Architecture and Design
Which party in a federation provides services to members of the federation?
- SAML
- SSO
- IdP
- RP
RP (Relying parties)
Which of the following must be combined with a threat to create risk?
- Exploit
- Vulnerability
- Mitigation
- Malicious actor
Vulnerability
A financial services company wants to donate some old hard drives from their servers to a local charity, but they are concerned about the possibility of residual data being left on the drives. Which of the following secure disposal methods would you recommend the company use?
- Cryptographic erase
- Overwrite
- Secure erase
- Zero-fill
Cryptographic erase (CE)
An internet marketing company decided that they didn't want to following the rules for GDPR because it would create too much work for them. They wanted to buy insurance, but no insurance company would write them a policy to cover any fines received. They considered how much the fines might be, and decided to simply ignore the regulation and its requirements. Which of the following risk strategies did the company choose?
- Mitigation
- Avoidance
- Acceptance
- Transference
Acceptance
Which of the following cryptographic algorithms is classified as asymmetric?
- AES
- PGP
- RC4
- 3DES
PGP (Pretty Good Privacy)
Which of the following attacks would most likely be used to create an inadvertent disclosure of information from an organization's database?
- Buffer overflow
- Denial of service
- Cross-site scripting
- SQL injection
SQL injection
Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?
- VPN
- Whitelisting
- MAC filtering
- Intrusion Detection System
Whitelisting
Which law requires that government agencies and other organizations that operate systems on behalf of government agencies to comply with security standards?
- COPPA
- HIPPA
- FISMA
- SOX
FISMA - The Federal Information Security Management Act
You have just received some unusual alerts on your SIEM dashboard and want to collect the payload associated with it. Which of the following should you implement to effectively collect these malicious payloads that the attackers are sending towards your systems without impacting your organization's normal business operations?
Honeypot
Which of the following types of remote access technologies should NOT be used in a network due to its lack of security?
- RDP
- SSH
- VPN
- telnet
Telnet
Marta's organization is concerned with the vulnerability of a user's account being vulnerable for an extended period of time if their password was compromised. Which of the following controls should be configured as part of their password policy to minimize this vulnerability?
- Password history
- Password complexity
- Minimum password length
- Password expiration
Password expiration
When your credit card data is written to the customer invoicing system at Dion Training, the first 12 digits are replaced with an x before storing the data. Which of the following privacy methods is being used?
Data masking
Which type of authentication method is commonly used with physical access control systems and relies upon RFID devices embedded into a token?
Proximity cards
The paparazzi have found copies of pictures of a celebrity's new baby online. The celebrity states they were never publicly released but were uploaded to their cloud provider's automated photo backup. Which of the following threats was the celebrity MOST likely a victim of?
Leaked personal files
Which of the following is not normally part of an endpoint security suite?
- VPN
- IPS
- Anti-virus
- Software firewall
VPN
Which type of personnel control is being implemented if Kirsten must receive and inventory any items that her coworker, Bob, orders?
Separation of duties