Enter Title

Threats, Vulnerabilities, Mitigations

Security Architecture

Security Operations

Security Program Management and Oversight

Common Acronyms

100

What is network segmentation?

Dividing up a network to control access between the portions (segments).

100

Which systems are the focus of a business continuity plan?

Critical systems

100

Which form of authentication can include something you know, something you have, something you are, or somewhere you are?

2FA/MFA

100

Which encryption method is faster?

Symmetric

100

MDM

Mobile Device Management

200

What is the term for an older piece of hardware or software with outdated security features?

Legacy system/software

200

Briefly explain load balancing

Distribute a workload across multiple devices or systems

200

Which type of authentication factor is a one-time code?

Something you have

200

What type of risk analysis is based on expert judgment and intuition?

Qualitative

200

RBAC

Role-based access control

300

Which software classification does not require installation on user devices?

Agentless

300

What is the term for using various systems or technologies to mitigate risk?

Platform diversity

300

List 3 indicators of compromise.

Account lockout, Concurrent sessions, Blocked content, Impossible travel, Resource consumption or inaccessibility, Out of cycle logging, Missing logs

300

What are the four techniques to address risk?

Accept, Avoid, Mitigate, Transfer

300

DAILY DOUBLE

HIPS

400

Which account should you disable immediately after installing a new OS to harden the OS?

The guest account

400

DAILY DOUBLE

In which network architecture is physical security an issue?

400

What is it called when an IDS watches for threats that match a known identity?

Signature based detection

400

Who is responsible for approving or denying change requests?

The Change Control Board or the Project Sponsor

400

SOAR

Security Orchestration, Automation, and Response

500

Which type of attack runs code within another process by making it load a dynamic link library?

DLL injection

500

What is the term for applying a one-way mathematical function to data?

Hashing

500

What is the process for responding to a security incident?

(1. Process)

2. Detect and Analyze

3. Contain

4. Eradicate

5. Recover

(6. Review Incident/Lessons Learned)

500

Which plan describes the actions to be taken if an attack occurs against the company's IT systems?

Incident Response Plan or Security Incident Response Plan

500

API

Application Programming Interface