General Security Concepts
The IT department of a corporation evaluates its security mechanisms to identify areas lacking
sufficient protection. Which of the following techniques should the IT department employ?
a. Non-repudiation
b. Gap analysis
c. Zero trust
d. Authorization models
b. Gap analysis
An employee reported seeing an individual outside the office drop a few thumb drives. Theemployee grabbed those devices and brought them to the information technology (IT) department. After conducting forensics on the devices using air-gapped machines, the IT team determined that the individual was trying to trick employees into plugging the devices into their computers to steal information. What was the malicious actor attempting on an unsuspecting employee?
a. The actor used a physical lure.
b. The actor used an email lure.
c. The actor was not being malicious.
d. The actor tried to improve the company's security posture.
a. The actor used a physical lure.
A multinational corporation wants to standardize and automate the setup of its technology infrastructure to reduce manual setup errors and support quicker deployment of resources. Which methodology should the corporation adopt to accomplish this?
a. Decentralized architecture
b. Infrastructure as code
c. Software-defined networking
d. Centralized architecture
b. Infrastructure as code
During a recent audit, a company noticed a troubling trend where people had their passwords on sticky notes in their work area. The employees stated that the password policy made it too difficult to remember them. Which policy should the company change to alleviate this issue?
a. Password reuse
b. Password history
c. Password management
d. Password complexity
d. Password complexity
A company hires a security analyst to perform a penetration test on its network. During the process, the analyst plans to use various reconnaissance techniques to collect information about the target system. In which of these reconnaissance methods does the security analyst directly interact with the target system?
a. Passive
b. Social engineering
c. Open-source intelligence (OSINT)
d. Active
d. Active
A software patch was inadvertently pushed out early, during the middle of the workday, and has brought business to a halt. The chief executive officer (CEO) demands that the systems return to full operations immediately. What part of the change plan will assist in this task?
a. Standard operating procedures
b. Backout plan
c. Impact analysis
d. Test results
b. Backout plan
A security analyst identifies an atypical spike in total outbound DNS traffic volume from a network attached security camera. Which of the following is most likely being observed?
a. Input validation
b. Denial-of-service attack
c. Distributed denial-of-service
d. Data exfiltration
d. Data exfiltration
A financial services company is defining the appropriate level of access controls for a specific type of data. The data includes highly sensitive company financial reports that should be accessible only within the organization, specifically to the senior management team. How
should the organization most likely classify this data?
a. Internal
b. Public
c. Proprietary
d. Confidential
d. Confidential
What benefit does certification offer within the context of secure disposal and decommissioning of assets?
a. It ensures that organizations maintain compliance with relevant regulations and minimize breach risks.
b. It provides documentation and verification of the data sanitization or destruction process.
c. It establishes policies and practices governing the storage and preservation of information within the organization.
d. It influences legal, regulatory, and operational requirements.
b. It provides documentation and verification of the data sanitization or destruction process.
A tech start-up company considers deploying a new email system. In their analysis, the company evaluates the identified risks and costs associated with an isolated non-reoccurring event where the current email system would go down for approximately 36 hours. What metric should the company utilize during this process?
a. Risk Identification
b. Annualized Rate of Occurrence
c. Annualized Loss Expectancy
d. Single Loss Expectancy
d. Single Loss Expectancy
A company installed a new locking cabinet in the computer room to hold extra flash drives and other supplies. Which type of security control did the company configure?
a. Compensating
b. Deterrent
c. Containment
d. Preventive
d. Preventive
A systems administrator notices several user accounts frequently get locked out but cannot successfully troubleshoot the issue because the system has no log data. Which of the following is the MOST likely explanation for the lack of logs during these events?
a. Account lockout
b. Log tampering or deletion
c. Unsecure network connection
d. Malware attack
b. Log tampering or deletion
A cloud administrator aims to privately connect two cloud server instances located in separate Virtual Private Clouds (VPCs) on Amazon Web Services (AWS). What configuration should be used to facilitate this connection without involving an internet gateway?
a. By creating a private Multiprotocol Label Switching (MPLS) network
b. By using a virtual private cloud (VPC) peering connection
c. By using AWS Direct Connect
d. By deploying an on-premises data center
b. By using a virtual private cloud (VPC) peering connection
After finding some of the company's confidential data on the internet, a software team is
drafting a policy on vulnerability response and remediation. What remediation practice refers to measures put in place to mitigate the risk of a vulnerability when the team cannot directly eliminate it?
a. Segmentation
b. Patching
c. Compensating controls
d. Insurance
c. Compensating controls
A multinational corporation operates in several countries with diverse regulations regarding data privacy and security. What is the primary responsibility of the security team concerning the multitude of governmental and regulatory entities influencing the corporation's operations?
a. Lobbying governmental entities for favorable policies
b. Ensuring compliance with all applicable regulations and laws
c. Avoiding any interaction with regulatory entities to maintain operational secrets
d. Shaping internal policies independently from external regulations
b. Ensuring compliance with all applicable regulations and laws
A financial institution receives a significant software update. What is the optimal approach to handle this situation in a change management program?
a. Apply to critical systems first, then the rest
b. Update systems with past vulnerabilities only
c. Apply at next maintenance window without assessment
d. Assess impact, test, get approval, apply update
d. Assess impact, test, get approval, apply update
An IT administrator observes that a significant number of mobile devices within the organization have applications installed from outside official app stores. Concerned about the security implications, the administrator decides to assess the vulnerabilities introduced by this practice. Which of the following BEST describes the process that allows users to install
applications on their devices from sources other than official app stores, potentially exposing the device to malware or unauthorized data access?
a. Keylogging
b. Sideload
c. Jailbreaking
d. Rooting
b. Sideload
A large bank is redesigning its network architecture and wants to implement a zone-based security model. Which of the following is the most accurate statement about hosts within the same zone?
a. All hosts within a zone are automatically considered fully trusted.
b. Hosts within the same zone should be subject to the same access control requirements.
c. Data assets of all types should be held within a single zone for easier management.
d. Traffic between zones should be unrestricted for seamless communication.
b. Hosts within the same zone should be subject to the same access control requirements.
A cybersecurity analyst at a tech firm is integrating Open Source Intelligence (OSINT)methodologies into the company's vulnerability management program. The analyst seeks touse publicly available information to understand potential threats better and improve thefirm's security posture. When the cybersecurity analyst integrates OSINT into the vulnerabilitymanagement program, which will the analyst MOST likely prioritize to maximize theeffectiveness of the security framework? (Select the two best options.)
a. Monitoring deep web sources for threat indicators
b. Automating system patch updates based on social media trends
c. Analyzing publicly available forums for emerging threat patterns
d. Upgrading the office router every time a new model is released
a. Monitoring deep web sources for threat indicators
c. Analyzing publicly available forums for emerging threat patterns
A new IT security firm is partnering with a large IT support company and is opening its business soon. To provide adequate protection for both companies, each agrees to sign a document that covers goals, financial arrangements, decision-making processes, and intellectual property rights. Which of the following documents includes this type of
information?
a. Business Partnership Agreement (BPA)
b. Memorandum of Agreement (MOA)
c. Non-Disclosure Agreement (NDA)
d. Memorandum of Understanding (MOU)
a. Business Partnership Agreement (BPA)
A senior analyst is purchasing new cybersecurity tools that enhance the ability to detect and defend against various types of attacks. What decoy system can support detection efforts by mimicking specific applications and gathering information on the attacker's tactics and tools?
a. Honeynet
b. Honeytoken
c. Honeyfile
d. Honeypot
d. Honeypot
A prominent multinational corporation has experienced an unexpected spike in unauthorized network traffic aimed at its web servers. Upon investigation, the corporation discovered that the goal of this traffic was to disrupt its online services rather than gain unauthorized access or steal data. The attack started shortly after the corporation made a controversial policy
decision that sparked a public backlash. Which type of attacker is MOST likely responsible?
a. Individual hacker
b. Hacktivist
c. Nation-state
d. Insider threat
b. Hacktivist
A rapidly growing e-commerce company is considering changes to its cloud infrastructure to support rapid growth and provide access to geographically diverse services while still maintaining its existing data center. Which infrastructure model should the company consider to address its needs?
a. Switch to a cloud networking solution with a well-defined service-level agreement (SLA).
b. Maintain the on-premises network and add more server nodes as the workload increases.
c. Implement a hybrid solution with a mix of on-premisesand cloud-based infrastructure.
d. Distribute the workload across several smaller, geographicallydispersed on-premises sites.
c. Implement a hybrid solution with a mix of on-premisesand cloud-based infrastructure.
Employees in a large corporate office use devices that support Bluetooth and Wi-Fi. What security risk is most closely associated with the use of these technologies?
a. Lack of connectivity
b. Physical damage to devices
c. Unauthorized access and data interception
d. Incompatibility with devices
c. Unauthorized access and data interception
In an organization’s security operations center (SOC), analysts continuously identify anomalies, scrutinize network traffic patterns, and generate regular summaries of security incidents to inform senior management. Which practice is central to effectively maintaining this constant awareness of the security status and promptly communicating the essential details to the relevant stakeholders?
a. Reporting and monitoring
b. Incident response planning
c. Threat intelligence gathering
d. Log analysis and review
a. Reporting and monitoring