General Security Concepts
An organization frequently implements changes, reconfigurations, and patches to enhance itsIT infrastructure's security and efficiency. The cybersecurity analyst must carefully analyzedependencies between services, applications, and interfaces to avoid unintended outages anddisruptions during service restarts or downtime events. How does understandingdependencies impact the change management process? (Select the three best options.)
a. Knowing dependencies helps avoid unintended outages and disruptions during service restarts or downtime events.
b. Understanding dependencies guides the development of effective backout plans and downtime contingencies.
c. Understanding dependencies supports the development of post-change performance monitoring to validate system functionality and quickly detect issues.
d. Understanding dependencies helps minimize the need for backout plans during changes.
a. Knowing dependencies helps avoid unintended outages and disruptions during service restarts or downtime events.
b. Understanding dependencies guides the development of effective backout plans and downtime contingencies.
c. Understanding dependencies supports the development of post-change performance monitoring to validate system functionality and quickly detect issues.
An organization's IT security team has discovered that a recent software update, unknowingly deployed, contained a zero-day exploit. This vulnerability has now made the company's systems susceptible to potential unauthorized access. Which of the following immediate actions should the security team execute to manage this zero-day exploit situation?
a. Reformat all affected systems and restore data from backup.
b. Disconnect the company's entire network from the internet.
c. Contact all clients and inform them about the security breach.
d. Isolate the impacted systems and apply a patch or remediation strategy.
d. Isolate the impacted systems and apply a patch or remediation strategy.
An organization wants to implement a hybrid cloud strategy but is concerned about the security risks associated with this change. Which approach is most effective for this new project?
a. The organization should consider choosing the cloud provider based only on pricing for the security responsibilities.
b. The organization should consider completely relying on third-party security audits for managing security responsibilities.
c. They should use a full Infrastructure as a Service (IaaS) model, handing infrastructure security responsibilities to the cloud provider.
d.. They should balance security duties between on-premises and cloud to ensure a clear definition in the responsibility matrix.
d. They should balance security duties between on-premises and cloud to ensure a clear definition in the responsibility matrix.
A large manufacturing company relies heavily on industrial control systems to operate its production lines. The company has a range of devices, including programmable logic controllers (PLCs) and human-machine interfaces (HMIs), spread across the factory floor. Due to recent concerns about potential cyber threats, management wants to improve the security of these devices. How would the cybersecurity manager convince senior management of the primary objective of implementing physical device port hardening?
a. It enables automatic network connections.
b. It blocks incoming and outgoing network traffic.
c. It restricts access to physical interfaces.
d. It encrypts data on USB drives.
c. It restricts access to physical interfaces.
You're the compliance officer at a healthcare provider that uses electronic health records (EHR). A recent audit reveals that some patient data is not encrypted when transmitted over the internet, potentially violating privacy regulations. Which consequence is MOST likely if the healthcare provider fails to address the regulatory non-compliance issue related to patient data encryption?
a. Automatic encryption of all patient data
b. Fines and legal penalties
c. Increased investment in cybersecurity technologies
d. Enhanced reputation among patients
b. Fines and legal penalties
A user in a company wants a new USB flash drive. Rather than requesting one through the proper channel, the user obtains one from one of the company's storage closets. Upon approaching the closet door, the user notices a warning sign indicating cameras are in use. What is the control objective of the observed sign?
a. Deterrent
b. Preventive
c. Detective
d. Corrective
a. Deterrent
A system administrator is upgrading a company's network security infrastructure and notices several legacy machines running end-of-life operating systems (OS). These machines are no longer upgradeable as the developer has stopped issuing security patches and updates. However, the machines are still necessary for certain critical tasks. What is the system administrator's MOST effective course of action to reduce potential security vulnerabilities caused by these legacy machines running end-of-life operating systems?
a. Isolate the legacy machines on a separate network segment.
b. Disable all network connections on the legacy machines.
c. Replace the legacy machines with modern machines.
d. Upgrade the software to make it compatible with a modern OS.
a. Isolate the legacy machines on a separate network segment.
You are the network administrator for a mid-sized company and are considering upgrading its firewall to one with Deep Packet Inspection (DPI) capabilities. What is the primary advantage of implementing a DPI firewall in the company's network?
a. Simplifies network configuration
b. Detects and prevents sophisticated cyber threats
c. Increases internet speed
d. Reduces network traffic
b. Detects and prevents sophisticated cyber threats
You are the security analyst overseeing a Security Information and Event Management (SIEM) system deployment. The CISO has concerns about negatively impacting the system resources on individual computer systems. Which would minimize the resource usage on individual computer systems while maintaining effective data collection?
a. Deploying additional SIEM systems to distribute the data collection load
b. Using a sensor-based collection method on the computer systems
c. Implementing an agentless collection method on the computer systems
d. Running regular vulnerability scans on the computer systems to optimize their performance
c. Implementing an agentless collection method on the computer systems
An organization is expanding its operations into a new region with unfamiliar regulatory requirements. The risk management team conducts a thorough risk assessment and identifies a need for robust controls to ensure compliance. Which of the following would be the MOST effective metric for tracking regulatory compliance risk in this situation?
a. The employee percentage who have received compliance training
b. The number of market competitors the company has identified
c. The frequency of audits conducted by the regulatory authority
d. The total revenue the company generated from the new region
a. The employee percentage who have received compliance training
A large technology firm adopts the National Institute of Standards and Technology (NIST) Cybersecurity Framework to improve its security posture. The company has hired an external security consultant to conduct a gap analysis to identify areas in which the firm deviates from the recommended framework controls. What is the MOST accurate description of this process?
a. Regular phishing tests conducted by the consultant to assess employee response to threats
b. The consultant's implementation of NIST Cybersecurity Framework controls without assessing the current security posture
c. The review and comparison of the company's security systems against NIST Cybersecurity Framework
d. The use of an automated system to identify and prioritize patching of vulnerabilities
c. The review and comparison of the company's security systems against NIST Cybersecurity Framework
A recent cyberattack led to massive disruptions in a country's power grid, causing widespread blackouts and significant economic and social damage. The country's cyber team traced the attack to a hostile nation-state's cyber warfare division. In this case, what is the primary motivation of the perpetrators?
a. Ethical concerns
b. Levels of sophistication/capability
c. War
d. Financial gain
c. War
An IT security consultant is reviewing the advanced data protection strategies of a multinational corporation. The corporation recently experienced a significant data breach that affected one of its primary databases, leading to significant downtime and a loss of trust among its stakeholders. The consultant notes that while the company has robust preventive measures, its resilience and recovery procedures need enhancement. Based on the importance of resilience and recovery in security architecture, which of the following strategies would the consultant MOST likely recommend to prevent excessive downtime and loss of stakeholder trust?
a. Increase the frequency of employee cybersecurity training sessions
b. Deploy additional intrusion prevention systems at all network entry points
c. Purchase and install the latest antivirus software for all end-user devices
d. Implement a redundant data storage solution with automated failover capabilities
d. Implement a redundant data storage solution with automated failover capabilities
You are the security analyst for a technology company that develops proprietary softwaresolutions for clients in the healthcare industry. During a security audit, you discover avulnerability in a software solution sold to clients that could allow an unauthorized user toaccess sensitive patient data. Which of the following actions should you take first to managethis situation effectively?
(Select the two best options.)
a. Use media outlets to notify clients of the software vulnerability
b. Document the vulnerability in detail, including how it was discovered, potential impacts, and any temporary mitigations that can be applied.
c. Initiate the organization's incident response processes.
d. Post the vulnerability details on the company's public blog.
b. Document the vulnerability in detail, including how it was discovered, potential impacts, and any temporary mitigations that can be applied.
c. Initiate the organization's incident response processes.
A company identifies a potential security risk with the implementation of a new system. After assessing the risk, the company decides to halt the deployment and not to proceed with the system’s introduction to avoid the risks altogether. What risk management strategy is the company employing?
a. Avoidance
b. Exemption
c. Mitigation
d. Transference
a. Avoidance
An organization's baseline configuration requires 256-bit keys for a specialized application used by one of its departments. After conducting some tests, it is determined that an existing device performs poorly when key lengths exceed 128 bits. After performing a risk assessment, the leadership team authorizes using 128-bit keys for the problematic device, pending its replacement. What type of control is described in this situation?
a. Technical
b. Administrative
c. Detective
d. Compensating
d. Compensating
The security team in a financial organization identified a zero-day vulnerability that enables cross-site scripting (XSS) attacks on its internal web portal. The chief information security officer (CISO) instructs the team to take immediate action. Which action most effectively minimizes the threat from the zero-day vulnerability and the potential XSS attacks?
a. Implement a web application firewall (WAF).
b. Restrict the number of login attempts.
c. Upgrade the hardware of the server.
d. Encourage staff to change their passwords.
a. Implement a web application firewall (WAF).
A healthcare institution is building a new patient information system. It wants to ensure the system can handle the projected volume of patient records and requests, especially during peak hours, without compromising the accuracy of information and system performance. Which of the following is the MOST effective way to confirm the system's ability to manage the expected demand in real-world scenarios through the recreation of conditions?
a. Outsourcing the system to a third party for validation
b. Launching the system and addressing issues as they arise
c. Performing manual testing on the system
d. Running a simulation of the system
d. Running a simulation of the system
To enhance its cybersecurity posture, a manufacturing company incorporates automation in various areas, such as threat detection, patch management, and log analysis. The company’s IT team must select the most effective automation strategies that align with the security policies and do not introduce new vulnerabilities. Which strategies should the team employ that would be the MOST effective to enhance its cybersecurity posture? (Select the two best options.)
a. Integrating automation with existing security tools and platforms for a unified response
b. Deploying untested automation scripts throughout the network
c. Outsourcing the entire automation process to a vendor without reviewing their security credentials
d. Implementing automation tools that offer built-insecurity features and compliance with industry standards
a. Integrating automation with existing security tools and platforms for a unified response
d. Implementing automation tools that offer built-insecurity features and compliance with industry standards
A company estimates that if a previously identified risk event occurs, it will lead to significant losses. What impact matrix uses red, yellow and green to represent the severity of the risk, its likelihood, and cost of controls?
a. Heat map
b. Risk tolerance
c. Annualized Loss Expectancy
d. Exposure factor
a. Heat map
After receiving the annual audit results from the Inspector General's office, a cyber specialistbegins identifying improvements to existing change management processes. Which of thefollowing roles would likely own the change management process?
(Select the two bestoptions.)
a. Vendors
b. Project manager
c. Partners
d. Team leader
b. Project manager
d. Team leader
What social engineering attack relies on targeting individuals, who frequently access an unsecured third-party website, to compromise their computers and gain access to a specific organization's systems?
a. Spear phishing
b. Watering hole
c. Pharming
d. Impersonation
b. Watering hole
You are a cloud security analyst reviewing a new application for a fintech startup. The application will be hosted on a serverless architecture to maximize scalability and cost efficiency. You know serverless architectures' unique security considerations, particularly around third-party services and APIs. In a serverless architecture, what is the MOST important security practice to protect sensitive financial data processed by the application?
a. Encrypting data at rest and in transit
b. Physical server hardening
c. Increasing memory allocation
d. Regularly patching server OS
a. Encrypting data at rest and in transit
You are tasked with destroying data stored on disk drives. Which of the following choices willaccomplish this objective while still allowing the disks to be re-used?
(Select the twobest options.)
a. Manufacturer-provided disk sanitization utility
b. Shredding
c. Multi-pass overwrite
d. Degaussing
a. Manufacturer-provided disk sanitization utility
c. Multi-pass overwrite
After reading an article online, a concerned business stakeholder has approached you about the risks associated with denial-of-service (DoS) attacks and the protections used at the company. The risk management team has previously identified and analyzed these risks. Where would you look to find this information?
a. Risk regulations
b. Risk heat map
c. Risk and Control Assessment (RCA)
d. Risk register
d. Risk register