https://www.udemy.com/course/comptia-security-sy0-701-practice-tests/learn/quiz/6110442#content
CompTIA Security+ (SYO-701) – Results
Back to result overview
Attempt 1
All domains
- 90 all
- 0 correct
- 0 incorrect
- 90 skipped
- 0 marked
Collapse all questions
Question 1Skipped
The security team is receiving an overwhelming number of false positive alerts from an intrusion detection system that they have implemented to monitor network traffic making it difficult for them to identify genuine security threats. What should they do to reduce the false alarms while keeping the IDS effective?
Increase the sensitivity of the alerts
Explanation
Increasing the sensitivity of the alerts may lead to more false positives as the IDS will flag even minor deviations as potential threats, which can overwhelm the security team with unnecessary alerts.
Increase the number of sensors in the network
Explanation
Increasing the number of sensors in the network may provide more data for the IDS to analyze, but it may also increase the likelihood of false positives if the sensors are not properly configured or monitored. Simply adding more sensors without addressing the root cause of false alarms may not effectively reduce the number of false positives.
Correct answer
Disable alerts that are not critical
Explanation
Disabling alerts that are not critical will help reduce the number of false positives and allow the security team to focus on genuine security threats. This will make the IDS more effective in identifying and responding to actual security incidents.
Perform regular system updates
Explanation
Performing regular system updates is important for maintaining the security and functionality of the IDS, but it may not directly address the issue of false positive alerts. While updates can improve the overall performance of the system, they may not specifically reduce the number of false alarms.
Overall explanation
4.4 Explain security alerting and monitoring concepts and tools.
The security team should disable alerts that are not critical to reducing the number of false positive alerts from their intrusion detection system. The IDS may focus on more significant and relevant alerts as known alerts that produce false positives are suppressed. Efficient responses to genuine security threats may be exhibited.
Domain
4.0 Security Operations
Question 2Skipped
Which security measure should be implemented to enhance protection of cookies that are used to store user session information on an e-commerce website where the users are allowed to login and make purchases using their accounts?
Increase the expiration time
Explanation
Increasing the expiration time of the cookie may not necessarily enhance the protection of user session information. In fact, longer expiration times could increase the risk of unauthorized access to the user’s account if the cookie is compromised. It is generally recommended to keep cookie expiration times short for security reasons.
Correct answer
Implement the secure attribute
Explanation
Implementing the secure attribute ensures that the cookie can only be transmitted over secure HTTPS connections, adding an extra layer of protection to the user session information stored in the cookie. This helps prevent potential interception of sensitive data by malicious actors.
Disable the HttpOnly flag
Explanation
Disabling the HttpOnly flag would allow client-side scripts to access the cookie, potentially exposing sensitive user session information to cross-site scripting (XSS) attacks. Enabling the HttpOnly flag is a security best practice as it prevents client-side scripts from accessing the cookie, thereby enhancing the protection of user session data.
Set the domain attribute
Explanation
Setting the domain attribute specifies the domain(s) to which the cookie should be sent. While this attribute helps control the scope of where the cookie is sent, it does not directly impact the security of the cookie itself. Other security measures, such as implementing the secure attribute, are more effective in protecting user session information.
Overall explanation
4.1 Given a scenario, apply common security techniques to computing resources.
The e-commerce website administrators should implement the secure attribute to enhance the protection of cookies that are used to store user-session information. The attribute makes sure that the transmission of cookies will only be over secure connections (HTTPS) and not over unsecured HTTP connections. which reduces the risk of interception and eavesdropping.
Domain
4.0 Security Operations
Question 3Skipped
What type of governance structure applies to a technology consortium where multiple organizations collaborate in developing an open-source software project such that each organization has an equal say in the project decisions?
Autonomous
Explanation
An autonomous governance structure implies that each organization within the technology consortium operates independently and makes decisions without external influence. While autonomy is important in certain contexts, it would not be applicable to a collaborative open-source software project where the goal is to have equal representation and decision-making power among all participating organizations.
Hierarchical
Explanation
A hierarchical governance structure involves a clear chain of command and decision-making authority, with decisions flowing from top to bottom. This type of structure would not be suitable for a technology consortium where multiple organizations collaborate and each organization is intended to have an equal say in project decisions.
Centralized
Explanation
A centralized governance structure would not apply to a technology consortium where multiple organizations collaborate. In a centralized structure, decision-making authority is concentrated in a single entity or individual, which would not allow for each organization to have an equal say in project decisions.
Correct answer
Decentralized
Explanation
In a decentralized governance structure, each organization within the technology consortium has an equal say in project decisions. This allows for a more collaborative and democratic approach to managing the open-source software project, ensuring that all organizations are equally represented in the decision-making process.
Overall explanation
5.1 Summarize elements of effective security governance.
Multiple organizations collaborating in developing an open-source software project such that each organization has an equal say in the project decisions apply a decentralized governance structure. Decision-making authority is not centralized or concentrated at the top level. It is distributed among the organizations. The structure reduces bureaucracy, empowers smaller organizations, and promotes transparency and innovation.
Domain
5.0 Security Program Management and Oversight
Question 4Skipped
Robert and Roberto use a Public Key Infrastructure (PKI) to secure communication between them. Robert wants to send an encrypted email to Roberto. What key will each use?
Robert uses his private key to encrypt, and Roberto uses his public key to decrypt
Explanation
Using Robert’s private key to encrypt the email would not provide the necessary security in this scenario. If Robert’s private key were used for encryption, anyone with access to Roberto’s public key could decrypt the message, compromising the confidentiality of the communication.
Robert uses Roberto’s private key to encrypt, and Roberto uses his public key to decrypt
Explanation
Encrypting the email with Roberto’s private key would not provide the necessary security, as anyone with access to Roberto’s public key could decrypt the message. Additionally, Roberto using his public key to decrypt the message would not work, as the private key is needed for decryption in a PKI system.
Robert uses his private key to encrypt, and Roberto uses Robert’s public key to decrypt
Explanation
Encrypting the email with Robert’s private key would not be a secure method, as anyone with access to Robert’s public key could decrypt the message. Additionally, Roberto using Robert’s public key to decrypt the message would not work, as the private key is needed for decryption.
Correct answer
Robert uses Roberto’s public key to encrypt, and Roberto uses his private key to decrypt
Explanation
In a Public Key Infrastructure (PKI), Robert will use Roberto’s public key to encrypt the email, ensuring that only Roberto, who possesses the corresponding private key, can decrypt and read the message. This method ensures confidentiality and authenticity in the communication process.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
For Robert to send an encrypted email to Roberto, Robert uses Roberto’s public key to encrypt, and Roberto uses his private key to decrypt the email. In other words, if you take Robert as the sender and Roberto as the receiver. The sender shall encrypt the message they are sending with the public key of the receiver. The receiver shall decrypt the message they have received from the sender using their public key i.e., the receiver’s private key in this context.
Domain
1.0 General Security Concepts
Question 5Skipped
Which authentication protocol would be the most suitable to be implemented by a coffee shop setting up its Wi-Fi network security?
WEP
Explanation
WEP (Wired Equivalent Privacy) is an outdated and insecure authentication protocol that is easily cracked. It is not recommended for securing Wi-Fi networks, especially in a public setting like a coffee shop.
Dragonblood
Explanation
Dragonblood is not a suitable authentication protocol for a coffee shop setting up its Wi-Fi network security. Dragonblood is a set of vulnerabilities in the WPA3 protocol, not an authentication protocol itself.
Correct answer
WPA-Personal
Explanation
WPA-Personal (Wi-Fi Protected Access-Personal) is a suitable authentication protocol for a coffee shop setting up its Wi-Fi network security. It provides a level of security by using a pre-shared key (PSK) to authenticate users and encrypt data.
WPA-Enterprise
Explanation
WPA-Enterprise is a more advanced authentication protocol that uses a RADIUS server for authentication. While it offers higher security than WPA-Personal, it may be more complex and costly to implement, making it less suitable for a coffee shop setting.
Overall explanation
4.1 Given a scenario, apply common security techniques to computing resources.
Wi-Fi Protected Access, WPA-Personal would be the most suitable authentication protocol to be implemented by a coffee shop setting up its Wi-Fi network security. WPA can protect wireless networks by providing strong encryption and authentication mechanisms. The personal mode is designed to secure home and small office wireless networks. The authentication is via a pre-shared key (PSK), which is a password that users must enter to gain access to the network.
Domain
4.0 Security Operations
Question 6Skipped
What tool can be used by an individual with their personal computer in a home network to control which applications can communicate over the internet and which cannot?
Host-based intrusion prevention system
Explanation
A host-based intrusion prevention system (HIPS) is a security tool that monitors and analyzes network traffic for potential security threats. While it can help protect against unauthorized access and attacks, it does not specifically control which applications can communicate over the internet, making it an incorrect choice for this situation.
Forward proxy
Explanation
A forward proxy is a server that sits between a client and the internet, forwarding client requests to the internet. It does not provide the functionality needed to control which applications can communicate over the internet from an individual’s personal computer in a home network, so it is not the correct choice in this scenario.
Correct answer
Host-based firewall
Explanation
A host-based firewall is a software-based firewall that runs on an individual computer and can be used to control which applications are allowed to communicate over the internet and which are blocked. It provides granular control over network traffic and is the correct choice for an individual looking to control application communication on their personal computer in a home network.
Network address translator
Explanation
Network address translator (NAT) is a technology used to map private IP addresses to public IP addresses for communication over the internet. It does not control which applications can communicate over the internet and which cannot, so it is not the correct choice for this scenario.
Overall explanation
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
A host-based firewall can be used by an individual with their personal computer in a home network to control which applications can communicate over the internet and which cannot. The individual may define inbound and outbound network traffic rules on the device or application level. These firewalls offer granular control over the application communications and enhance the host’s security.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 7Skipped
What is the most effective way to ensure a new employee who has recently joined the IT department that has strict security policies to protect sensitive data understands and complies with the policies?
Providing printed handbook of the security policies
Explanation
Providing a printed handbook of security policies may be helpful as a reference guide, but it may not be the most effective way to ensure understanding and compliance, as employees may not thoroughly read or retain the information presented in a handbook.
Correct answer
Comprehensive onboarding training sessions
Explanation
Comprehensive onboarding training sessions are the most effective way to ensure that a new employee understands and complies with strict security policies. These sessions can provide detailed explanations, examples, and interactive activities to help the employee grasp the importance of the policies and how to adhere to them.
Sending periodic emails reminding them about the policies
Explanation
Sending periodic emails reminding employees about security policies can be a helpful reinforcement tool, but it may not be sufficient on its own to ensure full understanding and compliance. Employees may overlook or ignore these emails, leading to potential gaps in adherence to the policies.
The employee signing that they have read and understood the policies
Explanation
While having the employee sign a document stating they have read and understood the policies is a good practice for documentation purposes, it may not guarantee actual understanding or compliance. The employee could simply sign without fully comprehending the policies.
Overall explanation
5.6 Given a scenario, implement security awareness practices.
Comprehensive onboarding training sessions are the most effective way to ensure a new employee who has recently joined the IT department understands and complies with the policies. The sessions may deliver a broad understanding of the policies, their benefits, and practical steps to be taken to adapt quickly and comply or adhere to the policies.
Domain
5.0 Security Program Management and Oversight
Question 8Skipped
Which of the following authentication methods guarantees strong user authentication for network access within the Extensible Authentication Protocol (EAP) framework?
EAP-MD5
Explanation
EAP-MD5 (Message Digest 5) is not a strong authentication method within the EAP framework. It uses a weak hashing algorithm and is susceptible to various attacks, making it unsuitable for guaranteeing strong user authentication.
EAP-PAP
Explanation
EAP-PAP (Password Authentication Protocol) is not considered a strong authentication method within the EAP framework. It transmits passwords in plaintext, making it vulnerable to eavesdropping and unauthorized access.
Correct answer
EAP-TLS
Explanation
EAP-TLS (Transport Layer Security) is a strong authentication method within the EAP framework. It provides mutual authentication between the client and the server using digital certificates, ensuring a high level of security for network access.
EAP-LEAP
Explanation
EAP-LEAP (Lightweight Extensible Authentication Protocol) is not considered a strong authentication method within the EAP framework. It has known vulnerabilities and is not recommended for secure network access.
Overall explanation
3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) guarantees strong user authentication for network access within the Extensible Authentication Protocol (EAP) framework. EAP-TLS uses digital certificates to verify the identity of the server and the client in the communication and leverages transport layer security (TLS) to establish secure and encrypted communication channels.
Domain
3.0 Security Architecture
Question 9Skipped
A security analyst while analyzing logs notices an unusual pattern of a user accessing and retrieving data outside the regular logging intervals. What could this scenario be indicating?
Encryption of transmitted data
Explanation
Encryption of transmitted data is a security measure that protects data during transmission but does not directly relate to the scenario of unusual user access patterns detected in the logs. This choice is not a likely explanation for the observed behavior.
Correct answer
Unauthorized attempts to access data
Explanation
Unauthorized attempts to access data can manifest as irregular patterns of user activity, such as accessing and retrieving data outside normal logging intervals. This choice aligns with the suspicious behavior observed by the security analyst in the logs.
Backing up of data
Explanation
Backing up of data is a routine operation that should not cause irregular patterns of user access and data retrieval outside regular logging intervals. This choice is not a probable explanation for the scenario described in the question.
Routine system maintenance
Explanation
Routine system maintenance typically follows a predefined schedule and should not result in unusual patterns of user access and data retrieval outside regular logging intervals. This choice is not likely to explain the scenario described in the question.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
An unusual pattern of a user accessing and retrieving data outside the regular logging intervals could be indicating unauthorized attempts to access data. A security breach or attack could be in the midst which is a significant security concern.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 10Skipped
How does encrypting data in transit alleviate the security concerns of a company that frequently transfers sensitive information between its offices across the country?
Data transmissions within the headquarters is protected from unauthorized access
Explanation
Encrypting data in transit does not solely protect data transmissions within the headquarters. It is implemented to secure data while it is being transferred between different locations, not just within a single office.
Correct answer
Data transmissions between locations are protected from unauthorized access
Explanation
Encrypting data in transit is crucial for protecting data transmissions between locations from unauthorized access. It ensures that sensitive information remains secure while it is being sent over networks, reducing the risk of interception or unauthorized viewing.
Data is protected from accidental corruption or deletion
Explanation
Encrypting data in transit does not specifically protect data from accidental corruption or deletion. It focuses on securing data while it is being transferred between locations, not on data integrity.
Data stored on backup servers is protected
Explanation
Encrypting data in transit does not directly protect data stored on backup servers. The encryption is applied to data while it is being transmitted, not while it is at rest on servers.
Overall explanation
3.3 Compare and contrast concepts and strategies to protect data.
Encrypting data in transit alleviates the security concerns of a company that frequently transfers sensitive information between its offices across the country because data transmissions between locations are protected from unauthorized access. The data is protected from being understood if it manages to be intercepted while it is in transit because the attacker will not have the decryption key.
Domain
3.0 Security Architecture
Question 11Skipped
What can an organization expect during a sudden data center outage from the warm site that they have established as part of its business continuity?
Recovery from data backups stored offsite
Explanation
While data backups stored offsite are an essential part of a business continuity plan, they are not directly related to the operations of a warm site during a sudden data center outage. Data backups are typically used for recovery purposes after the outage has been resolved, rather than as an immediate solution during the outage itself.
Correct answer
Delayed activation from pre-configured equipment
Explanation
A warm site typically requires manual intervention to activate and may involve setting up pre-configured equipment, which can result in delayed activation during a sudden data center outage. This delay can impact the organization’s ability to quickly resume operations.
No data loss due to immediate failover
Explanation
While a warm site provides a level of redundancy and preparedness, it does not guarantee immediate failover in the event of a data center outage. Failover processes may still require time to initiate and complete, potentially resulting in some data loss during the transition.
Highly redundant and available data center
Explanation
A warm site is not designed to be as highly redundant and available as a hot site. While it may have some level of redundancy in place, it may not provide the same level of immediate availability and redundancy as a hot site setup.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
An organization can expect delayed activation from pre-configured equipment during a sudden data center outage from the warm site that they have established as part of its business continuity. The warm site does not run in real-time as it is only partially equipped and configured with the necessary infrastructure and systems. When a disaster occurs, the warm site needs to be set operational and activated. Delays in restoring operations occur because the systems must be reconfigured, and brought online and data has to be synchronized which may also lead to potential data losses.
Domain
3.0 Security Architecture
Question 12Skipped
An attacker has used a botnet to send multiple requests to open DNS resolvers with the target’s IP address as the source of the DNS queries. All the resolvers reply to the target server with a flood of responses. What attack method has been used?
Bot army
Explanation
A bot army refers to a large number of compromised devices controlled by a single entity to carry out coordinated attacks. While a botnet is involved in the scenario described in the question, the specific attack method being used is reflected DDoS, not a bot army.
Ping flooding
Explanation
Ping flooding is a type of DoS attack where the attacker sends a large volume of ICMP echo request packets to the target, overwhelming its network capacity. This method is not relevant to the scenario described in the question, where DNS resolvers are being used to flood the target server.
Correct answer
Reflected DDoS
Explanation
Reflected DDoS attack method involves sending requests to a large number of open DNS resolvers with the target’s IP address as the source. The resolvers then reply to the target server, overwhelming it with a flood of responses. This aligns with the scenario described in the question, making it the correct choice.
DNS hijacking
Explanation
DNS hijacking involves redirecting DNS queries to a malicious server to manipulate the resolution process. In this scenario, the attacker is not manipulating DNS queries but flooding the target server with responses, so DNS hijacking is not the correct choice.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
The attacker is using a reflected distributed denial-of-service (DDoS) attack. The attacker has used several third-party servers to reflect and amplify the intensity of the attack traffic targeted at a single point making it hard to discover the actual source of the attack as the attacker most likely used a spoofed source IP address when sending the requests to the DNS servers. The organization can implement intelligent traffic limiting and filtering mechanisms to thwart and defend themselves against such attacks.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 13Skipped
A third-party service provider plays a crucial role in ensuring that deliveries are made on time and operations are efficient for clients to whom it offers services such as management and coordination of product shipments, inventory, and distribution across regions. Which security risk to the supply chain management process is paramount?
Correct answer
Cyberattacks on the service provider’s network
Explanation
Cyberattacks on the service provider’s network are paramount to the supply chain management process as they can disrupt operations, compromise sensitive data, and lead to delays in deliveries. A cyberattack on the network of a third-party service provider can have significant implications for the entire supply chain.
Damage of physical security devices at the client sites
Explanation
Damage of physical security devices at the client sites can impact the overall security of the locations, but it is not the most critical risk to the supply chain management process. While physical security is important, cyber threats to the service provider’s network pose a more immediate and significant risk in this scenario.
Data breaches to the employees’ training records
Explanation
Data breaches to the employees’ training records can be a concern for the organization, but they do not directly impact the supply chain management process. While data breaches can lead to sensitive information being exposed, they are not the most critical risk in this context.
Personal devices affected with malware
Explanation
Personal devices affected with malware pose a security risk, but they are not directly related to the supply chain management process. While malware on personal devices can lead to data breaches and other security issues, it is not the most paramount risk in this scenario.
Overall explanation
2.2 Explain common threat vectors and attack surfaces.
The paramount security risk to the supply chain management process is cyberattacks on the service provider’s network. The service provider is responsible for handling critical logistics and operational data for the clients it serves. Cyberattacks on their network may compromise all three aspects of security i.e., confidentiality, integrity, and availability of the data thus degrading the supply chain operations for multiple clients.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 14Skipped
The change management team is conducting an impact analysis to assess the consequences of making modifications to a critical system. What would not regularly be considered during an impact analysis?
Requirements for user training
Explanation
Requirements for user training are typically considered during an impact analysis to assess the impact of system changes on end-users and to plan for necessary training and communication to ensure a smooth transition.
Correct answer
Allocation of the budget
Explanation
The allocation of the budget is not typically a primary consideration during an impact analysis, as it is more related to financial planning and resource management. While budget constraints may impact the implementation of system changes, it is not a direct factor in assessing the consequences of modifications during an impact analysis.
Compliance to regulations
Explanation
Compliance to regulations is an essential aspect to consider during an impact analysis as any modifications to a critical system must adhere to relevant regulations and standards to ensure security and legal compliance.
Compatibility of hardware
Explanation
Compatibility of hardware is an important factor to consider during an impact analysis as system modifications may require hardware upgrades or changes to ensure optimal performance and functionality.
Overall explanation
1.3 Explain the importance of change management processes and the impact to security.
Allocation of the budget would not regularly be considered during an impact analysis to assess the consequences of making modifications to a critical system. The impact analysis involves the evaluation of factors that highlight how the organization is affected by the change. The budget allocation would commonly be handled in the financial planning phase separately and not initially during the analysis of the potential effects.
Domain
1.0 General Security Concepts
Question 15Skipped
Which type of security appliance should the network team at a medium-sized company consider investing in if they want to achieve advanced threat protection, intrusion detection, and application-level visibility and control beyond filtering of network traffic based on the port and protocol?
Correct answer
NGFW
Explanation
Next-Generation Firewall (NGFW) appliances offer advanced threat protection, intrusion detection, and application-level visibility and control beyond traditional network traffic filtering based on ports and protocols. They provide deep packet inspection, application awareness, and integrated intrusion prevention capabilities to enhance network security.
VPN
Explanation
Virtual Private Network (VPN) appliances are used to establish secure connections for remote access or site-to-site communication over the internet. While VPNs enhance network security by encrypting traffic, they do not offer the advanced threat protection, intrusion detection, and application-level visibility and control features provided by NGFW appliances.
UTM
Explanation
Unified Threat Management (UTM) appliances combine multiple security features such as firewall, intrusion detection, antivirus, and content filtering into a single device. While they offer comprehensive security capabilities, they may not provide the same level of advanced threat protection and application-level visibility as NGFW appliances.
SASE
Explanation
Secure Access Service Edge (SASE) solutions combine network security functions with wide-area networking capabilities to provide secure access to applications and resources from anywhere. While SASE solutions offer comprehensive security and connectivity features, they may not specifically focus on advanced threat protection, intrusion detection, and application-level visibility and control like NGFW appliances do.
Overall explanation
3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
The network team at the medium-sized company should consider investing in a next-generation firewall (NGFW). The NGFW provides advanced network security features such as SSL decryption, deep packet inspection, intrusion detection, application-layer visibility and control, and advanced threat protection. It combats modern cybersecurity threats by combining traditional firewall features such as packet filtering and network address translation with advanced functions.
Domain
3.0 Security Architecture
Question 16Skipped
Which connection method poses the highest security risk for a remote workforce relying on cellular mobile solutions for connecting to the corporate network with their mobile devices like laptops, smartphones, and tablets?
Correct answer
Wi-Fi hotspot tethering
Explanation
Wi-Fi hotspot tethering involves connecting to a public Wi-Fi network through a mobile device’s cellular connection. Public Wi-Fi networks are known to be insecure and can be easily compromised by attackers to intercept sensitive data. Wi-Fi hotspot tethering poses the highest security risk in this scenario due to the inherent vulnerabilities of public Wi-Fi networks.
5G cellular network
Explanation
5G cellular networks provide faster and more secure connections compared to previous generations of cellular networks. While 5G networks offer improved security features, they are not immune to potential attacks. However, 5G cellular networks are generally considered more secure than public Wi-Fi networks, making them a safer option for remote workforce connectivity compared to Wi-Fi hotspot tethering.
Corporate Wi-Fi
Explanation
Corporate Wi-Fi networks are typically secured with encryption and authentication measures to protect data transmitted over the network. While corporate Wi-Fi networks can be secure, they may still be vulnerable to attacks if not properly configured or if using weak security protocols. However, corporate Wi-Fi is not the connection method that poses the highest security risk in this scenario.
VPN
Explanation
VPNs are commonly used to secure remote connections, providing encryption and authentication. While VPNs are generally considered secure, they can still be vulnerable to attacks if not properly configured or if using outdated protocols. However, VPNs are not the connection method that poses the highest security risk in this scenario.
Overall explanation
4.1 Given a scenario, apply common security techniques to computing resources.
Wi-Fi hotspot tethering poses the highest security risk for a remote workforce relying on cellular mobile solutions. It allows devices to connect to Wi-Fi networks that may not be secure. The networks may lack encryption leaving the risk of hackers eavesdropping on the communication with the possibility of cracking the encryption and making sense of the data being transferred. Likewise, attackers may use disassociation techniques with rogue access points or evil twins to trick users into connecting to their hotspots.
Domain
4.0 Security Operations
Question 17Skipped
What contractual document could a client of a cloud service provider refer to for the specific expectations regarding service availability and response times of the cloud service offerings?
SOW
Explanation
SOW, which stands for Statement of Work, is not the correct choice in this context. A Statement of Work typically outlines the specific tasks, deliverables, and timelines for a project or service, but it does not specifically address service availability and response times of cloud service offerings.
Correct answer
SLA
Explanation
SLA, which stands for Service Level Agreement, is the correct choice. An SLA is a contractual document that outlines the specific expectations regarding service availability, response times, performance metrics, and other service-related aspects between a client and a cloud service provider. It defines the agreed-upon level of service that the provider must deliver to the client.
MOA
Explanation
MOA, which stands for Memorandum of Agreement, is not the correct choice in this context. A Memorandum of Agreement is a document that outlines the terms and conditions of a partnership or agreement between two or more parties, but it does not specifically address service availability and response times of cloud service offerings.
BPA
Explanation
BPA, which stands for Business Partnership Agreement, is not the correct choice in this context. A Business Partnership Agreement is a document that outlines the terms and conditions of a partnership between two businesses, but it does not specifically address service availability and response times of cloud service offerings.
Overall explanation
5.3 Explain the processes associated with third-party risk assessment and management.
A client of a cloud service provider could refer to the service-level agreement (SLA) for the specific expectations regarding service availability and response times of the cloud service offerings. The document outlines the agreed levels and scope of services, performance metrics, and responsibilities of both parties and works as a reference for measuring the service quality.
Domain
5.0 Security Program Management and Oversight
Question 18Skipped
What type of attack involves a malicious user with basic access permissions attempting to gain unauthorized access to additional resources?
Correct answer
Privilege escalation
Explanation
Privilege escalation is the process of a user or attacker gaining higher levels of access or permissions than originally granted. In this scenario, a malicious user with basic access permissions is attempting to elevate their privileges to gain unauthorized access to additional resources, making it the correct choice for the type of attack described.
Directory traversal
Explanation
Directory traversal attacks involve manipulating file paths to access files and directories outside of the intended directory structure. While this type of attack involves unauthorized access, it is not specifically related to a malicious user with basic access permissions attempting to gain unauthorized access to additional resources.
Buffer overflow
Explanation
Buffer overflow attacks occur when a program writes more data to a buffer than it can hold, leading to memory corruption and potential exploitation. This type of attack does not specifically involve a malicious user with basic access permissions attempting to gain unauthorized access to additional resources.
Injection
Explanation
Injection attacks involve inserting malicious code or commands into an application to manipulate its behavior. This type of attack does not specifically involve a malicious user with basic access permissions attempting to gain unauthorized access to additional resources.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
A privilege escalation attack involves a malicious user with basic access permissions gaining unauthorized access to additional resources. Execution of instructions and commands beyond the originally assigned permissions can be achieved. The user will often aim to gain administrative privileges by elevating their access. They may succeed by exploiting vulnerabilities, misconfigurations, social engineering, or weak access controls.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 19Skipped
Users of an online gaming service have recently reported intermittent website unavailability impacting their experience. The technical team suspect an attack on their DNS is responsible. What type of attack could this be?
Correct answer
DNS poisoning
Explanation
DNS poisoning is a type of attack where false DNS information is introduced into the DNS cache, redirecting users to malicious websites or causing website unavailability. This type of attack aligns with the symptoms described in the question and could be responsible for the intermittent website unavailability experienced by the online gaming service users.
DNS traversal
Explanation
DNS traversal is not a type of attack that would cause intermittent website unavailability. It is a technique used to access DNS server information beyond the intended query scope.
DNS tunneling
Explanation
DNS tunneling is a technique used to bypass security controls by encapsulating non-DNS traffic within DNS queries and responses. While it can be used for malicious purposes, it is not typically associated with causing intermittent website unavailability.
DNS looping
Explanation
DNS looping is a situation where DNS queries are sent in a loop between DNS servers, causing a recursive query loop. While this can impact DNS resolution, it is not typically associated with causing intermittent website unavailability.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
The attack suspected by the technical team of the online gaming service is Domain Name System (DNS) poisoning. A DNS poisoning attack occurs by feeding the DNS cache table with the incorrect IP address (in this case the attacker’s IP address) that maps to a domain name. This means that when a user queries a poisoned domain name, they shall be redirected to the malicious site instead of the correct one.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 20Skipped
The change management board has detailed a specific list of restrictions on the permitted activities to be performed during the change process. What are the implications of such restrictions?
Correct answer
Delays in implementing updates
Explanation
The restrictions imposed by the change management board may lead to delays in implementing updates as the permitted activities are limited. This can slow down the change process and impact the overall timeline for implementing necessary changes.
No impact will result from them
Explanation
While it is possible that there may be no immediate impact from the restrictions, it is important to adhere to the guidelines set by the change management board to ensure that changes are implemented in a controlled and secure manner.
Non-essential system components shall be affected
Explanation
The restrictions on permitted activities during the change process may affect non-essential system components, as certain actions or updates may be limited or prohibited. This can impact the functionality or performance of these components during the change process.
Restrictions shall be bypassed to speed up the change
Explanation
Bypassing the restrictions to speed up the change process is not recommended as it can lead to unauthorized or unapproved changes being implemented. This can introduce security risks, compliance issues, and potential disruptions to the system.
Overall explanation
1.3 Explain the importance of change management processes and the impact to security.
The restrictions made by the change management board on the permitted activities to be performed during the change process could result in delays in implementing updates. The restrictions are typically aimed at maintaining the security and stability of the systems undergoing a change while at the same time minimizing the risks, despite potential delays caused by them.
Domain
1.0 General Security Concepts
Question 21Skipped
An IT administrator wants to make sure that unauthorized code or commands cannot be executed through user inputs in efforts to bolster the security of their enterprise web applications. Which attack must be prevented?
Forgery
Explanation
Forgery is a type of attack where an attacker creates a fake or unauthorized version of a legitimate entity or resource. While preventing forgery is important for overall security, it is not directly related to preventing unauthorized code or commands from being executed through user inputs in web applications.
Replay
Explanation
Replay attacks involve capturing and replaying valid data transmissions to gain unauthorized access to a system. While preventing replay attacks is important for security, it does not directly address the issue of preventing unauthorized code or commands from being executed through user inputs in web applications.
Correct answer
Injection
Explanation
Injection attacks, such as SQL injection or code injection, involve inserting malicious code or commands into user inputs to manipulate the application’s behavior. Preventing injection attacks is crucial to ensure that unauthorized code or commands cannot be executed through user inputs in web applications.
Brute force
Explanation
Brute force attacks involve systematically trying all possible combinations of passwords or keys to gain unauthorized access to a system. While preventing brute force attacks is essential for security, it is not specifically focused on preventing unauthorized code or commands from being executed through user inputs in web applications.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
The IT administrator must prevent injection attacks to ensure that unauthorized code or commands cannot be executed through user inputs. Common injection attack mechanisms deployed by hackers include SQL injection, cross-site scripting (XSS), command injection, and XML injection. Proper input validation and sanitization, parameterized queries, and regular updates can be used to defend against injection attacks.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 22Skipped
An administrator at a technology firm handles various types of data files. Classification is based on three distinct labels: Public, Internal, and Confidential. What should the administrator do if he is unsure of how to classify a particular document?
Correct answer
Go through the data classification policy of the organization
Explanation
Going through the data classification policy of the organization is the correct approach when unsure of how to classify a particular document. The policy will provide guidelines and criteria for determining the appropriate classification based on the content and sensitivity of the data.
Share the document on a community forum and seek advice
Explanation
Sharing the document on a community forum and seeking advice is not a recommended practice for data classification. This action could potentially expose sensitive information to unauthorized individuals and compromise the security of the data.
Simply mark it as “Confidential” just in case there is any sensitive data
Explanation
Simply marking the document as “Confidential” without proper justification or assessment of the content could lead to misclassification and unnecessary restrictions on access. It is important to classify documents accurately based on their actual content and sensitivity.
Do not label the document
Explanation
Not labeling the document at all when unsure of its classification status leaves the data vulnerable to unauthorized access or mishandling. It is essential to follow the organization’s data classification policy to ensure proper protection and handling of sensitive information.
Overall explanation
3.3 Compare and contrast concepts and strategies to protect data.
The administrator at the technology firm should go through the data classification policy of the organization if he is unsure of how to classify a particular document. This will help the administrator to ensure that the proper classification is applied to the data and reduce the risk of mishandling and non-compliance.
Domain
3.0 Security Architecture
Question 23Skipped
The physical security system of a company consists of infrared motion sensors installed at various entry points around the premises. What is the intention of placing such sensors?
Correct answer
Detecting and alerting security personnel of unauthorized movements
Explanation
The correct intention of placing infrared motion sensors is to detect and alert security personnel of unauthorized movements. These sensors are designed to detect changes in infrared radiation, such as body heat, and trigger an alarm when motion is detected.
Blocking of unauthorized individuals from crossing the premises
Explanation
Infrared motion sensors are not used to physically block unauthorized individuals from crossing the premises. Their purpose is to detect motion and trigger an alert, allowing security personnel to respond to unauthorized movements.
Controlling of the environmental conditions
Explanation
Infrared motion sensors are not used for controlling environmental conditions. They are specifically designed to detect motion and are not equipped to regulate temperature, humidity, or other environmental factors.
Recording of videos of the secured area in infrared mode
Explanation
Infrared motion sensors are not typically used for recording videos in infrared mode. Their primary function is to detect motion and trigger an alert or alarm in response to unauthorized movements.
Overall explanation
1.2 Summarize fundamental security concepts.
Infrared motion sensors installed at various entry points around the premises aid in detecting and alerting security personnel of unauthorized movements. The sensors are capable of detecting changes to the distribution of the infrared radiation that is reflected back to its system, which is caused by the movement of objects or individuals in the direction it is positioned.
Domain
1.0 General Security Concepts
Question 24Skipped
What could be the reason behind a group of highly skilled nation-state threat actors conducting a series of cyberattacks?
Data exfiltration
Explanation
Data exfiltration is a common motive for cyberattacks, but it is more commonly associated with financially motivated cybercriminals rather than highly skilled nation-state threat actors. These actors are more likely to focus on espionage, intelligence gathering, or disrupting critical infrastructure.
Chaos
Explanation
Chaos is generally not a primary motive for highly skilled nation-state threat actors when conducting cyberattacks. These actors are usually more strategic in their actions, aiming to achieve specific goals or objectives rather than causing widespread chaos or disruption for its own sake.
Financial gain
Explanation
While financial gain can be a motive for some cyberattacks, highly skilled nation-state threat actors are typically not driven by monetary rewards. Their primary goals are often related to espionage, political influence, or national security interests rather than financial gain.
Correct answer
Political beliefs
Explanation
Nation-state threat actors often conduct cyberattacks based on political beliefs, aiming to achieve strategic goals, influence political decisions, or disrupt the operations of rival nations. These attacks are usually carried out with a specific political agenda in mind.
Overall explanation
2.1 Compare and contrast common threat actors and motivations.
The most likely reason behind cyberattacks from a group of highly skilled nation-state threat actors is most likely political beliefs. Although the other options could in one way or the other be linked to the motivation of a nation-state actor, the primary reason commonly originates from governments or parliaments aiming at enforcing their political order. Likewise, the funding for the attacks is allocated for the same.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 25Skipped
What is the expected outcome of a network security device configured in a fail-closed mechanism, that encounters an unexpected issue during a routine software maintenance causing a temporary disruption?
Correct answer
All incoming and outgoing traffic will be automatically blocked by the security device
Explanation
In a fail-closed mechanism, the expected outcome of a network security device encountering an unexpected issue during routine software maintenance is to automatically block all incoming and outgoing traffic. This is done to prevent any potential security vulnerabilities or breaches while the issue is being resolved.
All incoming and outgoing traffic will be automatically allowed by the security device
Explanation
Allowing all incoming and outgoing traffic automatically by the security device is not the expected outcome of a network security device configured in a fail-closed mechanism. The fail-closed mechanism is designed to block traffic to maintain the security of the network in case of unexpected issues.
Traffic will be redirected to a closed loop network
Explanation
Traffic being redirected to a closed loop network is not a common outcome of a network security device configured in a fail-closed mechanism. The primary purpose of a fail-closed mechanism is to automatically block traffic to prevent unauthorized access or security breaches in the event of an unexpected issue.
Alerts and self-recovery will be initiated
Explanation
Alerts and self-recovery mechanisms are typically designed to be initiated in the event of a planned or expected issue, such as a scheduled maintenance downtime. In the case of an unexpected issue during routine software maintenance, the fail-closed mechanism would not trigger alerts and self-recovery as it is designed to block traffic to prevent potential security breaches.
Overall explanation
3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
The expected outcome of a network security device configured in a fail-closed mechanism that encounters an unexpected issue causing a temporary disruption is that all incoming and outgoing traffic will be automatically blocked by the security device. The approach is proactive and prioritizes security over accessibility by ensuring that no data or resources are exposed to unauthorized users during a failure.
Domain
3.0 Security Architecture
Question 26Skipped
Which email authentication method can be used by a company that has implemented email security to protect its employees from phishing attacks and ensure that the incoming emails are legitimate and have not been modified during transit?
Correct answer
DKIM
Explanation
DKIM (DomainKeys Identified Mail) is an email authentication method that allows a company to digitally sign outgoing emails, providing a way to verify that the email has not been altered in transit and that it actually originated from the stated sender. This helps protect employees from phishing attacks by ensuring the legitimacy of incoming emails.
SMTP
Explanation
SMTP (Simple Mail Transfer Protocol) is a communication protocol used for sending and receiving email messages. While SMTP is essential for email communication, it is not an email authentication method like DKIM or SPF, which are specifically designed to verify the authenticity of incoming emails and protect against phishing attacks.
SPF
Explanation
SPF (Sender Policy Framework) is an email authentication method that specifies which mail servers are authorized to send emails on behalf of a domain. While SPF helps prevent email spoofing, it does not provide the same level of protection against phishing attacks and email tampering as DKIM does.
TLS
Explanation
TLS (Transport Layer Security) is a protocol used to encrypt email communication between mail servers, ensuring the confidentiality and integrity of the email content during transit. While TLS enhances email security, it is not an email authentication method like DKIM or SPF, which specifically address the issue of verifying email authenticity.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
Domain Keys Identified Mail (DKIM) can be used by a company to protect its employees from phishing attacks and ensure that incoming emails are legitimate and have not been modified during transit. DKIM verifies the authenticity of an email to ensure that there were no alterations during its transmission. It adds a digital signature to outgoing emails so the recipient’s email server may verify that the email came from a legitimate sender and recalculate the hash of the email that is embedded in the digital signature to verify the email has not been tampered with. This provides effective protection from phishing while confirming its integrity.
Domain
4.0 Security Operations
Question 27Skipped
Who is responsible for managing the data handling practices, overseeing the data access, and ensuring compliance with privacy regulations?
Correct answer
Data controllers
Explanation
Data controllers are responsible for managing data handling practices, overseeing data access, and ensuring compliance with privacy regulations. They determine the purposes and means of processing personal data and are accountable for data protection and privacy compliance.
Data processors
Explanation
Data processors are entities that process data on behalf of data controllers. While they play a role in handling data, they do not have the ultimate responsibility for managing data handling practices, overseeing data access, or ensuring compliance with privacy regulations.
Data stewards
Explanation
Data stewards are responsible for ensuring the quality, security, and proper use of data within an organization. While they play a role in data management, they are not typically responsible for managing data handling practices, overseeing data access, or ensuring compliance with privacy regulations.
Data owners
Explanation
Data owners are individuals or entities that have legal ownership of the data. While they have a vested interest in the data, they are not typically responsible for managing data handling practices, overseeing data access, or ensuring compliance with privacy regulations.
Overall explanation
5.1 Summarize elements of effective security governance.
Data controllers are responsible for managing the data handling practices, overseeing the data access, and ensuring compliance with privacy regulations. They are responsible for determining the purposes and means of processing personal data as they safeguard the privacy rights of the individuals associated with the data being processed.
Domain
5.0 Security Program Management and Oversight
Question 28Skipped
The email communications for the past year of a specific employee are needed by a company facing a legal investigation. What process should the organization follow to collect and provide this electronic evidence?
Backup all the emails of the employees to ensure all data is preserved
Explanation
Backing up all emails of all employees is not the appropriate process for collecting specific employee emails needed for a legal investigation. It is a broad and unnecessary action that may violate privacy regulations and result in unnecessary data retention.
Delete all the emails to avoid any legal complications
Explanation
Deleting all emails to avoid legal complications is not the appropriate process for handling electronic evidence needed for a legal investigation. Deleting emails can be seen as tampering with evidence and may result in legal consequences for the organization.
Correct answer
Consult the forensics team to extract and preserve the relevant emails
Explanation
Consulting the forensics team to extract and preserve the relevant emails is the correct process for collecting and providing electronic evidence for a legal investigation. The forensics team has the expertise to handle electronic evidence collection in a legally sound and forensically sound manner.
Make personal contact with the employee to request access to their email account
Explanation
Making personal contact with the employee to request access to their email account is not the recommended process for collecting electronic evidence for a legal investigation. It may violate privacy regulations, compromise the integrity of the evidence, and potentially lead to legal complications.
Overall explanation
4.8 Explain appropriate incident response activities.
The organization should consult the forensics team to extract and preserve the relevant emails. This will help to reduce the risk of tampering and data loss that shall in turn maintain integrity of the electronic evidence to be viable in court.
Domain
4.0 Security Operations
Question 29Skipped
A hacktivist group has struck the news and radio and is trending on social media after defacing a government agency’s website and posting their message to protest a controversial policy that was recently announced. What is the main motivation behind their attack?
Service disruption
Explanation
Service disruption typically involves attacks that aim to interrupt or disrupt the normal functioning of a system or service. In this scenario, the hacktivist group’s main motivation is not to disrupt the service of the government agency’s website but to convey a message and protest a policy.
Blackmail
Explanation
Blackmail involves threatening to reveal information or cause harm unless a demand is met. The hacktivist group’s actions are not motivated by blackmail in this case, as they are not seeking personal gain or making demands in exchange for stopping the attack.
War
Explanation
War typically involves organized armed conflict between states or groups. The hacktivist group’s attack on the government agency’s website is not motivated by a desire for war but rather by their philosophical beliefs and desire to protest a specific policy.
Correct answer
Philosophical beliefs
Explanation
The main motivation behind the hacktivist group’s attack is their philosophical beliefs. They defaced the government agency’s website and posted their message to protest a controversial policy, indicating that their actions are driven by their beliefs and desire to make a statement rather than personal gain or disruption.
Overall explanation
2.1 Compare and contrast common threat actors and motivations.
A hacktivist group that has defaced a government agency’s website to post their message to protest a controversial policy that was recently announced is mainly motivated by philosophical beliefs. They are using their hacking skills to promote social and political change.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 30Skipped
Which strategy can be adopted by an organization that has implemented a zero-trust model focusing on threat scope reduction within the control plane?
Correct answer
Strong access controls and micro-segmentation
Explanation
Strong access controls and micro-segmentation are key components of a zero-trust model that focus on reducing the threat scope within the control plane. By implementing strict access controls and segmenting the network into smaller, isolated zones, organizations can limit the potential attack surface and contain threats more effectively.
Centralize administrative privileges
Explanation
Centralizing administrative privileges may streamline management processes, but it does not directly address threat scope reduction within the control plane. In a zero-trust model, administrative privileges should be carefully managed and limited to only those who require them, rather than centralized.
Increasing the trusted devices in the network
Explanation
Increasing the trusted devices in the network goes against the principles of a zero-trust model, which assumes that no device or user should be inherently trusted. Adding more trusted devices would expand the threat scope rather than reducing it within the control plane.
Disabling network monitoring agents to boost system performance
Explanation
Disabling network monitoring agents to boost system performance is a counterproductive measure in terms of security. Network monitoring agents play a crucial role in detecting and responding to security incidents in real-time. Disabling them would weaken the organization’s ability to monitor and mitigate threats within the control plane, undermining the zero-trust model’s effectiveness.
Overall explanation
1.2 Summarize fundamental security concepts.
An organization that has implemented a zero-trust model focusing on threat scope reduction within the control plane can implement strong access controls and micro-segmentation. The approach isolates network segments to reduce the surface area of the attack and applies the principle of least privilege to limit access to specific resources. The assumption that there is no inherent trust in the network is made.
Domain
1.0 General Security Concepts
Question 31Skipped
What security considerations should be dealt with by an organization seeking to transition its monolithic application architecture into a microservices-based one?
There is a single point of failure when using microservices
Explanation
Transitioning from a monolithic architecture to a microservices-based one introduces the risk of a single point of failure. In a monolithic architecture, if one component fails, it can bring down the entire application. However, in a microservices architecture, each service operates independently, which can reduce the impact of failures but also introduces the risk of a single service causing a failure.
Microservices are resilient to attacks as they only run a single service
Explanation
Microservices are not inherently resilient to attacks because they only run a single service. In fact, the distributed nature of microservices can introduce new attack vectors and security challenges. Each service must be secured individually, and communication between services must be properly authenticated and encrypted to prevent attacks.
Correct answer
Enhanced authentication and authorization mechanisms
Explanation
Transitioning to a microservices architecture requires enhanced authentication and authorization mechanisms to ensure that only authorized services and users can access the microservices. Implementing strong authentication methods, such as multi-factor authentication, and fine-grained authorization controls can help protect the microservices from unauthorized access and potential security breaches.
Microservices have fewer vulnerabilities due to their micro state
Explanation
Microservices do not necessarily have fewer vulnerabilities due to their micro state. In fact, the increased number of services in a microservices architecture can potentially increase the attack surface and introduce more vulnerabilities. Each service must be properly secured and monitored to mitigate security risks.
Overall explanation
3.1 Compare and contrast security implications of different architecture models.
An organization seeking to transition its monolithic application architecture into a microservices-based one should consider enhanced authentication and authorization mechanisms. Micro services are loosely coupled so it is important to make sure that only authorized services are allowed to communicate with each other and have the necessary permissions to access resources from the other.
Domain
3.0 Security Architecture
Question 32Skipped
What shall be done by a Policy Enforcement Point (PEP) that has been implemented on the data plane of a zero-trust architecture when a user attempts to access a sensitive server?
Correct answer
The PEP makes policy-based and contextual access decisions as it inspects traffic
Explanation
The PEP making policy-based and contextual access decisions as it inspects traffic is the correct choice for a zero-trust architecture. It ensures that access decisions are made based on real-time analysis of user behavior and context.
The PEP will not perform any inspection and grant access to all users
Explanation
The PEP not performing any inspection and granting access to all users would be a significant security risk in a zero-trust architecture, as it goes against the core principle of least privilege access.
The PEP grants immediate access and enforces user identity based policies
Explanation
The PEP granting immediate access and enforcing user identity based policies would not align with the principles of a zero-trust architecture, which requires continuous verification and validation of user access requests.
The PEP will grant temporary access as it awaits for the verification from administrators
Explanation
The PEP granting temporary access as it awaits verification from administrators would introduce delays in access decisions and may not align with the real-time, dynamic nature of a zero-trust architecture.
Overall explanation
1.2 Summarize fundamental security concepts.
When a user attempts to access a sensitive server where a policy enforcement point (PEP) has been implemented on the data plane of a zero-trust architecture, the PEP makes policy-based and contextual access decisions as it inspects traffic. The PEP intercepts and controls data traffic to make access decisions based on defined security policies in real time. It considers contextual information such as the identity of the user, the posture of the device, and the conditions of the network.
Domain
1.0 General Security Concepts
Question 33Skipped
An educational institution with a diverse range of scholars, educators, and systems spread across multiple campuses aims at improving its physical security. What should they regard in their security assessment for the attack surface targeting their infrastructure?
Governance compliance requirements assessments
Explanation
Governance compliance requirements assessments focus on ensuring that the institution meets regulatory standards and best practices in terms of data protection and privacy. While important for overall security, it may not directly address physical security concerns related to access points.
Correct answer
Identification and security of physical access points
Explanation
Identification and security of physical access points are critical in assessing and improving physical security. By identifying and securing access points, the institution can prevent unauthorized entry and potential attacks on its infrastructure.
Credit card processing enhancement
Explanation
Credit card processing enhancement is more related to financial transactions and payment security, which may not directly address the physical security concerns of the institution’s infrastructure.
Inventory management system review
Explanation
Inventory management system review is essential for tracking and managing assets within the institution, but it may not directly address the identification and security of physical access points, which is crucial for improving physical security.
Overall explanation
3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
The educational institution should regard the identification and security of physical access points in their security assessment for the attack surface targeting their infrastructure. All entry points into the campus, buildings, laboratories, libraries, and facility centers, including the doors, gates, and windows must be known and secured. This reduces the risk of unauthorized individuals gaining physical access to sensitive areas.
Domain
3.0 Security Architecture
Question 34Skipped
Which technology is suited for the exchange of authentication and authorization data between an identity and service provider in a corporation leveraging on a single sign-on solution to access its cloud-based applications?
OAuth
Explanation
OAuth (Open Authorization) is an authorization framework that allows third-party services to exchange user information without sharing credentials. While OAuth is commonly used for authorization in various scenarios, it is not primarily focused on the exchange of authentication and authorization data in single sign-on solutions.
LDAP
Explanation
LDAP (Lightweight Directory Access Protocol) is a protocol used for accessing and maintaining distributed directory information services over an IP network. While LDAP can be used for authentication and authorization, it is not specifically designed for the exchange of data in single sign-on solutions.
Correct answer
SAML
Explanation
SAML (Security Assertion Markup Language) is specifically designed for exchanging authentication and authorization data between identity and service providers. It is commonly used in single sign-on solutions to enable secure access to cloud-based applications.
Kerberos
Explanation
Kerberos is a network authentication protocol that is used to provide secure authentication for users and services. While Kerberos is commonly used in enterprise environments for authentication, it is not specifically designed for the exchange of authentication and authorization data in single sign-on solutions leveraging cloud-based applications.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
Security Assertions Markup Language (SAML) is a technology suited for the exchange of authentication and authorization data between an identity and service provider in a corporation leveraging on a single sign-on solution to access its cloud-based applications. SAML enables the authentication of users with the identity provider and provides assertions or claims to the service providers on the eligibility of the access, thus allowing users to access multiple applications from a single login.
Domain
4.0 Security Operations
Question 35Skipped
Which of the following highlights the benefits of package monitoring in application security?
Throttling of all attacks towards the application
Explanation
Throttling of all attacks towards the application is a security measure that helps protect the application from malicious activities, but it is not directly related to the benefits of package monitoring. Package monitoring focuses on managing and securing the dependencies and libraries used in the application to prevent vulnerabilities and security risks.
Correct answer
Discovering a critical vulnerability in a third-party library
Explanation
Discovering a critical vulnerability in a third-party library is a key benefit of package monitoring in application security. By monitoring the packages and libraries used in the application, security teams can identify vulnerabilities in third-party code and take necessary actions to mitigate risks.
Reviewing and updating the application code
Explanation
Reviewing and updating the application code is an important practice in application security, but it is not directly related to the benefits of package monitoring. Package monitoring focuses on monitoring and managing the dependencies and third-party libraries used in the application.
Identification of vulnerabilities by penetration testing
Explanation
Identification of vulnerabilities by penetration testing is a valuable security practice, but it is not specific to the benefits of package monitoring. Penetration testing involves actively testing the security of an application by simulating real-world attacks to identify weaknesses.
Overall explanation
4.3 Explain various activities associated with vulnerability management.
Package monitoring in application security can bring benefits such as discovering a critical vulnerability in a third-party library. The developers and the security teams can promptly address issues once brought to light and help protect the application from possible compromise or breaches.
Domain
4.0 Security Operations
Question 36Skipped
Which model is most suitable to enforce data security so that there are permission restrictions to only allow employees to access sensitive data if their role requires them to?
ABAC
Explanation
Attribute-Based Access Control (ABAC) is a model that uses attributes to make access control decisions. While ABAC can be used to enforce data security, it does not specifically focus on restricting access based on roles, making it less suitable for ensuring that employees only access sensitive data based on their roles.
Correct answer
RBAC
Explanation
Role-Based Access Control (RBAC) is the most suitable model for enforcing data security by restricting access based on roles. RBAC ensures that employees can only access sensitive data if their role requires them to, making it an effective choice for implementing permission restrictions based on job responsibilities.
MAC
Explanation
Mandatory Access Control (MAC) is a model where access controls are set by a central authority, typically based on security labels. While MAC provides a high level of control over access permissions, it may not be the most suitable model for enforcing data security based on role requirements, as it focuses more on system-wide security policies rather than role-based restrictions.
DAC
Explanation
Discretionary Access Control (DAC) is a model where the data owner determines who has access to the data. While DAC allows for some level of control over access permissions, it may not be the most suitable model for enforcing strict permission restrictions based on roles, as it relies on individual users to make access decisions.
Overall explanation
3.3 Compare and contrast concepts and strategies to protect data.
The role-based access control (RBAC) model is most suitable to enforce data security so that there are permission restrictions to only allow employees to access sensitive data if their role requires them to. RBAC aligns with the principle of least privilege which restricts access to the minimum necessary permissions to facilitate the designated function or activity.
Domain
3.0 Security Architecture
Question 37Skipped
Two corporations are establishing clear guidelines for the way they shall handle information, responsibilities, and security measures as they collaborate on a joint project where they shall require sharing information. What agreement should they sign?
NDA
Explanation
NDA (Non-Disclosure Agreement) is a legal contract that outlines confidential information that the parties wish to share with each other for certain purposes, but wish to restrict access to or by third parties. While an NDA is important for protecting sensitive information, it does not cover the broader scope of responsibilities and security measures that would be addressed in a collaboration agreement.
BIA
Explanation
BIA (Business Impact Analysis) is a process used to identify and evaluate the potential effects of disruptions to critical business operations. While BIA is crucial for understanding the impact of incidents on business operations, it is not the appropriate agreement for two corporations collaborating on a joint project and sharing information, responsibilities, and security measures.
SLA
Explanation
SLA (Service Level Agreement) is a contract between a service provider and a customer that outlines the level of service expected from the service provider. While SLAs are important for defining service expectations, they do not specifically address information sharing, responsibilities, and security measures between collaborating organizations.
Correct answer
MOA
Explanation
MOA (Memorandum of Agreement) is a formal agreement between two or more parties outlining the terms and details of their collaboration on a specific project or objective. In the context of two corporations collaborating on a joint project and sharing information, responsibilities, and security measures, signing an MOA would be the appropriate agreement to establish clear guidelines.
Overall explanation
5.3 Explain the processes associated with third-party risk assessment and management.
The two corporations should sign a memorandum of agreement (MOA). The MOA provides a written outline of the roles, responsibilities, and expectations of each party in the agreement. It establishes a cooperation or collaboration framework without a legally bound or enforceable contract.
Domain
5.0 Security Program Management and Oversight
Question 38Skipped
What type of attack involves a malicious attacker trying out all possible combinations of characters in a password until they successfully crack it to gain unauthorized access?
Rainbow table
Explanation
Rainbow table attack involves the use of precomputed tables containing hashed passwords to crack passwords quickly. It does not involve trying out all possible combinations of characters like in a brute force attack.
Correct answer
Brute force
Explanation
Brute force attack involves a malicious attacker systematically trying out all possible combinations of characters in a password until they successfully crack it. This method is time-consuming but effective in gaining unauthorized access to systems or accounts.
Spraying
Explanation
Spraying attack involves trying a small number of commonly used passwords against a large number of usernames. It is different from a brute force attack where all possible combinations of characters are systematically tried out to crack a password.
Birthday
Explanation
Birthday attack is a cryptographic attack that exploits the mathematics behind the birthday paradox to find collisions in hash functions. It is not related to trying out all possible combinations of characters in a password like in a brute force attack.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
A brute force attack involves a malicious attacker systematically trying out all possible combinations of characters in a password until they successfully crack it to gain unauthorized access. The attack mainly relies on sheer persistence accompanied by trial and error. They are time and resource-consuming. Account lockout policies and multi-factor authentication can be used to defend against such attacks.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 39Skipped
What concept shall govern the rights and responsibilities of research data that is being shared by a team of scientists collaborating on a project where they each contribute their ideas and data to a shared repository?
Data encryption
Explanation
Data encryption is a security measure used to protect data from unauthorized access by converting it into a code that can only be read by those with the decryption key. While data encryption is important for securing sensitive information, it does not directly govern the rights and responsibilities of research data shared among a team of scientists collaborating on a project.
Correct answer
Data ownership
Explanation
Data ownership is the concept that governs the rights and responsibilities of research data shared by a team of scientists. It determines who has control over the data, who can access it, and who can make decisions about its use and distribution. This concept is crucial in collaborative projects where multiple contributors are involved in sharing their ideas and data.
Data labelling
Explanation
Data labeling involves assigning metadata tags to data to provide information about its content, context, and usage. While data labeling is important for organizing and identifying data, it does not directly govern the rights and responsibilities of research data shared by a team of scientists collaborating on a project.
Data classification
Explanation
Data classification is the process of categorizing data based on its sensitivity, importance, and confidentiality level. While data classification is essential for organizing and protecting data, it does not specifically govern the rights and responsibilities of research data shared by a team of scientists in a collaborative project.
Overall explanation
5.4 Summarize elements of effective security compliance.
Data ownership shall govern the rights and responsibilities of research data that is being shared by a team of scientists collaborating on a project where they each contribute their ideas and data to a shared repository. The data owner is the one with the authority to control and manage the data, as well as make decisions on its usage, access, and distribution.
Domain
5.0 Security Program Management and Oversight
Question 40Skipped
A security committee at an enterprise is composed of members from the IT, legal, risk, procurement, and various other departments. How can the committee improve the organization’s cybersecurity posture?
Performing cybersecurity training sessions
Explanation
Performing cybersecurity training sessions can help raise awareness and educate employees from various departments on best practices, policies, and procedures to enhance the organization’s overall cybersecurity posture. However, training alone may not be sufficient without cross-functional collaboration and governance.
Correct answer
Cross-functional cybersecurity governance and oversight
Explanation
Cross-functional cybersecurity governance and oversight involving members from IT, legal, risk, procurement, and other departments can ensure that cybersecurity policies and practices are aligned with the organization’s overall goals and objectives. This collaboration can lead to a more holistic and effective approach to cybersecurity.
Minimization of other departments involvement in cybersecurity issues
Explanation
Minimizing other departments’ involvement in cybersecurity issues can result in siloed decision-making and limited perspectives on potential threats and vulnerabilities. It is important to have a diverse representation from different departments to address cybersecurity challenges effectively.
Enforcing bureaucracy within the organization
Explanation
Enforcing bureaucracy within the organization may create unnecessary barriers and hinder collaboration between departments, which can actually weaken the organization’s cybersecurity posture rather than improve it.
Overall explanation
5.1 Summarize elements of effective security governance.
The committee can improve the organization’s cybersecurity posture through cross-functional cybersecurity governance and oversight. The aim is to align various aspects of the organization with the security goals and to comprehensively address concerns related to security.
Domain
5.0 Security Program Management and Oversight
Question 41Skipped
Which of the following describes a comprehensive list of all the types of data stored, its location, access permissions, and sensitivity?
Datastore
Explanation
Datastore refers to a physical or virtual location where data is stored. While it may contain various types of data, it does not inherently include information about access permissions, sensitivity, or a comprehensive list of all stored data.
Repository
Explanation
Repository typically refers to a central location where data is stored and managed. While it may contain various types of data, it does not necessarily include detailed information about access permissions, sensitivity, or a comprehensive list of all stored data.
Database
Explanation
Database refers to a structured collection of data, typically stored and accessed electronically. While a database may contain various types of data, it does not inherently include information about access permissions, sensitivity, or a comprehensive list of all stored data.
Correct answer
Inventory
Explanation
Inventory is the correct choice as it accurately describes a comprehensive list of all the types of data stored, its location, access permissions, and sensitivity. An inventory provides a detailed overview of all data assets within an organization, including their characteristics and security requirements.
Overall explanation
5.4 Summarize elements of effective security compliance.
An inventory describes a comprehensive list of all the types of data stored, its location, access permissions, and sensitivity. Organizations can understand their data assets better to provide effective data security management.
Domain
5.0 Security Program Management and Oversight
Question 42Skipped
A systems administrator has found a critical security vulnerability in the operating system of a workstation that could potentially be exploited to compromise sensitive data. What is the appropriate action to be taken?
Ignore the vulnerability as it has not been exploited yet
Explanation
Ignoring the vulnerability because it has not been exploited yet is a risky decision. Security vulnerabilities should be addressed proactively to prevent potential attacks and data breaches.
Correct answer
Remediate the vulnerability by immediately applying the security patch
Explanation
Remediation of the vulnerability by immediately applying the security patch is the most appropriate action to take. This will help mitigate the risk of exploitation and protect sensitive data on the workstation. It is crucial to prioritize the security of the system and take proactive steps to address vulnerabilities.
Address the issue in the next scheduled maintenance window
Explanation
Addressing the issue in the next scheduled maintenance window may leave the system vulnerable to exploitation until the patch is applied. Critical vulnerabilities should be remediated as soon as possible to minimize the risk of a security breach.
Format the workstation as the vulnerability is critical
Explanation
Formatting the workstation as a response to a critical security vulnerability is an extreme measure that may result in data loss and disrupt business operations. It is not the most appropriate or efficient way to address the issue.
Overall explanation
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
The systems administrator should remediate the vulnerability by immediately applying the security patch. The risk of potential breaches, compromises, and exploitation is reduced while demonstrating commitment to security and protection of sensitive data.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 43Skipped
Which of the following security aspects is essential for a smart building management system that leverages on IoT devices for the monitoring and controlling of various functions such as lighting, temperature, and access control within the building?
Power consumption monitoring of the IoT devices
Explanation
Power consumption monitoring of IoT devices is important for optimizing energy usage and reducing costs in a smart building. While monitoring power consumption is beneficial for efficiency, it is not directly related to the security aspects of leveraging IoT devices in a smart building management system.
Regular financial audits of the IoT devices
Explanation
Regular financial audits of IoT devices are important for ensuring financial accountability and transparency within an organization. However, financial audits do not directly address the security aspects of leveraging IoT devices in a smart building management system.
Timely updates to the building management system software
Explanation
Timely updates to the building management system software are important for addressing security vulnerabilities and ensuring that the system is protected against potential threats. However, while software updates are essential, they are not specific to the security aspects of leveraging IoT devices in a smart building management system.
Correct answer
Robust access controls and encryption
Explanation
Robust access controls and encryption are essential for securing a smart building management system that leverages IoT devices. Access controls help prevent unauthorized access to the system, while encryption ensures that data transmitted between devices is secure and protected from eavesdropping or tampering.
Overall explanation
3.1 Compare and contrast security implications of different architecture models.
The essential security aspect for a smart building management system that leverages IoT devices for the monitoring and controlling of various functions is robust access controls and encryption. This will reduce the risk of unauthorized access to the devices and safeguard the integrity and confidentiality of the information being transferred.
Domain
3.0 Security Architecture
Question 44Skipped
What is the process where employees at an organization shall need to formally acknowledge their understanding and commitment to following the security policies?
Due care
Explanation
Due care refers to the responsibility of individuals to act reasonably and prudently to protect the organization’s assets and resources. While it is an important concept in security, it does not specifically relate to the formal acknowledgment of security policies by employees.
Knowledge sharing
Explanation
Knowledge sharing refers to the exchange of information and expertise among employees within an organization. While sharing knowledge about security policies is essential, it does not specifically address the formal acknowledgment and commitment to following those policies by employees.
Correct answer
Attestation
Explanation
Attestation is the process where employees formally acknowledge their understanding and commitment to following the security policies of an organization. It ensures that employees are aware of the policies and agree to comply with them, helping to enforce security measures effectively.
Compliance automation
Explanation
Compliance automation involves using technology and tools to automate the process of ensuring that an organization’s security practices align with regulatory requirements and internal policies. While important for maintaining compliance, it does not directly involve the formal acknowledgment of security policies by employees.
Overall explanation
5.4 Summarize elements of effective security compliance.
Attestation is the process where employees at an organization need to formally acknowledge their understanding and commitment to following the security policies. It is an important aspect of monitoring compliance and maintains transparency, integrity, and accountability towards the link between the employees and the security policies.
Domain
5.0 Security Program Management and Oversight
Question 45Skipped
What is the appropriate step to take that maintains data security and compliance during the disposal and decommissioning of old computer equipment that contains hard drives that previously processed and stored sensitive transactional data?
Hand over the drives to a recycling center
Explanation
Handing over the drives to a recycling center without proper data sanitization poses a risk of data exposure. Sensitive transactional data can be recovered from the drives, leading to potential security and compliance issues.
Correct answer
Wipe the hard drives using specialized data sanitization software
Explanation
Wiping the hard drives using specialized data sanitization software ensures that all sensitive transactional data is securely and permanently removed. This step maintains data security and compliance during the disposal and decommissioning process, preventing unauthorized access to sensitive information.
Erase the data on the drive from the command line
Explanation
Erasing data on the drive from the command line may not completely remove all sensitive information. Data can still be recovered using specialized tools, posing a risk to data security and compliance during disposal and decommissioning.
Format the drives using standard tools
Explanation
Formatting the drives using standard tools does not guarantee complete data removal. Formatted data can still be recovered, potentially exposing sensitive transactional data during disposal and decommissioning.
Overall explanation
4.2 Explain the security implications of proper hardware, software, and data asset management.
The appropriate step to take that maintains data security and compliance during the disposal and decommissioning of old computer equipment is to wipe the hard drives using specialized data sanitization software. The sanitization process ensures that the data is permanently removed using advanced techniques and artificial intelligence, to make sure the data cannot be easily recovered.
Domain
4.0 Security Operations
Question 46Skipped
What technique should a cybersecurity analyst use to capture and analyze network packets to identify a potential security breach for an ongoing investigation?
Correct answer
Packet sniffing
Explanation
Packet sniffing is a technique used to capture and analyze network packets in real-time to inspect the data being transmitted over a network. By capturing and analyzing packets, cybersecurity analysts can identify potential security breaches, unauthorized access, or malicious activities on the network, making it a valuable technique for ongoing investigations.
Log analysis
Explanation
Log analysis involves reviewing log files generated by various systems and applications to identify any suspicious activities or anomalies. While log analysis is an essential part of cybersecurity investigations, it does not directly involve capturing and analyzing network packets for identifying security breaches.
Network monitoring
Explanation
Network monitoring involves observing network traffic, devices, and systems to detect any unusual behavior or potential security threats. While network monitoring is crucial for maintaining network security, it does not specifically involve capturing and analyzing network packets in real-time for identifying security breaches.
Vulnerability scanning
Explanation
Vulnerability scanning involves scanning systems, applications, and networks for known vulnerabilities that could be exploited by attackers. While vulnerability scanning is an important part of cybersecurity risk management, it does not directly involve capturing and analyzing network packets to identify security breaches during an ongoing investigation.
Overall explanation
4.9 Given a scenario, use data sources to support an investigation.
A cybersecurity analyst may use packet sniffing to capture and analyze network packets to identify a potential security breach for an ongoing investigation**.** The packets are captured and then inspected to deliver insights into the network traffic and potential security issues.
Domain
4.0 Security Operations
Question 47Skipped
What is the objective of the security team outlining the rules of engagement for an assessment to determine the security risks of a third-party vendor that provides critical software services?
Setting of the financial obligations of the vendor in case of a breach
Explanation
Setting financial obligations for the vendor in case of a breach is not the primary objective of outlining rules of engagement for a security assessment. While financial considerations may be part of the overall contract with the vendor, the main focus of the rules of engagement is to define the assessment process itself.
Determination of the timeline for the assessment to be completed
Explanation
Determining the timeline for the assessment to be completed is an important consideration in planning a security assessment, but it is not the primary objective of outlining rules of engagement. While setting a timeline is necessary for project management purposes, it is not the main focus of defining the rules and parameters of the assessment.
Correct answer
Defining the scope, responsibilities, and boundaries of the assessment
Explanation
Defining the scope, responsibilities, and boundaries of the assessment is the main objective of outlining rules of engagement for a security assessment. This includes specifying what systems and data will be assessed, who is responsible for conducting the assessment, and the limitations of the assessment process.
Establishment of legal liability for the company and vendor
Explanation
Establishing legal liability for the company and vendor is an important aspect of vendor contracts and agreements, but it is not the main objective of outlining rules of engagement for a security assessment. Legal liability is typically addressed in legal documents and contracts, separate from the rules of engagement for a security assessment.
Overall explanation
5.3 Explain the processes associated with third-party risk assessment and management.
Defining the scope, responsibilities, and boundaries of the assessment is the objective of the security team when outlining the rules of engagement. It helps all parties to know their roles and what is expected of them during the assessment. The rules of engagement (ROE) serve as a framework for facilitating effective communication and coordination, maintaining order, and resolving disputes.
Domain
5.0 Security Program Management and Oversight
Question 48Skipped
What type of vulnerability exists from a system administrator accidentally leaving directory indexing enabled for some directories in a web server he configured recently allowing the contents to be viewed by anyone?
Correct answer
Misconfiguration
Explanation
Misconfiguration vulnerabilities occur when system settings or configurations are not properly secured, leading to potential security risks. In this case, leaving directory indexing enabled on a web server allows unauthorized access to sensitive information, making it a misconfiguration vulnerability.
Cryptographic
Explanation
Cryptographic vulnerabilities pertain to weaknesses in cryptographic algorithms, protocols, or implementations that can be exploited by attackers. Enabling directory indexing on a web server does not fall under cryptographic vulnerabilities.
Hardware
Explanation
Hardware vulnerabilities refer to weaknesses in physical components of a system, such as faulty hardware or insecure hardware configurations. Enabling directory indexing on a web server is not related to hardware vulnerabilities.
Virtualization
Explanation
Virtualization vulnerabilities involve weaknesses in virtualized environments, such as hypervisors or virtual machines. Enabling directory indexing on a web server is not directly related to virtualization vulnerabilities.
Overall explanation
2.3 Explain various types of vulnerabilities.
A system administrator accidentally leaving directory indexing enabled for some directories in a web server consequently allowing the contents to be viewed by anyone is a misconfiguration vulnerability. Sensitive information and files that were never intended to be public are potentially exposed to anyone with internet access increasing the risk of data breaches, privacy violations, and compromise of the web server.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 49Skipped
An electrical supply company wants to establish a legal and security framework as they consider outsourcing its IT services to a third-party provider. What may they use to define the terms, security requirements and responsibilities for each party in the partnership?
NDA
Explanation
NDA (Non-Disclosure Agreement) is a legal contract that protects confidential information shared between parties. While it is important in outsourcing agreements to protect sensitive data, it does not specifically define the terms, security requirements, and responsibilities for each party in the partnership.
MOU
Explanation
MOU (Memorandum of Understanding) is a non-binding agreement that outlines the intentions of parties to work together towards a common goal. While it can be used to establish a general understanding between parties, it may not provide the detailed legal and security framework needed for outsourcing IT services.
Correct answer
MSA
Explanation
MSA (Master Services Agreement) is a comprehensive legal document that defines the terms, security requirements, and responsibilities for each party in a partnership. It covers aspects such as service levels, data protection, liability, and dispute resolution, making it the most suitable choice for establishing a legal and security framework in outsourcing IT services.
WO
Explanation
WO (Work Order) is a document that specifies the work to be done and the terms of the agreement between parties. While it is crucial in outlining the scope of work in an outsourcing relationship, it does not typically cover the detailed security requirements and responsibilities for each party.
Overall explanation
5.3 Explain the processes associated with third-party risk assessment and management.
The electrical supply company may use a master service agreement (MSA) to define the terms, security requirements, and responsibilities of each party in the partnership. It sets the terms that will apply to all subsequent agreements to simplify the process of engaging in new projects and often includes security provisions.
Domain
5.0 Security Program Management and Oversight
Question 50Skipped
What is the primary reason the IT team should ensure that changes to policies and procedures are approved and updated in the documentation?
Ability to carry out punishments for non-compliance
Explanation
Having updated policies may help define consequences for non-compliance, but the primary purpose of documenting and approving policy changes is not to enforce punishments. The focus is on regulatory compliance and the ability to demonstrate adherence to laws and standards. Punishments for non-compliance are more relevant to enforcement, not documentation.
Correct answer
Demonstration of regulatory compliance during audits
Explanation
The primary reason to ensure that changes to policies and procedures are approved and documented is to demonstrate compliance with regulatory standards during audits. Regulatory bodies require organizations to maintain up-to-date, documented evidence of compliance with information security laws and regulations. Without proper documentation and approval, the organization risks being non-compliant, which could lead to penalties or legal consequences during an audit. Approved and updated documentation serves as a key control mechanism to prove that the organization adheres to the required legal and regulatory frameworks.
Elimination of the need for continuous monitoring
Explanation
Updating policies and procedures does not eliminate the need for continuous monitoring. Continuous monitoring is an ongoing process required to ensure that security controls are effective and that the organization can respond to threats in real time. Policy updates are a static process, while continuous monitoring is dynamic, aimed at detecting and responding to threats as they occur.
Reduction of bulk updates after a long time has elapsed
Explanation
Although updating documentation regularly does help reduce the need for bulk updates later, this is not the primary reason for ensuring that changes are approved and documented. The main concern is regulatory compliance, especially during audits. Reducing bulk updates is more of an operational benefit, whereas regulatory compliance is a critical business requirement.
Overall explanation
1.3 Explain the importance of change management processes and the impact to security.
Demonstration of regulatory compliance during audits is the primary reason the IT team should ensure that changes to policies and procedures are approved and updated in the documentation**.** With evidence that the organization adheres to regulations and laws that govern its operations possible penalties or legal consequences may be avoided and trust built with stakeholders and customers.
Domain
1.0 General Security Concepts
Question 51Skipped
A sales agent at a clothing store tries to log in to their sales system late at night to close a large sales deal he’s been working on with an online trader but is denied access to the system. What is the most likely reason for this?
Expired login credentials
Explanation
Expired credentials are a common reason for access denial, but the scenario specifies that the login failure happens late at night. The timing suggests a policy-based restriction (like time-of-day limits) rather than an issue with the employee’s credentials. Expired credentials would likely cause a denial regardless of the time of day.
Compromise of the employee’s account
Explanation
A compromised account could indeed cause access denial, but in this case, there is no indication that any malicious activity or warning of a security breach has occurred. The denial of access seems more likely to be related to a policy-based control, such as time-of-day restrictions, rather than account compromise, which would typically trigger alerts and additional actions.
The sales system is facing technical issues
Explanation
While technical issues could result in access problems, there is nothing in the scenario that indicates a system failure or technical problem. The key detail here is that the login attempt occurs late at night, which aligns with time-of-day restrictions rather than a technical outage or system failure.
Correct answer
Time-of-day restrictions
Explanation
Time-of-day restrictions are a security measure that limits system access to specific hours. This is commonly implemented to prevent unauthorized or unusual access during off-hours. In this case, since the employee is trying to log in late at night, the most probable reason for denial of access is that the system restricts access during non-working hours for security purposes. Such policies are often put in place to reduce the risk of unauthorized access or potential misuse outside of normal business hours.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
The failure of the sales agent to log in to their sales system late at night to close a large sales deal is most probably because of time-of-day restrictions. Since the sales agent is attempting to access the system outside of the configured allowable working hours, access is denied.
Domain
4.0 Security Operations
Question 52Skipped
The IT department at an organization is on alert for possible attacks from an employee who recently resigned due to a dispute at the office and is suspected of launching revenge-motivated attacks. What action should be taken to mitigate the risk posed by such a threat?
Inform all possible law enforcement agencies
Explanation
Informing all possible law enforcement agencies is important in escalating the situation and seeking legal assistance in dealing with the potential threat. However, this action alone may not address the immediate cybersecurity risks posed by the former employee. Law enforcement agencies can assist in investigating the situation, but a comprehensive security approach is needed to mitigate the threat effectively.
Increase surveillance and physical security
Explanation
Increasing surveillance and physical security may help in monitoring the physical presence of the former employee, but it may not address the underlying cybersecurity threats that the individual could pose. While physical security is important, focusing solely on this aspect may not fully mitigate the risk of cyber attacks.
Correct answer
Undergo a security audit of the entire network
Explanation
Undergoing a security audit of the entire network is crucial in identifying any vulnerabilities that could be exploited by the disgruntled former employee. This proactive measure can help in strengthening the organization’s security posture and mitigating potential risks posed by the threat.
Monitor the social media activity of the employee
Explanation
Monitoring the social media activity of the employee may provide some insights into their potential intentions, but it may not be a reliable or effective method for mitigating cybersecurity threats. Social media monitoring alone may not prevent or stop a determined attacker from launching cyber attacks against the organization.
Overall explanation
2.1 Compare and contrast common threat actors and motivations.
The IT department should undergo a security audit of the entire network to mitigate the risk posed by the employee. This will help to identify significant areas of concern, points, or systems with weak controls, and enhance the overall security posture of the organization.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 53Skipped
An employee has just received a mobile device from a company that has adopted the COPE approach and wants to understand the effects of the setup on the usage of the device. Which statement best describes this approach?
The employee has no access to corporate resources but can use the device personally without any corporate security controls
Explanation
This statement is incorrect as the COPE approach allows the employee to access corporate resources while also using the device for personal purposes. Restricting access to corporate resources would not align with the COPE model.
No corporate security controls are placed on the device which can be used for both personal and official purposes
Explanation
This statement is incorrect as the COPE approach specifically involves placing corporate security controls on the device. Without these controls, the device would not align with the COPE model and would pose security risks for corporate data.
Correct answer
Corporate security controls are placed on the device which can be used for both personal and official purposes
Explanation
The COPE (Corporate-Owned, Personally-Enabled) approach involves placing corporate security controls on a mobile device that can be used for both personal and official purposes. This allows the employee to have a single device for work and personal use while ensuring that corporate data and resources are protected.
The employee has no access to corporate resources but can use the device personally with enforced corporate security controls
Explanation
This statement is incorrect as the COPE approach involves providing the employee with access to corporate resources while also allowing personal use of the device. Enforcing corporate security controls ensures that corporate data is protected even when the device is used for personal tasks.
Overall explanation
4.1 Given a scenario, apply common security techniques to computing resources.
In the corporate-owned, personally enabled (COPE) approach corporate security controls are placed on the device which can be used for both personal and official purposes. Employees are provided with flexibility while security and control are maintained by the corporation. COPE aims to promote productivity by enabling employees to access their work environment and resources on the same device they use for their personal endeavors.
Domain
4.0 Security Operations
Question 54Skipped
What principle of security focuses on ensuring that individuals are not given any additional permissions but only the necessary ones that they need to perform their job function?
Mandatory vacation
Explanation
Mandatory vacation is a security practice that requires employees to take time off from work to detect and prevent fraud or errors that may occur in their absence. While it is a valuable security measure, it does not specifically relate to limiting permissions to only necessary functions for job roles.
Correct answer
Need-to-know
Explanation
The principle of need-to-know focuses on providing individuals with access only to the information or resources that are necessary for them to perform their job functions. By limiting permissions to essential tasks, organizations can reduce the risk of unauthorized access and potential security breaches.
Segregation of duties
Explanation
Segregation of duties is a security principle that focuses on dividing responsibilities among multiple individuals to prevent fraud and errors. While it is important for maintaining accountability and preventing conflicts of interest, it does not directly address the concept of limiting permissions to only what is necessary for job functions.
Job rotation
Explanation
Job rotation is a security practice that involves rotating employees through different roles within an organization to prevent fraud and increase cross-training. While it can be beneficial for security reasons, it does not directly address the principle of limiting permissions to only what is necessary for job functions.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
The need-to-know principle of security focuses on ensuring that individuals are not given any additional permissions but only the necessary ones that they need to perform their job function. It helps to reduce potential risks and misuse of information by removing any unnecessary privileges and access.
Domain
4.0 Security Operations
Question 55Skipped
Despite efforts made by a company to educate their employees about the dangers of phishing attacks through regular security awareness training, a recent email phishing campaign successfully tricked many of the trained staff into clicking malicious links. What action should be performed in response to this?
Correct answer
Analyze the phishing attack thoroughly and share the findings with the employees
Explanation
Analyzing the phishing attack thoroughly and sharing the findings with the employees can help them understand the tactics used by attackers and how to recognize and avoid similar attacks in the future. This approach promotes a culture of learning and empowers employees to be more vigilant against phishing attempts.
Increase the number of security awareness training sessions
Explanation
Increasing the number of security awareness training sessions may not necessarily address the root cause of why employees are still falling victim to phishing attacks. It is important to analyze the effectiveness of the current training sessions and make necessary adjustments rather than just increasing the frequency.
Disable the email accounts of all employees who were tricked in the campaign
Explanation
Disabling the email accounts of employees who were tricked in the campaign may disrupt normal business operations and could lead to further security issues. It is important to focus on educating employees and implementing additional security measures rather than punitive actions that may have negative consequences.
Punish all employees who fell victim to the phishing attack so they may learn to be careful next time
Explanation
Punishing employees who fell victim to the phishing attack may create a culture of fear and discourage employees from reporting future incidents. It is essential to create a supportive environment where employees feel comfortable reporting security incidents without fear of retribution.
Overall explanation
5.6 Given a scenario, implement security awareness practices.
The company should analyze the phishing attack thoroughly and share the findings with the employees if their recent email phishing campaign successfully tricked many of the trained staff into clicking malicious links. Sharing the findings with the employees helps to make them understand the tactics that attackers may use against them assisting them to be more vigilant when facing such emails.
Domain
5.0 Security Program Management and Oversight
Question 56Skipped
What technical implication arises from an unexpected issue occurring during the service restart after the application of necessary updates to a critical server?
Correct answer
Extensive service downtime impacting availability
Explanation
Extensive service downtime impacting availability is a valid technical implication of an unexpected issue occurring during the service restart after applying necessary updates to a critical server. Service downtime can occur when unexpected issues arise during the restart process, affecting the availability of the server and potentially causing disruptions to users.
Server performance boost due to service reboot
Explanation
Server performance boost due to service reboot is not a technical implication of an unexpected issue occurring during the service restart after applying necessary updates. In fact, unexpected issues during service restart can lead to performance degradation or downtime rather than a boost.
Improvements of the data recovery process
Explanation
Improvements of the data recovery process are not directly related to an unexpected issue occurring during the service restart after applying necessary updates. This choice does not address the technical implication of the issue impacting the server’s availability.
Updates taking effect due to the restart of services
Explanation
Updates taking effect due to the restart of services is not a technical implication of an unexpected issue occurring during the service restart after applying necessary updates. This choice focuses on the updates themselves rather than the potential issues that may arise during the restart process.
Overall explanation
1.3 Explain the importance of change management processes and the impact to security.
The technical implication that arises from an unexpected issue occurring during the service restart after applying updates is extensive service downtime impacting availability. Business operations may be disrupted which may impede productivity and result in financial losses.
Domain
1.0 General Security Concepts
Question 57Skipped
What security concept can cause a suspicious flag to be raised for the actions of a user that appear to be legitimate?
Penetration testing
Explanation
Penetration testing is a security practice where authorized simulated attacks are conducted on a computer system to evaluate its security. While penetration testing is important for identifying vulnerabilities, it is not directly related to raising suspicious flags for user actions that appear legitimate.
Correct answer
Anomaly detection
Explanation
Anomaly detection is a security concept that involves monitoring user behavior and system activities to identify patterns that deviate from normal behavior. If a user’s actions appear to be legitimate but are outside of the usual patterns, an anomaly detection system may raise a suspicious flag to investigate further.
Disaster recovery
Explanation
Disaster recovery is a set of policies, tools, and procedures to recover or continue essential technology infrastructure and systems following a disaster. It is focused on restoring operations after an incident and does not involve raising suspicious flags for user actions.
Threat intelligence
Explanation
Threat intelligence involves gathering and analyzing information about potential threats to an organization’s security. While threat intelligence is crucial for understanding and mitigating security risks, it is not directly related to raising suspicious flags for user actions that may appear legitimate but are flagged as anomalies.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
Anomaly detection can cause a suspicious flag to be raised for the actions of a user that appear to be legitimate. It is a fundamental part of user behavior analytics (UBA) where abnormal events have been flagged and raised to initiate investigations. Deviations in the expected behaviors that are defined by baselines can be spotted to indicate suspicions of malicious events occurring.
Domain
4.0 Security Operations
Question 58Skipped
How would a root cause analysis assist an incident response team in their investigation of a security breach that led to unauthorized privileged access to critical system resources?
It gives details of who is to blame for the incident
Explanation
Root cause analysis is not about assigning blame to individuals. It is focused on understanding the factors that contributed to the security breach, such as vulnerabilities in the system or processes, rather than attributing fault to specific individuals.
It checks if the root user was compromised to lead to the incident
Explanation
Root cause analysis does not specifically focus on determining if the root user was compromised. It aims to identify the underlying cause of the security breach, rather than pinpointing a specific user account that may have been compromised.
Correct answer
It provides an understanding of the reasons for the breach
Explanation
Root cause analysis is essential for incident response teams as it helps them understand the root cause of the security breach. By identifying the reasons for the breach, the team can take corrective actions to prevent similar incidents in the future and strengthen the security posture of the system.
It verifies if a rootkit caused the incident
Explanation
Root cause analysis is not primarily focused on verifying if a rootkit caused the incident. While investigating the incident, the team may explore various potential causes, including the presence of malicious software like rootkits, but the main goal of root cause analysis is to identify the fundamental reason behind the security breach.
Overall explanation
4.8 Explain appropriate incident response activities.
The root cause analysis would assist an incident response team in their investigation of a security breach as it provides an understanding of the reasons for the breach. Weaknesses in the security posture, processes, and systems can be identified to develop effective and sustainable strategies and solutions that shall help prevent similar incidents in the future.
Domain
4.0 Security Operations
Question 59Skipped
What is the significant security concern to an organization using an outdated encryption algorithm having known vulnerabilities to secure its sensitive data in transit and has not yet upgraded it due to budget constraints?
Slow data transmission rates
Explanation
Slow data transmission rates may be a drawback of using an outdated encryption algorithm, but it is not the primary security concern in this case. The main issue is the increased risk of illegitimate access to sensitive data due to the vulnerabilities in the encryption method.
Correct answer
Data is at a higher risk of illegitimate access
Explanation
The significant security concern in this scenario is that data is at a higher risk of illegitimate access. Using an outdated encryption algorithm with known vulnerabilities exposes sensitive data to potential attackers who may exploit these weaknesses to gain unauthorized access.
Data backup and recovery challenges
Explanation
Data backup and recovery challenges may arise from using an outdated encryption algorithm, but they are not the most significant security concern in this situation. The main concern is the increased risk of illegitimate access to sensitive data due to the vulnerabilities in the encryption method.
Device compatibility issues with the encryption method
Explanation
Device compatibility issues with the encryption method are not the significant security concern in this scenario. While compatibility issues can be a concern, the primary issue with using an outdated encryption algorithm with known vulnerabilities is the risk of unauthorized access to sensitive data.
Overall explanation
2.3 Explain various types of vulnerabilities.
The significant security concern for an organization using an outdated encryption algorithm having known vulnerabilities to secure its sensitive data in transit is that the data is at a higher risk of illegitimate access. Attackers may find means to exploit and decrypt vulnerable communication and gain unauthorized access to sensitive data. Furthermore, the algorithm may fail to conform to compliance and regulatory standards or requirements.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 60Skipped
Which protocol is most suitable for a company upgrading its email server security to protect the data in its email communications?
IMAP
Explanation
IMAP (Internet Message Access Protocol) is used for retrieving emails from a mail server, but it does not provide encryption or security features to protect the data in email communications. It is not the most suitable protocol for upgrading email server security to protect email data.
Correct answer
S/MIME
Explanation
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol that provides end-to-end encryption and digital signatures for email communications. It is the most suitable protocol for a company looking to upgrade its email server security to protect the data in its email communications.
POP
Explanation
POP (Post Office Protocol) is used for retrieving emails from a mail server, but it does not provide encryption or security features to protect the data in email communications. It is not the most suitable protocol for upgrading email server security to protect email data.
SMTP
Explanation
SMTP (Simple Mail Transfer Protocol) is responsible for sending emails between servers, but it does not provide encryption or security features to protect the data in email communications. It is not the most suitable protocol for upgrading email server security to protect email data.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
The most suitable protocol for a company aimed at protecting the data in its email communications is Secure/Multipurpose Internet Mail Extensions (S/MIME). It is a secure set of standards for sending and receiving email messages. It adds an encryption layer for confidentiality and digital signatures to preserve integrity and authenticate the mail.
Domain
4.0 Security Operations
Question 61Skipped
What is an important factor to be considered by a system administrator when determining the backup frequency for a critical online database containing transactional data that is updated in real time throughout the day?
Time required for the completion of a full backup
Explanation
The time required for the completion of a full backup is important for planning backup schedules, but it does not specifically address the frequency of backups needed for a critical online database with real-time transactional data.
Available storage for backups
Explanation
Available storage for backups is crucial for storing backup copies of the database, but it does not directly impact the decision on how frequently backups should be taken for a critical online database with real-time transactional data.
The location of the backup storage
Explanation
The location of the backup storage is important for ensuring data redundancy and security, but it is not directly related to determining the backup frequency for a critical online database.
Correct answer
The criticality and volume of the transactional data
Explanation
The criticality and volume of the transactional data are key factors to consider when determining the backup frequency for a critical online database. High criticality and a large volume of transactional data that is updated in real time throughout the day may require more frequent backups to ensure data integrity and minimize potential data loss.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
An important factor to be considered by a system administrator when determining the backup frequency for a critical online database is the criticality and volume of the transactional data. The database contains critical transaction data that needs to be updated in real-time throughout the day which means data loss can not be entertained therefore a frequency backup plan is crucial.
Domain
3.0 Security Architecture
Question 62Skipped
Which of the following corrective controls should be applied to the network infrastructure that has been found to have a critical vulnerability during a recent audit that may lead to unauthorized remote access to the critical systems?
Correct answer
Patching the vulnerable system on the network
Explanation
Patching the vulnerable system on the network is a corrective control that directly addresses the critical vulnerability found during the audit. Patching involves applying software updates, fixes, or security patches to the vulnerable system to eliminate the security flaw and prevent unauthorized remote access to critical systems.
Encrypt all the traffic flowing through the network
Explanation
Encrypting all the traffic flowing through the network is an important security measure to protect data in transit from eavesdropping and interception. However, it does not directly address the critical vulnerability found during the audit that may lead to unauthorized remote access to critical systems.
Adding an IDS to the network
Explanation
Adding an IDS to the network is a detective control that can help in identifying and alerting about potential security incidents or unauthorized access. While it is a good security practice, it does not directly address the critical vulnerability found during the audit that may lead to unauthorized remote access.
Block incoming traffic using a firewall
Explanation
Blocking incoming traffic using a firewall is a preventive control that can help in filtering and controlling network traffic. While it is essential for network security, it does not directly address the critical vulnerability found during the audit that may lead to unauthorized remote access to critical systems.
Overall explanation
1.1 Compare and contrast various types of security controls.
The corrective control that should be applied is patching the vulnerable system on the network. Corrective controls are measures taken to mitigate security risks and vulnerabilities, and to respond to security incidents.
Domain
1.0 General Security Concepts
Question 63Skipped
A security analyst at a pharmaceutics facility has noticed a traffic pattern involving the retransmission of network packets multiple times within a short time interval. What type of attack is indicated by such behavior?
Wireless
Explanation
Wireless attacks typically involve unauthorized access to a wireless network or intercepting wireless communications. The behavior described in the question, involving the retransmission of network packets, is not indicative of a wireless attack.
Buffer overflow
Explanation
Buffer overflow attacks occur when a program writes more data to a buffer than it can hold, leading to the overwriting of adjacent memory locations. The behavior described in the question, involving the retransmission of network packets, is not indicative of a buffer overflow attack.
Correct answer
Replay
Explanation
A replay attack involves the interception and retransmission of network packets to gain unauthorized access to a system or network. The behavior of retransmitting network packets multiple times within a short time interval aligns with the characteristics of a replay attack.
Malicious code
Explanation
Malicious code attacks involve the execution of harmful code on a system to disrupt operations or steal sensitive information. The behavior of retransmitting network packets multiple times within a short time interval is not typically associated with malicious code attacks.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
A traffic pattern involving the retransmission of network packets multiple times within a short time is an indication of a replay attack. The attacker can consequently gain unauthorized access and manipulate or steal sensitive data. Timestamping, nonces, and encryption are used to provide defense against such attacks.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 64Skipped
A mobile device user at a company has decided to bypass the mobile device policy that restricts the sideloading of mobile apps onto the devices. What security risk is likely to result from such a policy violation?
The device will face immunity to attacks
Explanation
Immunity to attacks is not a likely outcome of bypassing the mobile device policy on sideloading mobile apps. In fact, the device may become more vulnerable to attacks due to the installation of unverified and potentially malicious software from unknown sources.
Violation of the data security policies
Explanation
Violation of data security policies may lead to unauthorized access to sensitive company information, data breaches, and compliance issues. However, the specific risk resulting from sideloading mobile apps is more related to the introduction of potentially malicious software rather than direct data security policy violations.
Correct answer
Malicious software may infect the device
Explanation
Sideloading mobile apps onto the device opens up the possibility of downloading and installing malicious software that can infect the device. This can lead to various security threats such as data theft, unauthorized access, and compromise of sensitive information.
Official updates will automatically be installed on the device
Explanation
Bypassing the mobile device policy to sideload apps does not guarantee that official updates will automatically be installed on the device. In fact, the device may become more susceptible to security vulnerabilities and may not receive important security patches and updates from the official sources.
Overall explanation
2.3 Explain various types of vulnerabilities.
The security risk that is likely to result from bypassing the mobile device policy that restricts the sideloading of mobile apps onto the devices is that malicious software may infect the device. Malware includes a vast range of harmful applications, including ransomware, trojans, worms, spyware, bloatware, viruses, keyloggers, logic bombs, rootkits, and all the above. The malicious software can have a variety of adverse effects including data theft, system compromise, and financial loss to name a few.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 65Skipped
What is the response expected from an intrusion prevention system (IPS) that has detected suspicious network traffic patterns matching known attack signatures?
Traffic analysis will be done to identify new attack signatures
Explanation
Traffic analysis to identify new attack signatures is not the expected response from an intrusion prevention system (IPS) when it detects suspicious network traffic patterns matching known attack signatures. The primary function of an IPS is to prevent or block known attacks, rather than analyzing traffic for new signatures.
Alerts will be generated to inform responsible personnel of the attack
Explanation
Generating alerts to inform responsible personnel of the attack is not the primary expected response from an intrusion prevention system (IPS) when it detects suspicious network traffic patterns matching known attack signatures. While alerts may be generated as a secondary measure, the main goal of an IPS is to actively block or prevent known attacks from reaching their targets.
Suspicious traffic data will be captured and forwarded to the forensics team
Explanation
Capturing and forwarding suspicious traffic data to the forensics team is not the typical response from an intrusion prevention system (IPS) when it detects suspicious network traffic patterns matching known attack signatures. The main purpose of an IPS is to actively block or prevent known attacks from reaching their targets.
Correct answer
The attack will be blocked or prevented from reaching the target
Explanation
The correct response expected from an intrusion prevention system (IPS) that has detected suspicious network traffic patterns matching known attack signatures is to block or prevent the attack from reaching the target. This is the primary function of an IPS, to actively prevent known attacks from causing harm to the network or systems.
Overall explanation
3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
The response expected from an intrusion prevention system (IPS) that has detected suspicious network traffic patterns matching known attack signatures is that the attack will be blocked or prevented from reaching the target. The IPS can drop the potentially malicious network traffic, alerting the security administrators of the incident, and logging the event for further analysis. It is capable of adaptively setting its rule base to prevent similar attacks in the future.
Domain
3.0 Security Architecture
Question 66Skipped
A critical online service that is used by a diverse group of customers has experienced an unexpected system downtime due to a sudden burst in traffic resulting from user activity. How would you define resilience in this context?
Protection of sensitive information from unauthorized access
Explanation
Protection of sensitive information from unauthorized access is an important aspect of cybersecurity, but it does not directly relate to the concept of resilience in the context of system downtime caused by sudden bursts in traffic. Resilience is more about the overall ability of the system to withstand and recover from disruptions, rather than just focusing on data protection.
Correct answer
Increased user demands being handled by the service
Explanation
Increased user demands being handled by the service is the correct definition of resilience in this context. Resilience refers to the ability of a system to adapt and continue functioning effectively under stress or adverse conditions, such as sudden spikes in traffic. A resilient system can scale to meet increased demands and recover quickly from disruptions.
Identification of vulnerabilities in the service’s code
Explanation
Identification of vulnerabilities in the service’s code is related to security measures and risk management, but it does not specifically address the concept of resilience in the context of unexpected system downtime due to traffic bursts. Resilience focuses on the system’s ability to maintain functionality and performance under challenging circumstances.
Using encryption to secure the customer data
Explanation
Using encryption to secure customer data is important for data protection and confidentiality, but it does not directly address the issue of system downtime caused by unexpected traffic bursts. Resilience in this context refers to the ability of the service to withstand and recover from such unexpected events.
Overall explanation
3.1 Compare and contrast security implications of different architecture models.
The resilience of the critical online service can be defined by increased user demands being handled by the service. The service should be able to withstand unaccounted service disruptions, such as surges in network traffic or user activity by functioning continuously without downtime.
Domain
3.0 Security Architecture
Question 67Skipped
What transport method may be used to transmit sensitive financial data between branch offices to ensure security and confidentiality in transit?
FTP
Explanation
FTP (File Transfer Protocol) is not the most secure transport method for transmitting sensitive financial data between branch offices. FTP does not provide encryption for data in transit, making it vulnerable to interception and unauthorized access.
LDAPS
Explanation
LDAPS (Lightweight Directory Access Protocol Secure) is used for secure communication with directory services, such as Active Directory. While LDAPS provides encryption for directory-related data, it may not be the most suitable transport method for transmitting sensitive financial data between branch offices.
DNSSEC
Explanation
DNSSEC (Domain Name System Security Extensions) is a security protocol used to authenticate DNS data and prevent DNS spoofing attacks. While DNSSEC enhances the security of DNS queries, it is not a transport method for transmitting sensitive financial data between branch offices.
Correct answer
HTTPS
Explanation
HTTPS (Hypertext Transfer Protocol Secure) is the correct choice for transmitting sensitive financial data between branch offices. HTTPS uses encryption (SSL/TLS) to secure data in transit, ensuring confidentiality and security during transmission.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
Hypertext transfer protocol secure (HTTPS) may be used to transmit sensitive financial data between branch offices to ensure security and confidentiality in transit. It is a widely used protocol for secure communication over the Internet. It employs a secure sockets layer (SSL) or its successor, transport layer security (TLS), to secure the data transmitted between the branch offices.
Domain
4.0 Security Operations
Question 68Skipped
A corporate institute has implemented just-in-time permissions for their administrators using the privileged access management system to access the critical systems and resources on the network. What is meant by these permissions?
Access permissions are granted based on the four-eyes principle
Explanation
Just-in-time permissions are not based on the four-eyes principle, which requires two individuals to approve access before it is granted. Instead, just-in-time permissions focus on granting access only when needed, regardless of the number of individuals involved in the approval process.
Access is granted just at specific times of the day
Explanation
Granting access just at specific times of the day is not the same as implementing just-in-time permissions. Just-in-time permissions are focused on providing access only when needed, regardless of the time of day, to enhance security and reduce the attack surface.
Correct answer
Access permissions are granted only when needed
Explanation
Just-in-time permissions mean that access to critical systems and resources is granted only when needed. This helps minimize the exposure of sensitive information and reduces the risk of unauthorized access by limiting the time window during which administrators have access.
Administrators have permanent privileged access
Explanation
Having permanent privileged access means that administrators always have access to critical systems and resources, which is not the case with just-in-time permissions. Just-in-time permissions are temporary and granted only when needed to reduce the risk of unauthorized access.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
Just-in-time permissions mean access permissions are granted only when needed. It is a concept used in privileged access management (PAM) to minimize the risk associated with permanent elevated and unrestricted access. The permissions are only granted for the duration necessary to complete the task reducing the possibilities of abuse or misuse of the privileged access.
Domain
4.0 Security Operations
Question 69Skipped
What should the security team do to investigate further after they have detected suspicious activity in their corporate network?
Erase the logs so it may appear that incidents do not occur on their watch
Explanation
Erasing the logs to create the impression that incidents do not occur on their watch is a detrimental approach to investigating suspicious activity. Deleting logs can hinder the investigation process, prevent the security team from identifying the root cause of the incident, and impede efforts to strengthen the network’s defenses. Preserving and analyzing logs is essential for effective incident response, threat detection, and security incident management.
Share the logs will all employees for the greater good
Explanation
Sharing the logs with all employees is not a recommended practice when investigating suspicious activity in the corporate network. Maintaining confidentiality and restricting access to sensitive information is essential to prevent unauthorized disclosure of potentially sensitive data. Sharing logs with all employees could lead to misinformation, confusion, and potential breaches of data privacy regulations.
Archive the logs for future analysis
Explanation
Archiving the logs for future analysis is a best practice in handling security incidents within the corporate network. By archiving logs, the security team can preserve a historical record of the incident, enabling them to conduct in-depth analysis, identify trends, and enhance incident response capabilities. Archiving logs also ensures compliance with regulatory requirements and facilitates knowledge sharing within the organization. However, after the security team have detected suspicious activity in their corporate network, they should first Identify the logs related to the incident.
Correct answer
Identify the logs related to the incident
Explanation
Identifying the logs related to the incident is a critical step in the investigation process following the detection of suspicious activity in the corporate network. Logs serve as a valuable source of information that can help the security team trace the actions of the attacker, understand the impact of the incident, and determine the extent of the compromise. Analyzing the logs can provide insights into the attack vector, potential vulnerabilities, and the overall security posture of the network.
Overall explanation
4.9 Given a scenario, use data sources to support an investigation.
The security team should identify the logs related to the incident after they have detected suspicious activity in their corporate network. The focused approach allows investigators of the incident to be able to analyze the data efficiently and provide valuable insights without compromising the logs. A timeline of the incident may be easily reconstructed to determine the impact and appropriate measures to be taken.
Domain
4.0 Security Operations
Question 70Skipped
Which cloud-specific vulnerability should a company that has recently migrated its data and applications to a cloud service provider be particularly cautious about?
Improper employee security training
Explanation
Improper employee security training is a general security concern that applies to all organizations, regardless of whether they have migrated to a cloud service provider or not. While employee training is important for overall security posture, it is not a cloud-specific vulnerability that companies should be particularly cautious about after migrating to the cloud.
Malware spreading in the internal network
Explanation
Malware spreading in the internal network is a concern for all organizations, whether they have migrated to the cloud or not. While malware can impact cloud environments, it is not a specific vulnerability that is unique to companies that have recently migrated to a cloud service provider. This choice is not directly related to cloud-specific vulnerabilities.
Unauthorized physical access to the on-premise data center
Explanation
Unauthorized physical access to the on-premise data center is a concern for companies that have their data and applications stored on-premise, not for those who have migrated to a cloud service provider. This choice is not relevant to cloud-specific vulnerabilities.
Correct answer
Misconfigurations in cloud controls leading to data leaks
Explanation
Misconfigurations in cloud controls leading to data leaks are a significant concern for companies that have migrated their data and applications to a cloud service provider. Improperly configured cloud security controls can result in unauthorized access to sensitive data, making it a critical vulnerability to be cautious about.
Overall explanation
2.3 Explain various types of vulnerabilities.
A company that has recently migrated its data and applications to a cloud service provider should be particularly cautious about misconfigurations in cloud controls leading to data leaks. Various consequences can evolve such as data exposure, financial losses, reputational damage, and compliance violations.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 71Skipped
Which of the following techniques can be used by a network administrator responsible for configuring servers and network devices according to established industry best practices to ensure their availability, reduce vulnerabilities, and enhance overall security?
Continuous integration and testing
Explanation
Continuous integration and testing is a software development practice that involves frequently integrating code changes into a shared repository and running automated tests to detect errors early in the development process. While this practice is important for software development, it is not directly related to configuring servers and network devices for security purposes.
Workforce multiplier
Explanation
Workforce multiplier refers to the concept of leveraging technology and automation tools to increase the productivity and efficiency of a workforce. While workforce multiplier can be beneficial for optimizing operations, it is not specifically related to configuring servers and network devices for security best practices.
Scaling in a secure manner
Explanation
Scaling in a secure manner involves designing and implementing systems that can handle increased workload or traffic while maintaining security and performance. While scaling is important for ensuring availability, it is not directly related to configuring servers and network devices according to established security best practices.
Correct answer
Standard infrastructure configurations
Explanation
Standard infrastructure configurations refer to the practice of setting up servers and network devices based on established industry best practices and security guidelines. By following standard configurations, network administrators can ensure the availability, reduce vulnerabilities, and enhance overall security of their systems. This choice aligns with the goal of configuring servers and network devices according to established security best practices.
Overall explanation
4.7 Explain the importance of automation and orchestration related to secure operations.
A network administrator responsible for configuring servers and network devices according to established industry best practices can use standard infrastructure configurations. By ensuring the systems are set up in a consistent and secure manner, the overall security is enhanced, and vulnerabilities may be reduced.
Domain
4.0 Security Operations
Question 72Skipped
An online art gallery that is implementing a data backup strategy for their digital artwork collection needs to determine an RPO for their data. Which statement is the correct definition for the RPO?
RPO is the time they can afford to be without access to their artwork data
Explanation
RPO is not about the time the organization can afford to be without access to their data; it is more about the amount of data they are willing to lose in case of a disaster or incident.
RPO is the time it takes to get back to the point before the incident
Explanation
RPO is not about the time it takes to get back to the point before the incident; it is about the amount of data loss the organization is prepared to deal with in case of a disaster.
RPO is the new data that has been processed after a cyberattack
Explanation
RPO is not about the new data processed after a cyberattack; it is related to the maximum data loss the organization is willing to accept.
Correct answer
RPO is the maximum data loss they are willing to accept
Explanation
RPO is indeed the maximum data loss the organization is willing to accept. It helps determine the frequency of data backups and the recovery point in case of a data loss event.
Overall explanation
5.2 Explain elements of the risk management process.
The recovery point objective (RPO) for the online art gallery implementing a data backup strategy is the maximum data loss they are willing to accept. It signifies how much digital artwork they can afford to lose. The RPO represents the point in time at which the data that existed in the system should all be recovered when an incident occurs resulting in a loss of data. This point is the optimum point that will minimize disruption of business processes and provide for a smooth restoration of operations.
Domain
5.0 Security Program Management and Oversight
Question 73Skipped
Some of the users at an organization have frequently been observing slow performance on their work computers and unexpected pop-up windows. What type of malware is likely to be causing this?
Correct answer
Spyware
Explanation
Spyware is designed to secretly gather information about a user’s activities and transmit it to a third party. It can cause system slowdowns and often leads to the display of unexpected pop-up windows, making it the most likely type of malware causing the described issues.
Adware
Explanation
Adware is known for displaying unwanted advertisements and pop-up windows to generate revenue for the attacker. It can cause system slowdowns but is not typically associated with unexpected pop-up windows, making it less likely to be the cause of the described issues.
Ransomware
Explanation
Ransomware typically encrypts the user’s files and demands a ransom for decryption. While it can cause system slowdowns, it is not known for generating unexpected pop-up windows, making it less likely to be the cause of the described issues.
Bloatware
Explanation
Bloatware refers to software that is pre-installed on a device and takes up unnecessary space and resources. While it can contribute to system slowdowns, it is not known for generating unexpected pop-up windows, making it less likely to be the cause of the described issues.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
Slow performance accompanied by unexpected pop-up windows are characteristics of spyware. Spyware is malicious software that is designed to collect information from the device of the user without their consent or knowledge. It can stealthily capture keystrokes, take pictures and videos, collect browsing data and sensitive files, etc.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 74Skipped
Employees at an organization are required to access the internet through a centralized proxy as a security measure and to monitor internet usage. A specific department requires unrestricted access to certain websites for research purposes. What should be done in this situation?
Correct answer
Allow specific websites for the department via the centralized proxy
Explanation
Allowing specific websites for the department via the centralized proxy is the most appropriate solution in this situation. This approach ensures that the department can access necessary resources for research purposes while maintaining security and monitoring controls in place.
Allow access for the department to all websites to avoid inconveniences
Explanation
Allowing access for the department to all websites may increase the risk of security breaches and unauthorized access to sensitive information. It is crucial to implement restrictions and controls to ensure the organization’s network security.
Allow all employees access to all websites because they may also be facing issues
Explanation
Allowing all employees access to all websites would defeat the purpose of having a centralized proxy for security and monitoring purposes. It is important to restrict access to certain websites to maintain a secure network environment.
Do not make any exceptions as they shall keep on coming in the future
Explanation
Not making any exceptions for specific departments may lead to frustration and hinder productivity. It is essential to consider the needs of different departments and make necessary accommodations to support their work while maintaining security measures.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
The appropriate solution is to allow specific websites for the department via the centralized proxy. This will help maintain the security standard while attending to the needs of the department. Access control lists (ACLs) can be created and managed by the administrators to specify which websites should be accessed by the users of the department.
Domain
4.0 Security Operations
Question 75Skipped
What is the primary challenge to maintaining compliance that a multinational corporation shall face as it operates in various countries each with its own set of data protection laws and regulations such as GDPR in Europe, HIPAA in the United States, and PIPEDA in Canada?
Language differences
Explanation
Language differences can pose communication challenges for a multinational corporation operating in different countries, but they are not the primary challenge to maintaining compliance with data protection laws. While language barriers can complicate compliance efforts, the main challenge in this scenario is related to legal and jurisdictional conflicts between countries.
Data encryption standards
Explanation
Data encryption standards are important for maintaining compliance with data protection laws, but they are not the primary challenge faced by a multinational corporation operating in various countries with different regulations. While encryption is crucial for protecting sensitive data, the main challenge lies in navigating the legal and jurisdictional differences between countries.
Correct answer
Jurisdictional conflict
Explanation
Jurisdictional conflict is the primary challenge faced by a multinational corporation operating in various countries with different data protection laws and regulations. Navigating the conflicting legal requirements, understanding which laws apply in each jurisdiction, and ensuring compliance with multiple sets of regulations can be complex and challenging for organizations operating globally.
Technical infrastructure
Explanation
Technical infrastructure plays a key role in ensuring data security and compliance with regulations, but it is not the primary challenge faced by a multinational corporation operating in multiple countries with varying data protection laws. While having a robust technical infrastructure is important, the main challenge lies in addressing jurisdictional conflicts and complying with different legal requirements.
Overall explanation
5.5 Explain types and purposes of audits and assessments.
A multinational corporation operating in various countries each with its own set of data protection laws and regulations shall face jurisdictional conflict. This occurs when disputes or conflicts arise between different legal authorities or jurisdictions, often over laws, regulations, or governance issues. The cooperation may face challenges aligning its data protection practices with the requirements of all the applicable regulations especially for requirements that contrast each other.
Domain
5.0 Security Program Management and Oversight
Question 76Skipped
What can an organization use as a compensating control to mitigate the risk of an identified critical vulnerability in its legacy system that has no patch and vendor support available?
Implementing network-based intrusion detection
Explanation
Implementing network-based intrusion detection can help monitor and analyze network traffic for signs of malicious activity, but it may not be sufficient to mitigate the risk of the identified critical vulnerability in the legacy system. While network-based intrusion detection is a valuable security measure, it may not provide the necessary protection against exploitation of the unpatched vulnerability.
Scheduling of backups to occur regularly
Explanation
Scheduling regular backups is a good practice for data protection and recovery, but it does not directly address the risk posed by the critical vulnerability in the legacy system. While backups are important for business continuity, they do not serve as a compensating control for mitigating the specific security risk associated with the unpatched system.
Installation of host-based intrusion prevention
Explanation
Installing host-based intrusion prevention can enhance the security posture of the system by detecting and blocking malicious activities at the host level. However, while this control can help prevent certain types of attacks, it may not fully address the risk posed by the critical vulnerability in the legacy system that lacks patching and vendor support.
Correct answer
Isolation of the vulnerable system from the network
Explanation
Isolating the vulnerable system from the network can help mitigate the risk of exploitation of the critical vulnerability. By limiting network access to the system, the organization can reduce the likelihood of unauthorized access and potential attacks targeting the vulnerability.
Overall explanation
4.3 Explain various activities associated with vulnerability management.
An organization can perform isolation of the vulnerable system from the network to mitigate the risk of an identified critical vulnerability in its legacy system that has no patch and vendor support available. Since the exposure to the network has been limited, the risk of exploitation is reduced. The measure buys time for the organization to upgrade its system to a modern and supported version.
Domain
4.0 Security Operations
Question 77Skipped
What aspect of security governance needs to be improved at an organization that has been found to have several identified vulnerabilities but not addressed for an extended period during an audit?
Identity management
Explanation
Identity management focuses on managing user identities, roles, and access rights within an organization. While important for overall security, the lack of addressing identified vulnerabilities is more closely related to the revision and monitoring of security controls rather than identity management.
Correct answer
Revision and monitoring
Explanation
Revision and monitoring of security controls are crucial aspects of security governance that ensure identified vulnerabilities are promptly addressed and mitigated. In this scenario, the organization’s failure to revise and monitor security controls has led to the prolonged existence of vulnerabilities, highlighting the need for improvement in this area.
Incident response planning
Explanation
Incident response planning involves preparing for and responding to security incidents effectively. While incident response planning is essential for handling security breaches, the primary issue in this case is the organization’s failure to address identified vulnerabilities, which falls under the purview of revision and monitoring of security controls.
Security awareness training
Explanation
Security awareness training aims to educate employees about security best practices and potential threats. While important for overall security posture, the lack of addressing identified vulnerabilities is more closely related to the revision and monitoring of security controls rather than security awareness training.
Overall explanation
5.1 Summarize elements of effective security governance.
The aspect of revision and monitoring needs to be improved in the organization. It helps the organization to stay ahead of emerging threats by proactively identifying and addressing vulnerabilities before attackers can exploit them.
Domain
5.0 Security Program Management and Oversight
Question 78Skipped
What should be the immediate response by the IT department to an employee who has reported an email that appears to be phishing?
Forward the email to all the employees to warn them of the attack
Explanation
Forwarding the email to all employees may inadvertently spread the phishing attack further and increase the risk of more employees falling victim to it. It is not a recommended response by the IT department in handling a reported phishing email.
Ignore the report as the employee may just be panicking
Explanation
Ignoring the report from the employee is not a responsible or proactive approach to handling a potential phishing incident. It is essential for the IT department to take all reports of suspicious emails seriously and investigate them promptly to protect the organization’s security.
Disable the employee’s network access to prevent possible exploitation
Explanation
Disabling the employee’s network access may be an extreme measure and could disrupt the employee’s work unnecessarily. It is important to investigate the reported phishing email further before taking such drastic actions to prevent possible exploitation.
Correct answer
Acknowledge the incident and provide feedback on the outcome
Explanation
Acknowledging the incident and providing feedback on the outcome is the correct response by the IT department to an employee who has reported a phishing email. It shows that the report is being taken seriously, and the employee is informed of the actions taken to address the potential security threat.
Overall explanation
5.6 Given a scenario, implement security awareness practices.
The IT department should acknowledge the incident and provide feedback on the outcome to the employee who has reported an email that appears to be phishing. The IT department shall be able to investigate if the reported suspicious email is a legitimate or malicious one. Appropriate responsive actions may be performed if the email is discovered to be malicious.
Domain
5.0 Security Program Management and Oversight
Question 79Skipped
How can scripting help a security administrator strengthen the security measures related to API integrations?
Deleting the API logs daily
Explanation
Deleting the API logs daily does not directly help a security administrator strengthen security measures related to API integrations. While managing API logs is important for security, deleting them daily may hinder the ability to investigate security incidents or track unauthorized access.
Describing the specifications of the endpoints
Explanation
Describing the specifications of the endpoints is crucial for understanding how APIs interact and ensuring secure communication. While this is an important aspect of API security, it does not directly strengthen security measures related to API integrations.
Correct answer
Automatically updating the authentication tokens
Explanation
Automatically updating the authentication tokens is a critical security measure to prevent unauthorized access to APIs. By automatically updating authentication tokens, a security administrator can enhance the security of API integrations and reduce the risk of token misuse or theft.
Documenting API integration procedures
Explanation
Documenting API integration procedures is essential for maintaining a secure environment and ensuring consistency in API usage. However, it does not directly strengthen security measures related to API integrations by itself.
Overall explanation
4.7 Explain the importance of automation and orchestration related to secure operations.
Scripting can help a security administrator strengthen the security measures related to application programming interface (API) integrations by automatically updating the authentication tokens. The risk of the API keys or tokens being compromised is reduced by regularly changing or rotating them. The tokens are used to verify the identity of the users or systems accessing the API, therefore updating them provides a defense against unauthorized access.
Domain
4.0 Security Operations
Question 80Skipped
A network administrator has discovered that a router still has the default username and password as she reviews its security settings. What action should she take?
Scan the router for vulnerabilities
Explanation
While scanning the router for vulnerabilities is important for overall security, changing the default credentials should be the immediate action to prevent unauthorized access. Scanning for vulnerabilities can be done after securing the router with new credentials.
Escalate the issue to the helpdesk administrator
Explanation
Escalating the issue to the helpdesk administrator may be necessary for further action, but changing the default credentials should be the immediate priority to prevent unauthorized access to the router.
Correct answer
Change the default credentials immediately
Explanation
Changing the default credentials immediately is the correct action to take in this scenario. Default credentials are widely known and easily exploitable, so changing them will help prevent unauthorized access and enhance the security of the router.
Do not change the default credentials for something unexpected may happen
Explanation
Keeping the default credentials poses a significant security risk as attackers often target devices with default usernames and passwords. Changing the default credentials is crucial to enhance the security of the router.
Overall explanation
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
The network administrator should change the default credentials immediately after discovering that a router still has the default username and password. Attackers often target devices with unchanged default credentials thus the situation poses a significant security risk. Furthermore, there are many public and freely available sites with lists of manufacturers, their devices, and the default credentials for those devices, making it very easy for an attacker to refer to them.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 81Skipped
Robert wants to secure his web server with transport layer security. He has created a certificate signing request (CSR) to obtain an SSL certificate from a trusted certificate authority (CA). What is the use of the CSR Robert generated?
Correct answer
The CA is provided with the information needed to generate the digital certificate by the CSR
Explanation
The primary use of the CSR is to provide the CA with the information required to generate a digital certificate for the web server. This information includes the public key, organization details, and domain name.
The private key of the web server is embedded within the CSR
Explanation
The private key of the web server is not embedded within the CSR. The private key is kept securely on the web server and is used to decrypt incoming encrypted data.
Encryption of the communication between the web server and end users is encrypted by the CSR
Explanation
The CSR does not directly encrypt the communication between the web server and end users. Its main purpose is to provide the necessary information for the CA to issue a digital certificate.
Installation of the SSL certificate on the web server is performed by the CSR
Explanation
The CSR itself does not perform the installation of the SSL certificate on the web server. It is a request sent to a CA to obtain a digital certificate.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
The Certificate Authority (CA) is provided with the information needed to generate the digital certificate by the Certificate Signing Request (CSR) that Robert has created. The CSR is cryptographically signed by the applicant and includes information such as the applicant’s public key, the common name (CN) that should appear on the certificate, and the organization’s details such as the name, locality, country, etc. The certificate authority verifies the request and signs the CSR to create a digital certificate binding the identity of the requestor to their public key.
Domain
1.0 General Security Concepts
Question 82Skipped
An attacker has called the help desk of a company pretending to be the regional sales manager of a firm they are in business with and has requested account numbers to prepare the invoices for the organization. What type of social engineering technique is being used?
Smishing
Explanation
Smishing is a form of social engineering that involves using SMS or text messages to deceive individuals into providing sensitive information or taking certain actions. In this scenario, the attacker is not using text messages but rather a phone call to impersonate someone else, making this choice incorrect.
Correct answer
Impersonation
Explanation
Impersonation is a social engineering technique where an attacker pretends to be someone else, such as a trusted individual or authority figure, to manipulate individuals into providing sensitive information or taking specific actions. In this scenario, the attacker is impersonating the regional sales manager of a business partner to obtain account numbers, making this choice correct.
BEC
Explanation
Business Email Compromise (BEC) is a type of cyber attack that involves compromising business email accounts to conduct fraudulent activities, such as wire transfer scams or invoice fraud. While the attacker in this scenario is attempting to obtain sensitive information for fraudulent purposes, they are not using email as the primary method of communication, making this choice incorrect.
Typosquatting
Explanation
Typosquatting is a technique where attackers register domain names similar to legitimate ones in hopes of users making typographical errors and visiting the malicious site. This choice is incorrect in the context of the scenario described, as it does not involve domain name manipulation but rather impersonation over a phone call.
Overall explanation
2.2 Explain common threat vectors and attack surfaces.
The attacker has used the impersonation social engineering technique. The attacker pretends to be someone they are not in a deceptive manner in the hopes of convincing the users to surrender the account numbers.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 83Skipped
A security personnel has discovered that the SCADA system used to monitor and control industrial processes at a critical infrastructure facility lacks proper authentication and encryption measures. What is the primary concern that evolves from this?
Correct answer
System intrusions may compromise operations
Explanation
The primary concern that evolves from the SCADA system lacking proper authentication and encryption measures is the possibility of system intrusions compromising operations. Without these security measures, unauthorized access to the system can lead to disruptions, sabotage, or unauthorized control of critical infrastructure processes.
Lack of scheduled data backups
Explanation
While lack of scheduled data backups can pose a risk to data integrity and recovery in case of system failures, the primary concern in this scenario is the potential compromise of operations due to the lack of proper authentication and encryption measures in the SCADA system.
Remote access is not configured
Explanation
While remote access not being configured can be a concern for security, the primary concern in this scenario is the lack of proper authentication and encryption measures in the SCADA system, which can lead to system intrusions compromising operations.
Inadequate physical security at the facility
Explanation
While inadequate physical security at the facility can pose a risk to the physical assets and infrastructure, the primary concern in this scenario is the lack of proper authentication and encryption measures in the SCADA system, which can result in system intrusions compromising operations.
Overall explanation
3.1 Compare and contrast security implications of different architecture models.
The primary concern of the supervisory control and data acquisition (SCADA) system lacking proper authentication and encryption measures is that system intrusions may compromise operations. Lack of authentication may allow unauthorized intruders to gain control of the system while poor encryption allows attackers to sniff, decrypt, and manipulate the data along the communication path.
Domain
3.0 Security Architecture
Question 84Skipped
The IT security team at a data storage facility has set a specific threshold for the security risks they are keeping track of within their risk register. How does this threshold assist them in risk management?
Estimation of the probability of risks occurring
Explanation
Estimating the probability of risks occurring is essential in risk management, but the threshold set by the IT security team serves a different purpose by defining the point at which risks are deemed significant enough to warrant action.
Correct answer
Definition of the point where risks require action
Explanation
The threshold helps the IT security team define the point at which risks are considered significant enough to require action. This allows them to prioritize and focus on addressing the most critical risks first, leading to more effective risk management.
Ranking of risks based on severity
Explanation
Ranking risks based on severity is important in risk management, but it does not directly relate to how a specific threshold assists in managing risks within the risk register.
Identification of vulnerabilities at the facility
Explanation
While identifying vulnerabilities is a crucial aspect of risk management, the threshold set by the IT security team specifically helps in determining when risks reach a level that requires action, rather than solely focusing on vulnerability identification.
Overall explanation
5.2 Explain elements of the risk management process.
The specific threshold for the security risks being tracked within the risk register gives the IT security team a definition of the point where risks require action. At this point, the risks are deemed to be significant enough to warrant remediation and indicate that attention and mitigation efforts are required.
Domain
5.0 Security Program Management and Oversight
Question 85Skipped
A global transportation company aims to improve its network security and performance to track and manage its vehicles in its fleet management system that spans multiple countries. Which technology can they apply?
IPSec
Explanation
IPSec (Internet Protocol Security) is a protocol suite used to secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet in a data stream. While IPSec can enhance network security by providing secure communication channels, it may not directly address the performance optimization needs of a transportation company’s fleet management system across multiple countries.
Correct answer
SD-WAN
Explanation
SD-WAN (Software-Defined Wide Area Network) technology can be applied by the transportation company to improve network security and performance for tracking and managing vehicles in its fleet management system. SD-WAN offers centralized control, increased visibility, and optimized traffic routing, which can enhance security measures and network efficiency across multiple countries.
Blockchain
Explanation
Blockchain technology is more commonly used for secure and transparent transactions in industries like finance and supply chain management. While it can provide secure data storage and integrity verification, it may not be the most suitable technology for improving network security and performance in a fleet management system for a transportation company.
Cloud computing
Explanation
Cloud computing can provide scalability and flexibility for the transportation company’s fleet management system, but it may not directly improve network security and performance for tracking and managing vehicles across multiple countries. It focuses more on resource management and accessibility rather than network security enhancements.
Overall explanation
3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
The global transportation company can apply a software-defined wide area network (SD-WAN) to improve its network security and performance to track and manage its vehicles in its fleet management system that spans multiple countries. SD-WANs offer a cost-effective and agile intelligent routing technique to connect the fleet management system. The approach enhances the performance of the application, reduces network latency, and increases reliability while offering centralized control and management.
Domain
3.0 Security Architecture
Question 86Skipped
Robert is considering using a password manager to securely store his login credentials and improve the overall security of his multiple online accounts. What advantage does Robert get from using a password manager?
Real-time threat monitoring and alerting
Explanation
Real-time threat monitoring and alerting are not typically features of a password manager. The main purpose of a password manager is to securely store and manage passwords, not to provide real-time monitoring of security threats.
Correct answer
The process of creating complex passwords is simplified
Explanation
The main advantage of using a password manager is that it simplifies the process of creating complex passwords for multiple online accounts. This helps improve overall security by generating strong, unique passwords for each account.
Robert no longer needs to change his password
Explanation
While a password manager can help manage and store passwords securely, it is still recommended to periodically change passwords for added security. Therefore, Robert still needs to change his passwords regularly, even when using a password manager.
Robert gets an offline backup of his login credentials
Explanation
Using a password manager does not provide an offline backup of login credentials. The primary function of a password manager is to securely store and manage passwords, not to create backups of them.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
The process of creating complex passwords is simplified for Robert if he uses a password manager. The password manager can securely generate and store very complex passwords and provide auto-filling options when requested. The need to memorize complex passwords is sorted reducing the risk of writing down passwords physically. However, a compromise of the password manager is a major risk as all passwords shall be compromised.
Domain
4.0 Security Operations
Question 87Skipped
What is the expected CVSS score for a vulnerability that affects a common and widely used web server software and allows the execution of arbitrary code remotely without prior authentication?
The score can not be evaluated without additional information
Explanation
Without additional information about the specific details and impact of the vulnerability, it is not possible to accurately evaluate the CVSS score. The severity of a vulnerability is determined by various factors, and more information is needed to assess the overall risk.
The score will be low due to lack of authentication during execution
Explanation
The lack of authentication during the execution of arbitrary code remotely is a serious security issue that can lead to unauthorized access and potential exploitation of the system. This lack of authentication increases the severity of the vulnerability, resulting in a higher CVSS score rather than a low score.
The score will be moderate because the software affected is common
Explanation
While the affected software being common may be a factor in determining the severity of the vulnerability, the ability to execute arbitrary code remotely without authentication is a critical aspect that significantly increases the risk. Therefore, the expected CVSS score would not be moderate solely based on the commonality of the software.
Correct answer
The score will be high due to remote code execution capabilities
Explanation
The CVSS score for a vulnerability that allows remote code execution without authentication is expected to be high. Remote code execution capabilities are considered critical and pose a significant risk to the security of the system, resulting in a high CVSS score.
Overall explanation
4.3 Explain various activities associated with vulnerability management.
The score will be high due to remote code execution capabilities. In the common vulnerability scoring system (CVSS) factors such as the impact, exploitability, and permissions needed shall determine how severe a vulnerability is. The capability of the vulnerability being able to perform the execution of arbitrary code remotely without prior authentication is a critical factor that leads to a high CVSS score.
Domain
4.0 Security Operations
Question 88Skipped
What encryption method should an organization handling sensitive customer information such as personal details and credit card numbers use to securely store both human and non-human data types?
bcrypt
Explanation
bcrypt is a password hashing function designed to securely store passwords, but it is not typically used for encrypting and storing sensitive customer information such as personal details and credit card numbers. While bcrypt is effective for password security, it may not provide the necessary encryption strength for storing a wide range of sensitive data types.
ECC
Explanation
ECC (Elliptic Curve Cryptography) is a public-key cryptography method that is often used for secure communication and digital signatures. While ECC can be used for encryption, it may not be the most suitable choice for securely storing sensitive customer information like personal details and credit card numbers. AES is generally preferred for data encryption at rest in such scenarios.
Correct answer
AES
Explanation
AES (Advanced Encryption Standard) is a widely used encryption method that is considered secure for storing sensitive data such as personal details and credit card numbers. It provides strong encryption and is suitable for both human and non-human data types, making it a suitable choice for organizations handling sensitive customer information.
SHA
Explanation
SHA (Secure Hash Algorithm) is a cryptographic hash function, not an encryption method. While it is commonly used for data integrity and digital signatures, it is not designed for encrypting sensitive data at rest. Therefore, it is not the recommended encryption method for securely storing customer information.
Overall explanation
3.3 Compare and contrast concepts and strategies to protect data.
An organization handling sensitive customer information such as personal details and credit card numbers should use the advanced encryption standard (AES) to securely store both human and non-human data types**.** AES provides strong and efficient encryption for various forms of data while achieving fast encryption and decryption rates. It is the successor of the data encryption standard (DES) and supports key sizes of 128, 192, or 256 bits.
Domain
3.0 Security Architecture
Question 89Skipped
An employee has tried to log in to the network at his company. After providing his username and password the system checks if the correct credentials have been supplied and then performs a verification of the access permissions he has to the corporate resources. What aspect of the AAA system validates his permissions?
Accounting
Explanation
Accounting is not the aspect of the AAA system that validates the permissions of a user. Accounting involves tracking and recording the activities of users, such as logins, logouts, and resource usage, for billing, auditing, and security purposes.
Auditing
Explanation
Auditing is not the aspect of the AAA system that validates the permissions of a user. Auditing is the process of tracking and recording events related to authentication, authorization, and accounting for security and compliance purposes.
Correct answer
Authorization
Explanation
Authorization is the aspect of the AAA system that validates the permissions of a user to access specific corporate resources. It determines what actions a user is allowed to perform after successful authentication and verification of credentials.
Authentication
Explanation
Authentication is the process of verifying the identity of a user based on the credentials provided, such as username and password. While authentication is necessary for validating the user’s identity, it is not the aspect of the AAA system that validates the permissions of a user to access corporate resources.
Overall explanation
1.2 Summarize fundamental security concepts.
The authorization aspect of the AAA system validates the employee’s permissions. The first A stands for authentication. Once the user has successfully supplied the correct credentials and gains access to the system, the activities that the user can perform and the resources that the user can access while in the system are determined by the second A (authorization). The third A is accounting, and it deals with logging and monitoring to ensure the user is accountable for the actions they perform on the system.
Domain
1.0 General Security Concepts
Question 90Skipped
What is the appropriate step that should be taken by the cybersecurity team of a major telecommunications company after recent reports of supply chain attacks affecting other companies in the industry?
Monitoring the telecommunications traffic
Explanation
Monitoring the telecommunications traffic is a crucial security practice to detect any suspicious or malicious activities within the network. However, in the context of supply chain attacks, the cybersecurity team should prioritize analyzing the vendor supply chain to identify any vulnerabilities or compromises that may impact the organization’s security.
Correct answer
Analysis of the vendor supply chain
Explanation
Analyzing the vendor supply chain is the most appropriate step for the cybersecurity team of a major telecommunications company after reports of supply chain attacks affecting other companies in the industry. By conducting a thorough analysis of the vendor supply chain, the team can identify any vulnerabilities, compromises, or potential threats that may impact the organization’s security posture. This proactive approach allows the team to assess and mitigate risks associated with supply chain attacks effectively.
Implement data loss protection
Explanation
Implementing data loss protection is a valid cybersecurity measure, but it may not directly address the specific threat posed by supply chain attacks. While data loss protection is important for safeguarding sensitive information, the immediate response to supply chain attacks should focus on identifying and mitigating potential risks within the vendor supply chain.
Update all the hardware in the network
Explanation
Updating all the hardware in the network is a good security practice to ensure that systems are running on the latest firmware and software versions with necessary security patches. However, this may not directly address the specific threat of supply chain attacks. The cybersecurity team should focus on analyzing the vendor supply chain to assess the potential risks and take appropriate actions.
Overall explanation
5.3 Explain the processes associated with third-party risk assessment and management.
The appropriate step that should be taken by the cybersecurity team of a major telecommunications company after recent reports of supply chain attacks affecting other companies in the industry is to perform an analysis of the vendor supply chain. The analysis will help to identify the vulnerabilities and risks associated with their supply chain and allow for timely mitigation of them.
Domain
5.0 Security Program Management and Oversight
