Security + Flashcards by Daniel Bowley

Question
A company evaluates its security policies to prevent potential data leakage and malware infection through portable storage devices. Which action would MOST effectively reduce the risks associated with the unauthorized use of such devices?

A.Implementing a strict removable media policy
B.Regularly updating the company’s firewall settings
C.Increasing the frequency of employee cybersecurity training
D.Replacing all Ethernet cables with shielded versions

A.Implementing a strict removable media policy

How well did you know this?

Not at all

Perfectly

Question
A tech startup has just suffered a data breach where sensitive customer financial data leaked. The chief executive officer (CEO) has an immediate concern about the tangible penalty the company will face due to violating data protection regulations. What is the CEO primarily concerned with in this situation?

A.Privacy policy updates
B.Reputational damage
C.Fines
D.Security infrastructure overhaul

C.Fines

How well did you know this?

Not at all

Perfectly

A healthcare provider is modernizing its data storage solutions to comply with health information privacy laws. The chief information security officer (CISO) must ensure that sending data access logs to healthcare regulatory authorities is in a specific format. What kind of reporting is taking place?

A.Internal compliance reporting
B.External compliance reporting
C.Data retention policy enforcement
D.Privacy impact assessment

B.External compliance reporting

How well did you know this?

Not at all

Perfectly

Question
A healthcare provider located in an EU member state must maintain comprehensive patient records while ensuring the privacy of individuals’ information. How can the provider navigate legal requirements for data retention with respect to patients who request that their information be amended?

A.Establishing a specific data retention policy
B.Maintaining extended data inventory
C.Complying with mandated regulations
D.Regularly reviewing and updating privacy policies

C.Complying with mandated regulations

How well did you know this?

Not at all

Perfectly

As part of a business continuity plan, a company wants to create a resilient work model that securely allows employees to access critical network resources, regardless of physical location. This model must enforce strict access controls and multifactor authentication while facilitating on-site and remote work capabilities. What type of work environment mostly aligns with these requirements?

A.Fully remote work environment
B.Hybrid work environment
C.On-premises work environment
D.Third-party outsourced work environment

B.Hybrid work environment

How well did you know this?

Not at all

Perfectly

A company is prioritizing the security of its sensitive financial information. With a diverse team of remote and in-office staff, the IT security team must ensure that this data is secure, whether on a server in the data center, sent via email to international partners, or actively used by an authorized user on the corporate network. Which two methods are MOST effective for securing this company’s data?

A.Encryption and hashing
B.Tokenization and masking
C.Obfuscation and segmentation
D.Permission restrictions and geographic restrictions

A.Encryption and hashing

How well did you know this?

Not at all

Perfectly

Question
An organization has seen an uptick in phishing emails slipping through its security filters. It is enhancing technical security measures but is considering immediate actions to involve employees more effectively in its defense strategy to mitigate related risks. Which actions should the organization undergo? (Select the best three options.)

A.Conduct training sessions for employees to recognize phishing attempts
B.Implement a system for employees to report detected suspicious emails
C.Deploy a new firewall to inspect incoming email traffic
D.Enforce two-factor authentication for all company accounts

A.Conduct training sessions for employees to recognize phishing attempts

B.Implement a system for employees to report detected suspicious emails

D.Enforce two-factor authentication for all company accounts

How well did you know this?

Not at all

Perfectly

Question

A large healthcare organization is considering an alliance with a third-party medical software provider. The organization wants to ensure they well-document all aspects of the alliance, with both parties understanding their roles and responsibilities. Which of the following should the healthcare organization prioritize to clearly define the parameters, the expectations for both parties, and the protocols for managing risks and security?

A.Business Partnership Agreement (BPA) and Rules of Engagement (RoE)
B.Memorandum of Understanding (MOU) and nondisclosure agreement (NDA)
C.Service level agreement (SLA) and statement of work (SOW)
D.Questionnaires and master services agreement (MSA)

A.Business Partnership Agreement (BPA) and Rules of Engagement (RoE)

Note:
Parties usually use an MOU and NDA as initial steps before entering a more formal agreement.

How well did you know this?

Not at all

Perfectly

Question

A risk manager for a company providing IT support services conducts a business impact analysis (BIA) and identifies a Mission Essential Function (MEF) that relies on a server with a Mean Time Between Failures (MTBF) of 2,500 hours and a Mean Time to Repair (MTTR) of 4 hours. Given a Maximum Tolerable Downtime (MTD) of 24 hours and a Recovery Time Objective (RTO) of 6 hours for this function, what should the risk manager prioritize in the risk management strategy?

A.Improving the MTBF of the server
B.Reducing the MTTR of the server
C.Increasing the MTD for the function
D.Extending the RTO for the function

B.Reducing the MTTR of the server

Note:
Reducing the MTTR is crucial. With an RTO of 6 hours and an MTTR of 4 hours, other activities have limited time, such as recovery during the maximum tolerable downtime. Lowering the MTTR provides more time for those activities.

How well did you know this?

Not at all

Perfectly

Question

A cybersecurity consultant is analyzing risks for a new e-commerce website. The consultant identifies potential risks, evaluates their impact and likelihood, and considers the organization’s ability to mitigate them. Which risk analysis methodology is the consultant MOST likely using?

A.Qualitative risk analysis
B.Quantitative risk analysis
C.Qualitative and quantitative risk analysis
D.Ad hoc risk assessments

Qualitative and quantitative risk analysis

Note:
The consultant considers qualitative factors, such as impact and likelihood. However, the consultant must also consider the organization’s ability to mitigate risks involving quantitative factors, such as costs.

How well did you know this?

Not at all

Perfectly

A small software development company is about to start a project with a new client. The client wants to understand what they can expect from the software development company in terms of the services it will provide and the timeline for the project. Which legal document would be MOST appropriate for outlining the project’s specific details, including the scope, deliverables, and timeline?

A.Memorandum of understanding (MOU)
B.Nondisclosure agreement (NDA)
C.Service level agreement (SLA)
D.Statement of work (SOW)

D.Statement of work (SOW)

Note:
A statement of work details the scope of a project or engagement, the deliverables, timelines, and responsibilities. It clarifies the vendor’s tasks, the client’s expectations, and the agreed-upon deliverables.

A service level agreement defines the specific performance metrics, quality standards, and service levels expected from the vendor. While it is an important agreement, it does not specifically outline a project’s scope, deliverables, and timeline.

How well did you know this?

Not at all

Perfectly

Question

A large financial institution is considering outsourcing its IT infrastructure to a third-party cloud service provider. The company has concerns about the risks of giving its sensitive financial data to an external vendor. What approach should the company use to ensure the vendor complies with the appropriate security standards and regulations?

A.Enter into a contract without clauses for regular assessments or audits of the vendor's security practices.
B.Rely on the vendor's reputation in the industry without the need to conduct any further assessments.
C.Ensure the vendor consents to and undergoes regular penetration testing to verify their security practices.
D.Prioritize the vendor's cost and ease of use over security considerations based on their capabilities.

Ensure the vendor consents to and undergoes regular penetration testing to verify their security practices.

Note:
Penetration testing identifies potential vulnerabilities in a vendor’s systems, networks, and applications, assessing their security posture. The company gains insights into the vendor’s security resilience and vulnerabilities that attackers could exploit by conducting or requesting evidence of regular penetration tests.

How well did you know this?

Not at all

Perfectly

Question

An organization is expanding its operations into a new region with unfamiliar regulatory requirements. The risk management team conducts a thorough risk assessment and identifies a need for robust controls to ensure compliance. Which of the following would be the MOST effective metric for tracking regulatory compliance risk in this situation?

A. The employee percentage who have received compliance training
B. The total revenue the company generated from the new region
C. The number of market competitors the company has identified
D. The frequency of audits conducted by the regulatory authority

The employee percentage who have received compliance training

How well did you know this?

Not at all

Perfectly

An organization plans to outsource its customer service operations to a third-party vendor. The organization needs to evaluate potential vendors based on their risk profiles to ensure data security and compliance with regulatory requirements. Which of the following considerations would be the MOST important in the vendor assessment process?

A. The vendor's market reputation and branding to check for reliability and quality
B.The vendor's financial stability, operational reliability, and data security practices
C. The vendor's geographical location and proximity to the company's headquarters
D. Finding a vendor who can offer the lowest price for data security and compliance

The vendor’s financial stability, operational reliability, and data security practices

How well did you know this?

Not at all

Perfectly

A company’s risk manager has recently identified a potential risk involving its inventory management software and has listed the risk in the risk register. As a result, the manager must decide on the most suitable response to this risk. Which of the following is the MOST appropriate step for the risk manager?

A.Identify and assess the potential vulnerabilities and threats associated with the risk
B.Identify the mission essential functions of the company and assess the risk's impact on them
C.Determine the likelihood and impact of the risk on the company's operations
D.Update the risk register with the mitigation strategies and inform the stakeholders

Determine the likelihood and impact of the risk on the company’s operations

How well did you know this?

Not at all

Perfectly

An earthquake occurred near the company HQ, causing severe damage in the area. The earthquake affected the building, which will not be usable for several weeks. What plan will the company follow to maintain its business? (Select the two best options.)

A.COOP
B.Disaster recovery
C.Incident response
D.AUP

Is this right?
COOP
Incident response

Copilot Begs to differ,
COOP
Disaster recovery

How well did you know this?

Not at all

Perfectly

An organization has hired an HR director to improve the performance of the HR Division. The director first identified a lack of digital-only exit processes for employees or contractors. What are some IT security areas an exit process should focus on? (Select the three best options.)

A.Account management
B.Personal assets
C.Physical security
D.Company assets

A.Account management
B.Personal assets

D.Company assets

Any personal devices used for company activities must have the proprietary information removed, including the removal of any software purchased by the company.

How well did you know this?

Not at all

Perfectly

Question

A manager reprimands an IT employee because the employee did not follow instructions on the server build. Each server’s configuration was different, including different software and settings. What should the employee have followed to build the server correctly?

A.Standards
B.Access control models
C.Policy
D.Guidelines

Standards

A standard defines the expected outcome of a task, such as a particular configuration state for a server or performance baseline for a service. Following the standard for each build would ensure each server’s configuration would match.

How well did you know this?

Not at all

Perfectly

Security governance relies heavily on specially designed and interdependent roles. Each role has unique responsibilities that contribute to effective security oversight and control. What are some of these roles? (Select the three best options.)

A.Owner
B.Controller
C.Processor
D.Maintenance custodian

A.Owner
B.Controller
C.Processor

How well did you know this?

Not at all

Perfectly

A company helps employees get up to speed quickly with correct documentation. Guidelines can be beneficial in accomplishing this goal. To ensure guidelines remain relevant, what must the company do to them? (Select the two best options.)

A.Mandatory employee review
B.Continually update them
C.Regular review
D.Periodic assessments and updates

C.Regular review
D.Periodic assessments and updates

How well did you know this?

Not at all

Perfectly

Question

An IT manager prepares a proposal to implement change management. Before being able to start the program, the manager needs support from key personnel within every department. What key personnel does the manager need support from?

A.Controller
B.Owner
C.Stakeholders
D.Processor

C.Stakeholders

Stakeholders in change management are personnel with a vested interest in the change. Their participation fosters ownership and responsibility.

The controller role closely relates to the General Data Protection Regulation (GDPR) and identifies the purposes, conditions, and means of processing personal data. This position is not part of change management.

How well did you know this?

Not at all

Perfectly

A nationwide company realizes its current standardized approach to security is not working. The different company business units need more autonomy and the ability to make decisions that meet their local needs and priorities. What type of security governance should they follow?

A.Decentralized security governance
B.Centralized security governance
C.Governance committees
D.Data protection authorities

A.Decentralized security governance

Decentralized security governance distributes decision-making authority to different groups or departments to facilitate security-focused decisions based on localized needs and priorities.

In centralized security governance, decision-making authority primarily rests with a single core group or department that establishes policies, procedures, and guidelines and makes important security-focused decisions.

How well did you know this?

Not at all

Perfectly

Question

A security analyst at a large financial institution must find areas of security operations that cannot maximize the advantages of automation and orchestration. The organization aims to enhance efficiency and combat operator fatigue. Which of the following areas will experience minimal improvement by implementing automation and orchestration?

A.Customization and application of vulnerability scanning
B.Manually initiated threat detection and response
C.Monitoring systems solely for anomalous activities
D.Face-to-face cyber risk awareness training

D.Face-to-face cyber risk awareness training

Applying automation and orchestration may not bring as much efficiency and effectiveness to face-to-face cybersecurity risk awareness training due to the direct interaction between trainers and learners. It plays a critical role in effectively communicating and understanding complex cybersecurity issues.

Automation can significantly enhance the efficiency of vulnerability scanning and patch applications by performing these repetitive tasks swiftly and reliably, reducing the workload on the security team.

How well did you know this?

Not at all

Perfectly

An incident response team member identifies an attack on the system network. Upon further analyses, it is determined that a threat actor was attempting to send data to the system in a manner that would change the commands being sent to the server. What type of attack is occurring in this situation?

A.Injection attack
B.Replay attack
C.Forgery attack
D.Cross-site Scripting

A.Injection attack

How well did you know this?

Not at all

Perfectly

Question A company has noticed an apparent uptick in users disconnecting their sessions, then immediately reestablishing them. Their behavior after reestablishing the session is also noticeably different. What could this indicate? (Select the two best options.) A.Replay attack B.Cross-site Scripting C.Forgery attack D.Injection attack

A.Replay attack B.Cross-site Scripting

Question A company employee brought a personal computer to the IT department when it locked after receiving a file from a co-worker. The screen shows a countdown clock with a threat of encrypting files permanently unless the user pays money. What type of virus was the user's computer MOST likely infected with? (Select the two best options.) A.Ransomware B.Crypto-ransomware C.Logic bomb D.Cryptojacking malware

A.Ransomware B.Crypto-ransomware

A user contacts a company help desk complaining about intermittent access to files/shares while working from different locations in the building. The user also noticed connection problems occur when the network signal strength is at its highest. What could this be a sign of? (Select the two best options.) A.Rogue access point B.Wireless denial of service C.Wireless replay D.Downgrade attack

A.Rogue access point B.Wireless denial of service

A help desk receives multiple calls from customers stating that they are experiencing incredibly slow connections to needed files, and an increasing number of users are having problems logging into their user accounts. Resource consumption and resource inaccessibility are typically indicators of what type of attack? A.Trojan B.Account compromise C.Denial of Service D.Ransomware

C.Denial of Service

A company prepares to add additional protection to its networks due to ongoing attacks. It is adding resiliency and high availability services, such as load balancing and cluster services. What attacks could the company be experiencing? A.Denial of Service B.On-path C.Rogue Access Point D.Cryptographic

A.Denial of Service

Question A company CEO is upset after running into an issue where going to a specific website brings them to a malicious website instead. The security team ran checks and found the HOSTS file was manipulated redirecting the unsuspecting CEO to the malicious website. What kind of attack does this describe? A.Domain name system client cache poisoning B.Domain name system poisoning C.Domain name system-based on-path attack D.Domain name system attack indicators

A.Domain name system client cache poisoning

Question A salesman reached out to a customer to find out why the firm backed out of the contract. The customer replied that the contract numbers were far more than verbally discussed. What kind of attack could potentially change transmitted information? (Select the two best options.) A.On-path attack B.Denial of service C.Reconnaissance D.Address resolution protocol poisoning

A.On-path attack D.Address resolution protocol poisoning

A new IT intern has been reviewing logs to gain familiarity and understanding of the systems they will support. During these reviews, the intern noticed that for the last few weeks, at the same time every day, several MBs of data are being sent out. What could this indicate? (Select the two best options.) A.Denial of service B.Reconnaissance C.Teleworker D.Unauthorized data exfiltration

B.Reconnaissance D.Unauthorized data exfiltration

A hacker infiltrated a company's network and made a big show of removing files and causing network connection issues. After stopping the hacker and completing the cleanup, the IT department began noticing logs of users with multiple logins at varying times. What is the BEST explanation for how another user accessed the accounts? A.Users sharing passwords B.A backdoor virus C.A botnet D.Installation of a key logger

D.Installation of a key logger

A major financial institution's computer incident response team (CIRT) is dealing with a complex cyber attack. The attack started with several spear phishing emails sent to crucial employees in different departments. These emails had skillfully crafted messages and appeared to have legitimate attachments. However, upon opening them, the initiation of a highly evasive and previously unknown malware launched. What steps should the CIRT take in the containment phase of the incident response process to address this advanced attack? A.Disconnect all affected hosts from the network and shut down all communication channels. B.Use network segmentation to isolate and monitor infected systems. C.Immediately restore affected systems from backups and apply patches to prevent further attacks. D.Temporarily disable all user accounts and applications to prevent further spread of malware.

B.Use network segmentation to isolate and monitor infected systems. Network segmentation is necessary to prevent malware from spreading and monitor its activity closely. Network segmentation creates a controlled environment that does not alert the attacker that the CIRT is observing their actions.

An IT intern looks for information on previous network attacks, specifically indicators of attempted and successful replay, forgery, and injection attacks. Where could the intern find this information? (Select the two best options.) A.Buffer overflow B.URL analysis C.Session cookies D.Web server log

B.URL analysis D.Web server log

An IT admin receives an alert regarding an employee's web activity in which requested addresses are not written in plaintext, but contain entries such as %2e%2e%2f%2e%2e%2f%2e%2e%2f. What could this employee be attempting to do? (Select the two best options.) A.Command injection attack B.Directory traversal attack C.Canonicalization attack D.Server-side attack

B.Directory traversal attack C.Canonicalization attack

Question When it comes to monitoring network security, which logs help detect any attempts made by a threat actor to attack a wireless network through disassociation events? A.System logs from routers B.Access logs from switches C.Firewall audit logs D.Access point logs

D.Access point logs Access point logs record network behavior related to wireless access. In this scenario, disassociation events recorded in access point logs can indicate a threat actor attempting to attack the wireless network. Switch access logs usually pertain to network traffic and may not directly record wireless network occurrences such as disassociation events.

A cyber security analyst at a multinational corporation detects abnormal network activities that indicate a possible security breach. The analyst investigates and confirms that an unauthorized person has accessed sensitive customer information. The incident response team must act fast to contain the breach and stop further data loss. What should the initial responder do first? A.Disconnect affected server from the network, isolating it from the production environment B.Notify law enforcement authorities about the incident to initiate immediate action C.Restore affected systems from secure backups to recover and eliminate the threat D.Initiate threat hunting to find evidence of tactics, techniques, and procedures proactively

A.Disconnect affected server from the network, isolating it from the production environment

Question Which tool assesses different facets of cloud services, such as network bandwidth, virtual machine status, and program health in a network environment? A.Vulnerability scanner B.System monitor C.Application monitor D.Data loss prevention (DLP) tool

B.System monitor

A cybersecurity analyst in a multinational corporation is responsible for sensitive customer data and proprietary information and is now dealing with a security breach. The team is managing the incident response process using the CompTIA incident response lifecycle. The team has just completed the third step in the process. What must the team do next? A.Preparation B.Detection C.Analysis D.Containment

D.Containment

Question The leader of the cybersecurity team for a major e-commerce company recently encountered a major data breach that led to the exposure of customer payment details. The team has now contained the breach and is moving toward the final phase of the incident response cycle. After completing all previous steps, what is the team's primary objective in the final phase? A.Identifying stakeholders and reporting it to relevant parties B.Determining the root cause of the incident to eradicate it C.Restoring the affected system to a secure state to reintegrate it D.Analyzing the incident to improve procedures or systems

D.Analyzing the incident to improve procedures or systems

Question An analyst receives an overwhelming number of low-priority alerts that could potentially lead the analyst to disregard a critical high-impact alert. What may be occurring in this situation? A.Alert tuning B.Alert fatigue C.Threat hunting D.False positive

B.Alert fatigue Analysts experience alert fatigue when inundated with multiple low-priority alerts. These can lead to overlooking a critical high-impact alert that could have averted a data breach. Unfortunately, this phenomenon can diminish the overall effectiveness of the alerting system.

Which tool or concept can provide a unified view of network hosts and appliances by collecting and aggregating log data from multiple sources, offering better visibility into security events? A.Event Viewer format logging B.Syslog protocol C.Event metadata analysis D.Single pane of glass analysis

D.Single pane of glass analysis Using Security Information and Event Management (SIEM) software, organizations can analyze data from different sources in one place, also known as a "single pane of glass." SIEM allows for a comprehensive view of network devices and improves the ability to detect and respond to security incidents.

Question The cybersecurity team at a large multinational corporation has a robust incident response and a threat-hunting framework to defend against cyber threats. The organization recently received intelligence indicating a new type of advanced persistent threat (APT) targeting companies in its industry, and the security team has initiated threat hunting within the network. Why is the security team implementing threat-hunting tactics? A.To respond to security incidents after they have occurred. B.To harden systems and create incident response resources. C.To proactively discover evidence of threat actor activity. D.To recover systems and restore data from backup.

C.To proactively discover evidence of threat actor activity.

Question In digital forensics, why is the order of volatility significant during the data acquisition process? A.The order of volatility determines the legality of the data seizure in progress for accurate investigations. B.The order of volatility impacts the admissibility of evidence in court from the data collection process. C.The order of volatility ensures evidence from volatile sources gets collected before less volatile sources. D.The order of volatility applies to physical crime scenes, not digital ones, for accurate investigation purposes.

C.The order of volatility ensures evidence from volatile sources gets collected before less volatile sources.

What is the primary purpose/action of the containment phase of cybersecurity incident management during an incident response lifecycle for a user account? (Select the two best options.) A.Remove all traces of the incident from affected systems B.Identify the root cause of the incident and gather evidence for legal action C.Limit the immediate impact of the incident while securing data and notifying stakeholders D.Disable a user account

C.Limit the immediate impact of the incident while securing data and notifying stakeholders D.Disable a user account

A large finance company's software developers are working on a new web application for their customers. The team has concerns about potential security vulnerabilities. Which security techniques should they consider implementing to enhance the security of their application from web-based attack techniques? (Select the two best options.) A.Static code analysis B.Code signing C.Input validation D.Secure cookies

C.Input validation D.Secure cookies

Question Which of the following statements about applying common security techniques to computing resources is correct? A. Secure Sockets Layer (SSL) primarily secures File Transfer Protocol (FTP) communications. B. Hypertext Transfer Protocol Secure (HTTPS) operates over port 80 by default. C. Transport Layer Security (TLS) 1.3 prevents downgrade attacks, reducing handshake messages. D. TLS 1.3 cipher suites include Rivest, Shamir, and Adelman for bulk encryption.

C. Transport Layer Security (TLS) 1.3 prevents downgrade attacks, reducing handshake messages.

The IT administrator of a global banking organization is responsible for configuring email services. The administrator must ensure secure communication between servers and servers, as well as servers and clients. Which of the following statements about securing email protocols is true? (Select the two best options.) A.Simple Mail Transfer Protocol Secure (SMTPS) is the most widely implemented and robust method for securing SMTP communications. B.Port 465 is the recommended port for secure message submission over implicit transport layer security using STARTTLS command. C.Post Office Protocol 3S (POP3S) operates over transmission control protocol port 995 by default for secured mailbox access. D.Internet Message Access Protocol Secure allows multiple clients to connect to the same mailbox on port 143 simultaneously.

A.Simple Mail Transfer Protocol Secure (SMTPS) is the most widely implemented and robust method for securing SMTP communications. C.Post Office Protocol 3S (POP3S) operates over transmission control protocol port 995 by default for secured mailbox access.

Question A large hospital uses email for communication. However, to ensure security, they want to ensure that sensitive information is not transmitted out. What security function would accomplish this need? A.Simple Network Management Protocol B.File Transfer Protocol C.Secure File Transfer Protocol D.Data loss prevention

D.Data loss prevention

Question A large multinational company wants to enhance the security of its computing resources. It considers applying common security techniques to protect sensitive data and prevent unauthorized access. Which security technique would be MOST suitable for securing computing resources? A.GPS tagging to add geographical identification metadata to a company’s sensitive files B.Add geofencing to create a virtual boundary around the company's office premises C.Indoor Positioning System to determine the physical position of employees' devices D.Applying context-aware authentication to restrict resource access based on user location

D.Applying context-aware authentication to restrict resource access based on user location Context-aware authentication uses factors such as the user's location and device attributes to determine whether to grant access to certain resources. Context-aware authentication ensures that authorized users can only access sensitive data and resources when they are in a trusted location. Geofencing is a useful security technique that limits the functionality of devices when they exceed a specific boundary, primarily used for physical access control.

Question An educational institution's systems administrator is responsible for securing the LDAP directory service for the organization's computing resources. Which authentication method should the systems administrator implement to ensure secure access while minimizing opening extra ports on the firewall? A.It requires no authentication method B.Simple Bind authentication method C.Simple Authentication and Security Layer D.Lightweight Directory Access Protocol Secure

C.Simple Authentication and Security Layer

Question A cybersecurity analyst is implementing security measures for Near Field Communication (NFC) usage in the organization's mobile devices. Which technique should the analyst consider applying to mitigate potential risks associated with NFC technology? A.Enable NFC chip reading for all devices to enhance connectivity options. B.Use NFC for direct payment transactions without the need for mobile wallet apps. C.Apply encryption to NFC data to prevent eavesdropping and on-path attacks. D.Increase the NFC signal range to improve communication.

C.Apply encryption to NFC data to prevent eavesdropping and on-path attacks.

Question A critical infrastructure organization responsible for managing energy distribution across a large region relies heavily on industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems to monitor and control the power grid. Given the critical nature of the operations, the IT team has implemented a control to safeguard these systems. Which control did the IT team use to protect ICS and SCADA systems? A.Regular system updates B.Network segmentation C.Secure boot mechanisms D.Transport encryption protocols

B.Network segmentation

Question A cybersecurity team for a technology company specializes in developing mobile applications for various industries. The team is working on a new app that utilizes location services to provide users with real-time updates on nearby events and activities. The app's success depends on its ability to provide accurate and relevant information based on the user's current location. However, the project stakeholders have expressed concerns about certain aspects of location services. What is the primary concern surrounding location services in mobile devices? A.Battery consumption B.Lack of accuracy C.Privacy D.Limited availability

C.Privacy

Question An organization has a significant amount of mobile devices that it manages. Which mobile device deployment model gives the organization the MOST control over the device, thereby improving security? A.BYOD B.CYOD C.COBO D.COPE

C.COBO Corporate-Owned Business Only (COBO) grants the organization ownership of the device, allowing its use solely for company business, providing the most control and improved security.

What is the purpose of implementing the principle of least privilege in endpoint protection? A.To restrict user access to specific network resources B.To enforce mandatory security configurations on devices C.To manage firewall rules across an organization's network D.To grant minimum permissions needed to perform tasks

D.To grant minimum permissions needed to perform tasks

Question Which intrusion detection method involves the analysis engine trained to recognize baseline "normal" traffic and generates an incident when it detects deviations from this baseline? A.Signature-based detection B.Behavioral- and anomaly-based detection C.Trend analysis D.Network traffic analysis (NTA)

B.Behavioral- and anomaly-based detection Behavioral- and anomaly-based detection involves training the engine to recognize any activity that deviates from this baseline (outside a defined tolerance level) to generate an incident. It helps identify zero-day attacks, insider threats, and other malicious activities without a specific signature.

Question A multinational corporation has hired a lead IT consultant to assess the security of its various systems, including Windows and Linux servers, desktops, and mobile devices in different countries. To ensure consistent security across all these systems, which of the following tools would the consultant recommend the organization use to automate the deployment of secure baseline configurations? A.Center for Internet Security Configuration Assessment Tool (CIS-CAT) Pro B.Security Content Automation Protocol (SCAP) C.Puppet D.Security Technical Implementation Guides (STIGs)

C.Puppet Organizations can use configuration management tools like Puppet to automate the deployment of secure baseline configurations across various diverse systems. Puppet helps enforce consistency and detect deviations from the established baseline. SCAP is a protocol for measuring compliance with secure baselines, not automating deployment.

Question Which of the following methods is a replacement for Wi-Fi Protected Setup (WPS) as a more secure means of configuring client devices with the necessary information to access a Wi-Fi network? A.Device Provisioning Protocol (DPP) B.Wi-Fi Protected Access 3 (WPA3) C.Enhanced Open D.Simultaneous Authentication of Equals (SAE)

A.Device Provisioning Protocol (DPP) Wi-Fi Easy Connect, also known as Device Provisioning Protocol (DPP), replaces Wi-Fi Protected Setup. It uses quick response (QR) codes or near-field communication (NFC) tags to communicate public keys between devices.

Question The network administrator for a large corporation recently detected multiple unauthorized intrusion attempts on the network. As a result, the team deployed an intrusion detection system (IDS) and an intrusion prevention system (IPS). The team aims to block malicious traffic and automatically receive alerts on suspicious activities. The administrator needs to choose an approach that offers real-time protection against active threats and can modify or reject traffic in the network. Based on the desired outcomes and functionality the network administrator requires, which system should the team primarily focus on for real-time traffic modification and blocking active threats? A.Intrusion Detection System (IDS) B.Intrusion Prevention System (IPS) C.Network-based Intrusion Detection System (NIDS) D.Host-based Intrusion Detection System (HIDS)

B.Intrusion Prevention System (IPS)

A healthcare organization has tasked a new security lead to improve its data protection strategy. The organization is heavily dependent on medical devices, electronic health records, and communication systems that are all interconnected. How can the security lead reason with the executive leadership team to implement secure baselines for network devices, software, and other components to the executive leadership team? A.It enhances IT security and operational efficiencies. B.It reduces the need for logging and monitoring. C.It simplifies the process of patching and updates. D.It promotes the use of default configurations.

A.It enhances IT security and operational efficiencies.

Question Which of the following practices is critical for device hardening by providing a standard set of guidelines or checklists for configuring devices securely? A.Regular maintenance cycle B.User awareness training C.Least functionality principle D.Monitoring and encryption

C.Least functionality principle The least functionality principle is critical for device hardening by providing a standard set of guidelines or checklists for configuring devices securely. It ensures that a system should run only the protocols and services required by legitimate users and no more, which reduces the attack surface.

Question A system administrator at a software development company is working on integrating package monitoring into the organization's vulnerability management strategy. The administrator aims to track software packages and applications to ensure they remain free from vulnerabilities and continue to support the firm's security framework. As the system administrator incorporates package monitoring into the vulnerability management process, which actions will MOST likely get prioritized to enhance the effectiveness of this approach? (Select the two best options.) A.Tracking outdated software packages B.Manually updating software every day C.Monitoring software repositories for new updates D.Buying the latest antivirus software every month

A.Tracking outdated software packages C.Monitoring software repositories for new updates

A security analyst evaluates a software application's codebase to detect potential security vulnerabilities. The analyst performs dynamic security testing and static source code analysis to understand potential threats comprehensively. When conducting dynamic security testing and static source code analysis, the analyst typically performs which activities? (Select the two best options.) A.Reviewing code for hard-coded credentials B.Analyzing run-time behavior of applications C.Installing updates on network routers D.Configuring firewall rules

A.Reviewing code for hard-coded credentials B.Analyzing run-time behavior of applications

Question A software development company pushes a critical update for its operating system, addressing security vulnerabilities. The chief information security officer (CISO) schedules a meeting with the security team to discuss the specifics of one of these vulnerabilities exploited in recent cyberattacks. Based on common operating system vulnerabilities, which of the following has insufficient or missing data validation mechanisms that lead to the system interpreting unintended command execution? A.Buffer overflow B.Privilege escalation C.Side-channel attack D.Fingerprinting

A.Buffer overflow Buffer overflow vulnerabilities occur when an application receives more data than it can handle, resulting in the potential for unintended command execution.

Question A medium-sized software development company recently introduced a bug bounty program to identify and mitigate vulnerabilities in their flagship application. The security manager plans to coordinate the program's rules and engagement policies. When setting up a bug bounty program for vulnerability management, which activities should the security manager prioritize to ensure the program's effectiveness and ethical participation? (Select the two best options.) A.Establishing a clear scope of which assets researchers can test B.Offering substantial rewards regardless of the severity of the bug found C.Providing a secure platform for researchers to report findings D.Allowing researchers to disclose findings publicly immediately after discovery

A.Establishing a clear scope of which assets researchers can tesC.Providing a secure platform for researchers to report findings

Question An organization's security team has hired a penetration tester to assess the vulnerabilities in its digital infrastructure. The penetration tester has a clear set of guidelines and is about to start the test. When engaging in vulnerability management within an organization, which activities will the penetration tester MOST likely undertake to ensure a comprehensive assessment? (Select the two best options.) A.Deleting data found in critical servers B.Running exploitation tools against known vulnerabilities C.Installing new software without prior permission D.Assessing the environment for potential weak points

B.Running exploitation tools against known vulnerabilities D.Assessing the environment for potential weak points

Question A software development company has recently integrated new tools for dependency analysis and Software Bill of Materials (SBOM) into its development pipeline. The security team ensures that these tools effectively identify and manage vulnerabilities. When leveraging dependency analysis and SBOM tools in a software development environment, which key factors should the security team prioritize to address potential vulnerabilities more efficiently? (Select the two best options.) A.Recognizing outdated software dependencies B.Tracking the frequency of software updates C.Identifying undisclosed open-source components D.Calculating the software's runtime speed

A.Recognizing outdated software dependencies C.Identifying undisclosed open-source components

Question An IT security consultant is reviewing the advanced data protection strategies of a multinational corporation. The corporation recently experienced a significant data breach that affected one of its primary databases, leading to significant downtime and a loss of trust among its stakeholders. The consultant notes that while the company has robust preventive measures, its resilience and recovery procedures need enhancement. Based on the importance of resilience and recovery in security architecture, which of the following strategies would the consultant MOST likely recommend to prevent excessive downtime and loss of stakeholder trust? A.Implement a redundant data storage solution with automated failover capabilities B.Increase the frequency of employee cybersecurity training sessions C.Deploy additional intrusion prevention systems at all network entry points D.Purchase and install the latest antivirus software for all end-user devices

A.Implement a redundant data storage solution with automated failover capabilities

Question A leading financial institution is enhancing its security infrastructure by revising user access controls. The IT department, in collaboration with the security team, deliberates on the essential principles to guide their implementation efforts. A primary focus is on ensuring proper authentication and authorization mechanisms are in place. Which of the following measures should the IT department integrate to ensure users are both authenticated and authorized before gaining access to sensitive resources? (Select the two best options.) A.Implementing multifactor authentication (MFA) B.Assigning role-based access controls (RBAC) C.Using a single shared password for all users D.Relying on facial recognition for guest users

A.Implementing multifactor authentication (MFA) B.Assigning role-based access controls (RBAC)

Question A security consultant is evaluating the resilience of a company's server room during power interruptions, focusing on the integration of Power Distribution Units (PDUs) and backup power solutions. Given the critical need for continuous operation, how do backup power generators complement the use of PDUs and UPS systems to ensure server room operations are maintained without interruption? A.It ensures power load balancing occurs across multiple servers. B.It supplies power to PDUs, preventing lapses during an outage. C.It provides prolonged power to PDUs to prevent exhausting the UPS power. D.It filters and stabilizes power before the PDU distributes it.

C.It provides prolonged power to PDUs to prevent exhausting the UPS power.

Question The cybersecurity team at a multinational corporation is collaborating with the facilities department to design a new data center. The team seeks to integrate top-tier physical security controls into the site layout to maximize protection against potential threats. The discussions revolve around the best strategies to ensure the safety of the data center. When designing the physical security controls for the site layout of the new data center, which strategy would be MOST effective in deterring unauthorized access and providing a comprehensive security layer? A.Establishing a security perimeter with layered access controls B.Implementing a single, fortified main entrance C.Placing all servers near windows for easy maintenance D.Distributing security personnel evenly throughout the premises

A.Establishing a security perimeter with layered access controls

Question An organization's security team is in the process of implementing new security measures for managing its hardware, software, and data assets, increasing its overall protection. The team plans to implement network segmentation, store passwords in plaintext in a secure server, establish a policy for outdated software disposal, and perform regular asset inventory audits. Considering the initiatives the security team proposes, what relevant and secure practices directly relate to managing hardware, software, and data assets effectively and efficiently while ensuring data protection? (Select the two best options.) A.Network segmentation B.Storing passwords in plaintext on a secure server C.Establishing a policy disposing of outdated software D.Performing regular audits of asset inventory

C.Establishing a policy disposing of outdated software D.Performing regular audits of asset inventory

Question A global finance company faced a massive cyberattack. The attacker successfully bypassed perimeter defenses and encrypted a significant portion of the company's stored financial records. The company's incident response team quickly intervened, neutralizing the threat. Now, the chief information security officer (CISO) focuses on implementing strategies to enhance resilience and ensure a rapid recovery should a similar event occur. Considering the company's recent incident and its determination to bolster resilience and advanced data protection, which of the following actions should the CISO prioritize to MOST directly ensure the organization can efficiently recover from similar cybersecurity events in the future? A.Implementing an advanced intrusion detection system (IDS) B.Regularly testing and updating data backup and recovery solutions C.Introducing more comprehensive employee cybersecurity training programs D.Increasing the frequency of penetration testing exercises

B.Regularly testing and updating data backup and recovery solutions

Question Following a recent insider threat breach, a network engineer reviews the company’s Zero Trust architecture policy to ensure all aspects are accurate and aspects of the control and data planes are implemented correctly. What statements are TRUE regarding the control plane of the Zero Trust architecture? (Select the two best options.) A.It establishes sessions for secure information transfers. B.In this plane, a subject uses a system to make requests for a given resource. C.It manages policies that dictate how users and devices are authorized to access network resources. D.It is implemented through a centralized policy decision point.

C.It manages policies that dictate how users and devices are authorized to access network resources. D.It is implemented through a centralized policy decision point.

To improve security, the security team at a growing tech company aims to update its infrastructure. They explore different architecture models and ponder the implications of logical segmentation. To curb lateral movement within the network (in case an intruder accesses one segment), the team plans to split the network into smaller, isolated segments, each boasting its own resources and security controls. Considering this strategy to boost security, which architecture model would optimally support the logical segmentation strategy? A.Client-server model B.Peer-to-peer model C.Hybrid model D.Monolithic model

A.Client-server model The client-server model best supports logical segmentation. In this model, clients request services, and servers provide those services. This model is more suitable for segmentation as each segment can have its own server that manages its resources and security controls.

A research team of an aerospace organization wants to purchase an operating system (OS), that is commonly used in the aerospace industry and can assist in prioritizing deterministic execution of operations to ensure consistent responses are received for time-critical tasks. What type of OS should the research team purchase? A.SCADA B.ICS C.ZTA D.RTOS

D.RTOS For this scenario, the purchase of a Real-Time Operation System (RTOS) would be most appropriate as it can assist in prioritizing deterministic execution of operations to ensure consistent response are received for time-critical tasks.

Question A cybersecurity analyst at a large corporation is assessing the security implications of transitioning to a hybrid model that incorporates both traditional network and cloud architectures. The corporation aims to leverage the advantages of both architectures while minimizing potential vulnerabilities. The analyst needs to understand the distinctive characteristics of each model to manage risks effectively. Given the differences in the architecture models, which statements correctly describe unique features related to the security implications of each model? (Select the two best options.) A.Cloud architectures actively delegate security tasks between cloud service providers and customers, creating a shared responsibility model. B.Traditional network architectures inherently prioritize data encryption during transit more than cloud architectures. C.Physical device security and controlled access gain heightened importance in traditional network architectures due to onsite storage of devices. D.Cloud architectures solely depend on customers to manage the physical hardware and its security.

A.Cloud architectures actively delegate security tasks between cloud service providers and customers, creating a shared responsibility model. C.Physical device security and controlled access gain heightened importance in traditional network architectures due to onsite storage of devices.

The network security engineer at a multinational company is preparing to introduce a new network infrastructure model. The company's objective is to minimize the attack surface by implementing effective port security measures. To accomplish this, the engineer is evaluating the security implications of various architecture models and their compatibility with port security measures. Since the network security engineer plans to deploy port security to minimize the attack surface, which architecture model can BEST assist in supporting and enhancing the effectiveness of port security? A.Peer-to-peer model B.Client-server model C.Hybrid model D.Three-tier model

B.Client-server model The client-server model can enhance the effectiveness of port security as it has centralized servers, making it easier to monitor and manage port security.

Question In exploring the tenets of Zero Trust Architecture, a cyber consultant reviews its various benefits and components to determine how the solution can help the company. What components are associated with ZTA? (Select the two best options.) A.Better access controls B.Cloud security C.Improved governance and compliance D.Data protection

B.Cloud security D.Data protection

Question A network architect at a global financial institution overhauls the company’s on-premises network to enhance security and reduce the attack surface. To accomplish this, the architect assesses various architecture models and their respective impact on the on-premises network’s security implications. While redesigning the on-premises network, which architecture derivative/model could effectively decrease the attack surface? A.Centralized architecture B.Peer-to-peer network C.Content delivery networks D.Hybrid cloud

A.Centralized architecture Centralized computing architecture refers to a model where all data processing and storage is performed in a single location, typically a central server. That can help minimize threat vectors.

A software engineer reviews the use of SCADA applications associated with various industries. What sector of industry refers specifically to mining and refining raw materials, involving hazardous high heat and pressure furnaces? A.Energy B.Fabrication C.Facilities D.Industrial

D.Industrial

Question A network engineer reviews the security implications tied to cloud architecture models as the company plans to move data off-premises at the end of the year. What model provides flexibility by allowing the company to store sensitive data to a private cloud infrastructure and non-sensitive information on a public cloud infrastructure? A.Multi-tenant architecture B.Serverless architecture C.Single-tenant architecture D.Hybrid architecture

D.Hybrid architecture In this scenario, a hybrid architecture provides greater flexibility and control over sensitive data and applications, allowing customers to store data on private cloud infrastructure while using public cloud infrastructure for less sensitive workloads.

Upon learning that the organization is looking to enhance network security solutions for the corporate office, a software technician explores the benefits of deploying a Zero Trust Architecture (ZTA). What is not a key benefit of using a ZTA? A.Greater security B.Better access controls C.Decreased granularity D.Improved governance and compliance

Decreased granularity To the contrary of decreased granularity, a key benefit of deploying ZTA is to have increased granularity, as it grants users access to what they need when they need it.

Question A newly established e-commerce company experienced increased web-based attacks on its online shopping platform. As a result, the company installed a Web Application Firewall (WAF) to enhance its security infrastructure. What primary function should the network security manager ensure the WAF is performing to protect the online platform from the most common types of web-based threats, such as Cross-site Scripting (XSS), Structured Query Language (SQL) Injection, and Cross-site Request Forgery? A.Monitor traffic and block DDoS attacks B.Inspect HTTPS traffic C.Validate input and output D.Encrypt data in transit

C.Validate input and output A WAF primarily validates input and output. It safeguards against web-based threats by scrutinizing the data sent and received from the web application to ensure compliance with defined security rules.

The IT department in a large multinational corporation faces challenges managing secure communications for remote desktop connections. The increasing number of remote employees has made it essential to ensure that their remote desktop connections are secure. The IT department is considering various measures to establish secure communication. Given the challenges the corporation faces, what approach should the IT department adopt to ensure secure communications for remote desktop connections while maintaining the manageability and performance of the enterprise infrastructure? A. Implement transport layer security for all remote desktop connections B. Disable all firewall rules for remote desktop connections C. Establish virtual private network tunnels without encryption protocols D. Enable open access to remote desktop connections for manageability

A. Implement transport layer security for all remote desktop connections

Question A company has expanded its operations to a new location and is setting up its network infrastructure. A significant part of this setup includes strategically placing devices for optimal security and efficiency. How should the network security manager decide the optimal placement of the intrusion detection system (IDS) in the new network topology to ensure maximum visibility and efficiency without impacting overall network performance? A.Place the IDS outside the firewall B.Place the IDS at the end of the network C.Place the IDS directly behind the router D.Place the IDS near the servers

C.Place the IDS directly behind the router Placing the IDS directly behind the router ensures visibility of all incoming and outgoing traffic, which is crucial for detecting any unusual patterns or potential threats. Placing the IDS outside the firewall exposes it to all internet traffic, including a lot of noise and potential direct attacks on the IDS itself, which is not optimal.

A network engineer is formulating an architectural plan. When evaluating the use of a particular architecture and selection of controls, what is NOT an architectural consideration? A.Port security B.Costs C.Availability D.Risk Transference

A.Port security Port Security is not considered an architectural consideration but does prevent a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile.

Question To meet growing concerns of unauthorized access to the company network, a software engineer reviews protocols used in the 802.1X Standard that will assist in forcing computers to fully authenticate before being granted full access. What statements are true regarding the Extensible Authentication Protocol (EAP)? (Select the two best options.) A.It provides a framework for deploying multiple types of authentication methods. B.It is used to establish a trust relationship and create an unsecure tunnel to transmit the user credential. C.It allows for smart-card authentication without a password. D.It allows the authenticator and authentication server to communicate authentication/authorization decisions.

A.It provides a framework for deploying multiple types of authentication methods. C.It allows for smart-card authentication without a password.

A growing company's IT department is weighing the pros and cons of different architectural models for its next project. The debate narrows down to cloud architecture versus traditional network architecture. During a team meeting, the head of IT security asks a newly hired network specialist to identify the primary security consideration when comparing cloud architecture to traditional network architecture. Based on the conversation in the IT department, which security consideration is MOST directly associated with cloud architecture compared to traditional network architecture? A.A need for regular network hardware/firmware updates B.Shared responsibility model with service providers C.Encryption of data transmitted over local networks D.Requirement for secure physical access to network devices

B.Shared responsibility model with service providers In cloud services, the division of security responsibilities between the cloud service provider and the customer creates a shared responsibility model. For traditional network architectures, a heightened emphasis exists on ensuring controlled physical access to network devices, preventing unauthorized interventions. In contrast, cloud architectures often leverage the robust infrastructure of service providers, trusting them to handle the intricacies of physical hardware management and security.

A software company implements Secure Shell (SSH) to manage remote servers securely within its enterprise infrastructure. The IT department is aware of the risks associated with improper SSH configurations and wants to optimize the settings to minimize those risks. To improve security and protect against potential vulnerabilities, what configuration should the IT department implement for the SSH protocol to enhance the secure management of remote servers in the enterprise infrastructure? A.Disable SSH version 2 and use only SSH version 1 B.Implement public key authentication for SSH C.Enable root logins for SSH D.Use weak encryption algorithms for SSH

B.Implement public key authentication for SSH SSH should implement public key authentication to provide more security than password-based authentication and to ward off Brute Force Password Attacks. Avoid disabling SSH version 2 since SSH version 2 is more secure and addresses numerous vulnerabilities found in SSH version 1.

Question One of the company’s accountants submitted a ticket stating they could not access a particular section of the accounting software. Why might the accountant not have access to every part of the accounting software? A.Licensing B.Discretionary access control C.Mandatory access control D.Least privilege

D.Least privilege To increase the security posture of any given system, users should only have the necessary access (least privilege) to complete their work and nothing more.

Question Which technology replaced NT LAN Manager in Active Directory? A.Kerberos B.Virtual Private Network C.Fast IDentity Online D.Unique security identifier

A.Kerberos The preferred system for network authentication in a Windows environment is Kerberos, which replaces the legacy system NT LAN Manager (NTLM) authentication.

Question A recently hired information technology manager wants to implement more automation regarding the onboarding procedure. What process describes setting up accounts so a new employee can automatically access the software and file shares from the human resource platform? A.Multifactor authentication B.Following least privilege C.Enabling a password reuse policy D.Provisioning

D.Provisioning

Why might it be a bad policy to set up permissions individually instead of using an access control methodology? A.It is harder to manage. B.It allows for more control. C.It allows for less control. D.It is easier to manage.

A.It is harder to manage.

Question An engineering firm wants to implement an authentication design that uses a framework for passwordless authentication. What statement is not accurate regarding passwordless authentication? A.The user chooses either a roaming authenticator, such as a security key, or a platform authenticator implemented by the device OS. B.The relying party uses a private key to verify the signature and authenticate the account session. C.The user registers with a web application or service, referred to as a relying party. D.When presented with an authentication challenge, the user performs the local gesture to unlock the private key.

B.The relying party uses a private key to verify the signature and authenticate the account session. To the contrary, part of the passwordless authentication framework involves the relying party to use the public key, not private, to verify the signature and authenticate the account session.

Question A small defense contractor is setting up a new shared drive system and needs the proper controls to ensure that only those with the correct classification can access any given folder or file. Which control type would meet these requirements? A.Multifactor authentication B.Role-based access control C.Mandatory access control D.Discretionary access control

C.Mandatory access control Security clearance levels form the basis of mandatory access control (MAC). Rather than defining access control lists (ACLs) on resources, each object receives a classification label. Depending on the clearance level, a subject receives access to that resource.

Question A manufacturing company has recently acquired another, similar company. They need to link each company's directory systems together to access their resources using a single account. How can they link the two directory systems together? A.Site-to-site VPN B.Migration C.Federation D.Location-based restrictions

C.Federation Federation directories allow two different subsets of accounts to work together for permissions and access.

Question A company wants to set up single sign-on (SSO) without passing credentials through to each piece of software and cloud service. Which protocol would meet this requirement? A.Kerberos B.Fast IDentity Online C.Virtual Private Network D.Open Authorization

D.Open Authorization The Open Authorization (OAuth) protocol is a system that facilitates the sharing of information (resources) within a user profile between sites. OAuth can be used to implement SSO by allowing users to log in once and access multiple applications without passing credentials through to each piece of software. OAuth can be integrated with other mechanisms to provide SSO capabilities and also supports OpenID Connect (OIDC) tokens to enhance identity verification when needed.

Question A company using Windows Server technology needs to link its Active Directory to a third-party service to allow single sign-on. Which service that uses the standard X.500 would work for the company? A.Virtual Private Network B.Lightweight Directory Access Protocol C.Application Programming Interface D.Local Security Authority Subsystem Service

B.Lightweight Directory Access Protocol Lightweight Directory Access Protocol (LDAP) is a protocol companies use for accessing network directory databases. LDAP stores information about authorized users, their privileges, and other organizational information. Local Security Authority Subsystem Service (LSASS) compares the credential to a hash stored in the Security Account Manager (SAM) database.

A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after testing the website, an error message in the browser stated that the connection was insecure. What should the marketing firm purchase and set up so that the page shows that it is secure? A.Digital certificate B.Certificate Authority C.Cryptoanalysis D.Certificate Signing Request

A.Digital certificate A digital certificate is a wrapper for a subject's public key. It contains information about the subject and the certificate's issuer. The certificate is digitally signed to prove it came from a particular Certificate Authority (CA). A Certificate Authority is a server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.

A small development company just set up a web server and must ensure a secure customer connection. Regarding digital certificates, what is a file containing the information that the subject wants to use in the certificate, including its public key? A.CA B.CSR C.CRL D.PKI

B.CSR The Certificate Signing Request (CSR) is a file containing the information that the subject wants to use in the certificate, including its public key. A Certificate Authority is a server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys. A CA or owner can revoke or suspend a certificate for many reasons. A Certificate Revocation List (CRL) is a list of no longer valid certificates.

An indie game developer created a browser based on the Chromium project. The developer must ensure that anyone using the browser is safe from invalid certificates. What should the developer use to ensure that the browser blocks revoked certificates? A.CRL B.CA C.CSR D.PKI

A.CRL A Certificate Authority (CA) or owner can revoke or suspend a certificate for many reasons. A Certificate Revocation List (CRL) is a list of no longer valid certificates.

Question A cancer diagnostic clinic must transfer a large amount of data to a cloud vendor to migrate from its on-premises server. However, the amount of data would make the transfer over the internet take extensive time due to the limited bandwidth the clinic’s internet provides. Instead, it wants to ship an encrypted copy of the data to the vendor. What type of encryption would BEST fit the clinic’s needs? A.Symmetric algorithm B.Asymmetric algorithm C.Plaintext D.Cryptography

A.Symmetric algorithm In this scenario, the best option is to use a symmetric algorithm, as it uses the same secret key to perform encryption and decryption and allows for efficiency, security, and speed. Symmetric encryption is used for bulk encryption of large amounts of data. An asymmetric algorithm performs both encryption and decryption, but with two different but related public and private keys in a key pair.

A news reporter received an anonymous message containing a potential Pulitzer Prize-winning story. However, the anonymous sender requested the reporter set up a communication system that enforced encryption before sending over details for the story. What is the anonymous sender trying to ensure? A.The reporter needs to show an interest in the story. B.The anonymous sender is suspicious of the reporter. C.Encryption prevents the theft of intellectual property. D.Encryption allows for confidentiality.

D.Encryption allows for confidentiality. The purpose of encryption is to allow for confidentiality. It prevents third parties from listening in and knowing what communication is occurring. Encryption is important for things like whistleblower reporting.

Question A large certificate-issuing company lost its reputation due to poor business practices. Its higher signing authority revoked the ability to issue new certificates, and browsers now show it as invalid. What describes the position that the company once had but has now lost? A.Root Certificate Authority B.Certificate Signing Request C.Certificate Authority D.Certificate Revocation List

C.Certificate Authority

Question A recent security flaw allowed a malicious actor to access sensitive data even though the data never left the server and there is full drive encryption. Which data state did the malicious actor MOST likely compromise? A.In transit B.At rest C.In use D.Through Bluetooth

C.In use Data in Use (or data in processing) refers to the state in which data is present in volatile memory, such as system Random Access Memory (RAM) or Central Processing Unit (CPU) registers and cache. The security flaw allows for data exploitation while in use.

Question What is the process used to encrypt and decrypt a message? A.Cryptanalysis B.Plaintext C.Ciphertext D.Algorithm

D.Algorithm An algorithm refers to the operations that transform plaintext into ciphertext with cryptographic properties, also called a cipher. There are symmetric, asymmetric, and hash cipher types of algorithms.

Question A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after running a test on the website, an error message in the browser stated that the connection was insecure. What framework should the marketing firm use to ensure this error message does not show up? A.Public key infrastructure B.Certificate authority C.Cryptanalysis D.Typosquatting

A.Public key infrastructure Public key infrastructure (PKI) refers to a framework of Certificate Authorities (CAs), digital certificates, software, services, and other cryptographic components deployed to validate subject identities. A Certificate Authority is a server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.

Security + Flashcards

(110 cards)