which of the following best describes the purpose of an organization that aims to enhance its cybersecurity posture by performing continuous risk assessments?
Understanding the risks related to software development
Explanation
While understanding the risks related to software development is important for overall security, the primary purpose of performing continuous risk assessments is not limited to software development alone. Continuous risk assessments encompass all aspects of an organization’s operations to identify and address cybersecurity risks.
Correct answer
Proactive identification and mitigation of emerging threats
Explanation
Performing continuous risk assessments allows an organization to proactively identify and mitigate emerging threats by regularly evaluating potential vulnerabilities and security gaps. This proactive approach helps enhance the organization’s cybersecurity posture and reduces the likelihood of successful cyber attacks.
To achieve annual security audit compliance
Explanation
The goal of continuous risk assessments is not solely to achieve annual security audit compliance. While compliance with security standards and regulations is important, the main purpose of continuous risk assessments is to actively improve the organization’s cybersecurity posture by identifying and addressing potential risks on an ongoing basis.
To reactively respond to incidents
Explanation
Reactively responding to incidents is not the primary purpose of performing continuous risk assessments. Continuous risk assessments aim to prevent security incidents by proactively identifying and addressing vulnerabilities before they can be exploited, rather than waiting for incidents to occur and reacting to them after the fact.
Overall explanation
5.2 Explain elements of the risk management process.
The purpose of an organization performing continuous risk assessments to enhance its cybersecurity posture is proactive identification and mitigation of emerging threats. The assessments extensively monitor the security landscape for evolving security threats so new attack vectors may be detected early for the development of strategies and countermeasures to mitigate them.
Domain
5.0 Security Program Management and Oversight
Question 86Skipped
What technique is most appropriate for an organization that wants to safeguard the data that is currently being used by their employees as they perform their daily work operations on their laptops and workstations?
Correct answer
Full disk encryption on all devices
Explanation
Full disk encryption on all devices is the most appropriate technique for safeguarding data that is currently being used by employees on their laptops and workstations. Full disk encryption ensures that all data stored on the device is encrypted, providing protection in case the device is lost or stolen. It helps prevent unauthorized access to sensitive information.
Robust access controls to enter the data center
Explanation
Robust access controls to enter the data center are essential for securing physical access to the data center itself, but they do not directly address the security of data being used on laptops and workstations by employees. Access controls are more relevant to securing the infrastructure rather than the data in use.
Installing intrusion detection systems on all devices
Explanation
Installing intrusion detection systems on all devices is important for detecting and responding to potential security threats, but it does not directly safeguard the data that is currently being used by employees on their laptops and workstations. Intrusion detection systems are more focused on monitoring network traffic and identifying suspicious activities.
Periodically backing up data to offsite locations
Explanation
Periodically backing up data to offsite locations is important for data protection, but it does not directly safeguard the data that is currently being used by employees on their laptops and workstations. It is more focused on disaster recovery and data loss prevention rather than real-time data security.
Overall explanation
3.3 Compare and contrast concepts and strategies to protect data.
The most appropriate technique for an organization that wants to safeguard the data used by their employees on their laptops and workstations is full disk encryption on all devices. If the device is lost or stolen, the one who got away with the device will not be able to decrypt the data on the device and make sense of it.
Domain
3.0 Security Architecture
Question 87Skipped
A radio station has decided to implement the Sender Policy Framework (SPF) to enhance their email security as they have been experiencing phishing attacks from cybercriminals targeting the listeners and followers of their radio station. How shall the SPF help them?
Correct answer
Authentication of the sender’s domain
Explanation
SPF helps authenticate the sender’s domain by checking if the IP address sending the email is authorized to send emails on behalf of that domain. This helps prevent email spoofing and enhances email security.
Filtering spam received from the sender
Explanation
SPF is not directly related to filtering spam. It is a protocol that helps prevent email spoofing by verifying the sender’s domain, rather than filtering spam emails.
Encrypting email traffic from the sender
Explanation
SPF does not involve encrypting email traffic from the sender. Its main function is to verify the authenticity of the sender’s domain to prevent email spoofing attacks.
Scan malicious attachments from the sender
Explanation
SPF does not scan or check for malicious attachments from the sender. Its primary purpose is to authenticate the sender’s domain to prevent email spoofing.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
The sender policy framework (SPF**)** can help the radio station with the authentication of the sender’s domain. The SPF verifies that the domain of the sender is the actual domain from which the email was sent. This helps to prevent spoofed email domains and phishing attacks.
Domain
4.0 Security Operations
Question 88Skipped
What is the responsibility of a data privacy officer (DPO) who has been appointed by an organization that operates in various countries and aims to properly safeguard the data it stores, processes, and transfers?
Developing a response plan for the case of data breaches
Explanation
Developing a response plan for data breaches is typically the responsibility of a cybersecurity incident response team or a Chief Information Security Officer (CISO). While a DPO may be involved in the response plan, it is not their primary responsibility.
Approving access permissions to the data
Explanation
Approving access permissions to the data is typically the responsibility of data owners, data custodians, or data stewards within an organization. While a DPO may provide guidance on data access controls to ensure compliance with privacy regulations, they are not directly responsible for approving access permissions.
Correct answer
Ensuring compliance with data privacy regulations
Explanation
Ensuring compliance with data privacy regulations is a key responsibility of a Data Privacy Officer (DPO). DPOs are responsible for ensuring that the organization complies with relevant data protection laws, regulations, and standards to safeguard the data it stores, processes, and transfers.
Implementing data loss protection
Explanation
Implementing data loss protection is a task that may fall under the responsibilities of a DPO, but it is not their primary responsibility. Data loss protection measures are typically implemented by IT security teams or data security specialists to prevent unauthorized access, disclosure, or loss of sensitive data.
Overall explanation
5.4 Summarize elements of effective security compliance.
The responsibility of a data privacy officer (DPO) who has been appointed by an organization that operates in various countries and aims to properly safeguard the data it stores, processes, and transfers is ensuring compliance with data privacy regulations. Compliance involves the implementation of sound policies and procedures, and technical controls to protect sensitive data from disclosure and breaches.
Domain
5.0 Security Program Management and Oversight
Question 89Skipped
A building construction company has decided to reject a project for the construction of a data center due to the potential high risks of earthquakes at the chosen site location that may result in financial and reputational losses to their firm if a disaster is to occur. What risk management strategy have they chosen?
Correct answer
Avoid
Explanation
Avoid is the correct risk management strategy in this scenario. By choosing to reject the project for the construction of a data center at a high-risk earthquake location, the company is proactively avoiding the potential financial and reputational losses that may result from a disaster.
Mitigate
Explanation
Mitigate involves taking actions to reduce the impact or likelihood of a risk occurring. In this case, the company is not taking steps to reduce the risk of earthquakes at the chosen site location but rather deciding to avoid the risk altogether by not proceeding with the project.
Transfer
Explanation
Transfer involves shifting the risk to another party, such as an insurance company, through contracts or agreements. In this scenario, the company is not transferring the risk of earthquakes to another party but rather choosing to handle it themselves by rejecting the project.
Accept
Explanation
Accept means acknowledging the risk and deciding to proceed with the project despite the potential consequences. In this scenario, the company is not accepting the risk of earthquakes but rather choosing to avoid it by rejecting the project.
Overall explanation
5.2 Explain elements of the risk management process.
The building construction company has chosen to avoid the risk by rejecting the project for the construction of a data center due to the potential high risks of earthquakes at the chosen site location. To prevent probable financial and reputational losses the company has intentionally decided to turn its eye away from the project and dodge all risks associated with it.
Domain
5.0 Security Program Management and Oversight
Question 90Skipped
What is the most likely consequence of a company failing to comply with the requirements of a contractual agreement with a client on the handling of confidential financial data?
An extension grant to comply
Explanation
An extension grant to comply is not a typical consequence of failing to comply with contractual agreements regarding the handling of confidential financial data. It is more likely that legal actions and penalties would be enforced instead of granting an extension.
A warning with no legal consequences
Explanation
A warning with no legal consequences is unlikely when it comes to failing to comply with contractual agreements related to confidential financial data. Legal actions and financial penalties are more common repercussions for such violations.
Correct answer
Legal actions and financial penalties outlined in the contract
Explanation
Legal actions and financial penalties outlined in the contract are the most likely consequences of a company failing to comply with the requirements of a contractual agreement with a client on the handling of confidential financial data. This choice accurately reflects the potential repercussions in such a scenario.
Non-compliance has no effect on the contract
Explanation
Non-compliance with contractual agreements regarding the handling of confidential financial data can have significant effects on the contract. It is unlikely that non-compliance would have no effect on the contract, as such breaches typically lead to legal actions and penalties.
Overall explanation
5.4 Summarize elements of effective security compliance.
Legal actions and financial penalties outlined in the contract are the most likely consequences of a company failing to comply with the requirements of a contractual agreement with a client on the handling of confidential financial data. When one party fails to comply with the contractual obligations, the course of action that may be taken because of the breach can be specified in the contract. Such provisions are included in contracts to ensure all parties fulfill their obligations.
Domain
5.0 Security Program Management and Oversight
