General
What security concept is used when security guards, access control vestibules & bollards are installed?
Physical security
What type of threat actor defaces the website of a major corporation with political messages?
Hacktivist
Which feature should a backup solution support to ensure data integrity & confidentiality?
Encryption
What is the step of the incident response process that a tabletop exercise would be performed?
Preparation
What is the primary advantage of conducting recurring risk assessments?
Enables ongoing monitoring of changes in risk landscape
An IDS to monitor network traffic & alert the security team is an example of what type of security control?
Technical, Detective
Which type of threat vector is being exploited by finding a USB in the parking lot and plugging it in?
Removable device
What type of disaster recovery site provides basic infrastructure but doesn't have active systems?
Cold site
What security measure should be implemented during the disposal/decommissioning process to ensure that sensitive data is properly handled?
Sanitization of data
What policy establishes guidelines for employee conduct regarding information assets?
AUP Acceptable Use Policy
Which security concept ensures that only authenticated & authorized individuals individuals can access resources?
Authentication
What type of vulnerability allows attackers to inject SQL commands through the input fields?
SQL injection
Which security measure should be implemented to ensure secure communications & reduce unauthorized access to virtual environments?
Logical segmentation
What security technique should a company use to enforce security policies& protect data on employee owned devices?
MDM
What assesses a vendor's capabilities, reputation & compliance with industry standards to ensure suitability & minimize potential risk?
Due diligence
What aspect of the change management process will identify that new software version is compatible with older applications?
Impact analysis
What type of malware activates under certain conditions to execute unauthorized commands?
Logic bomb
Which type of firewall should be implemented to provide protection against SQL injection & XSS attacks?
WAF
What role do SNMP traps play in security alerting & monitoring?
Real-time alerting
What is the purpose of conducting internal compliance audits?
To identify & address any gaps in compliance
Which cryptographic method will ensure data integrity, authentication & non-repudiation of a message?
Digital signature
What technique would prevent unauthorized software from running on a network by only allowing approved applications to execute?
Access control list (ACL)
Which data protection concept complies with international regulations that mandate date stored in certain geographical boundaries?
Data Sovereignty
Which technology should the IT department deploy to mitigate web-based attacks targeting employee workstations?
DNS filtering
Which type of penetration testing simulates real-world attack scenarios to identify vulnerabilities in a company's systems?
Offensive penetration testing