Dump - 12

Questions and Answers

An organization implements Network Access Control (NAC) ay Institute of Electrical and Electronics Engineers (IEEE) 802.1x and discovers the printers do not support the IEEE 802.1x standard. Which of the following is the BEST resolution?

Answer hidden

What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?

Answer hidden

Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an organization?

Answer hidden

In software development, which of the following entities normally signs the code to protect the code integrity?

Answer hidden

Which security evaluation model assesses a product's Security Assurance Level (SAL) in comparison to similar solutions?

Answer hidden

Which of the following is a risk matrix?

Answer hidden

Which evidence collecting technique would be utilized when it is believed an attacker is employing a rootkit and a quick analysis is needed?

Answer hidden

A user is allowed to access the file labeled "Financial Forecast," but only between 9:00 a.m. and 5:00 p.m., Monday through Friday. Which type of access mechanism should be used to accomplish this?

Answer hidden

An organization wants to share data securely with their partners via the Internet. Which standard port is typically used to meet this requirement?

Answer hidden

Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?

Answer hidden

Recently, an unknown event has disrupted a single Layer-2 network that spans between two geographically diverse data centers. The network engineers have asked for assistance in identifying the root cause of the event. Which of the following is the MOST likely cause?

Answer hidden

What would be the BEST action to take in a situation where collected evidence was left unattended overnight in an unlocked vehicle?

Answer hidden

Which of the following contributes MOST to the effectiveness of a security officer?

Answer hidden

An Org wants a service provider to authenticate users via the users' ORg domain credentials. Which markup language should the organization's security personnel use to support the integration?

Answer hidden

A recent security audit is reporting several unsuccessful login attempts being repeated at specific times during the day on an Internet facing authentication server. No alerts have been generated by the security information and event management (SIEM) system. What PRIMARY action should be taken to improve SIEM performance?

Answer hidden

What is a security concern when considering implementing software-defined networking (SDN)?

Answer hidden

Which of the following is the MOST important rule for digital investigations?

Answer hidden

A cybersecurity engineer has been tasked to research and implement an ultra-secure communications channel to protect the organization's most valuable intellectual property (IP). The primary directive in this initiative is to ensure there Is no possible way the communications can be intercepted without detection. Which of the following is the only way to ensure this outcome?

Answer hidden

An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?

Answer hidden

A company wants to store data related to users on an offsite server. What method can be deployed to protect the privacy of user's information while maintaining the field-level configuration of the database?

Answer hidden

What is the FIRST step in developing a patch management plan?

Answer hidden

When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should these considerations be prioritized?

Answer hidden

An organization is implementing security review as part of system development. Which of the following is the BEST technique to follow?

Answer hidden

How does Radio-Frequency Identification (RFID) assist with asset management?

Answer hidden

Which of the following services can be deployed via a cloud service or on-premises to integrate with Identity as a Service (IDaaS) as the authoritative source of user identities?

Answer hidden

Which of the following security tools monitors devices and records the information in a central database for further analysis?

Answer hidden

Secure coding can be developed by applying which one of the following?

Answer hidden

A company is moving from the V model to Agile development. How can the information security department BEST ensure that secure design principles are implemented in the new methodology?

Answer hidden

An organization wants to define its physical perimeter. What primary device should be used to accomplish this objective if the organization's perimeter MUST cost-efficiently deter casual trespassers?

Answer hidden

The acquisition of personal data being obtained by a lawful and fair means is an example of what principle?

Answer hidden

What is the BEST control to be implemented at a login page in a web application to mitigate the ability to enumerate users?

Answer hidden

If the wide area network (WAN) is supporting converged applications like Voice over Internet Protocol (VoIP), which of the following becomes even MORE essential to the assurance of network?

Answer hidden

A cloud service accepts Security Assertion Markup Language (SAML) assertions from users to on and security However, an attacker was able to spoof a registered account on the network and query the SAML provider. What is the MOST common attack leverage against this flaw?

Answer hidden

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution?

Answer hidden

In which of the following system life cycle processes should security requirements be developed?

Answer hidden

Which of the following virtual network configuration options is BEST to protect virtual machines (VM)?

Answer hidden

Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?

Answer hidden

A Distributed Denial of Service (DDoS) attack was carried out using malware called Mirai to create a large-scale command and control system to launch a botnet. Which of the following devices were the PRIMARY sources used to generate the attack traffic?

Answer hidden

An established information technology (IT) consulting firm is considering acquiring a successful local startup. To gain a comprehensive understanding of the startup's security posture, which type of assessment provides the BEST information?

Answer hidden

As a design principle, which one of the following actors is responsible for identifying and approving data security requirements in a cloud ecosystem?

Answer hidden

A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?

Answer hidden

In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware?

Answer hidden

What is considered a compensating control for not having electrical surge protectors installed?

Answer hidden

What is considered the BEST when determining whether to provide remote network access to a third-party security service?

Answer hidden

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

Answer hidden

What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?

Answer hidden

A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user's laptop. Which security mechanism addresses this requirement?

Answer hidden

The security organization is looking for a solution that could help them determine with a strong level of confidence that attackers have breached their network. Which solution is MOST effective at discovering a successful network breach?

Answer hidden

A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all of the application infrastructure located within one co-location data center. Which security principle is the architect currently assessing?

Answer hidden

Which of the following outsourcing agreement provisions has the HIGHEST priority from a security operations perspective?

Answer hidden

When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner's first consideration?

Answer hidden

A security professional was tasked with rebuilding a company's wireless infrastructure. Which of the following are the MOST important factors to consider while making a decision on which wireless spectrum to deploy?

Answer hidden

A subscription service which provides power, climate control, raised flooring, and telephone wiring but NOT the computer and peripheral equipment is BEST described as a:

Answer hidden

Which of the following is the PRIMARY goal of logical access controls?

Answer hidden

The ability to send malicious code, generally in the form of a client side script, to a different end user is categorized as which type of vulnerability?

Answer hidden

The security architect has been mandated to assess the security of various brands of mobile devices. At what phase of the product lifecycle would this be MOST likely to occur?

Answer hidden

A hacker can use a lockout capability to start which of the following attacks?

Answer hidden

An Internet media company produces and broadcasts highly popular television shows. The company

is suffering a huge revenue loss due to piracy. What technique should be used to track the

distribution of content?

Answer hidden

Using the cipher text and resultant clear text message to derive the non-alphabetic cipher key is an example of which method of cryptanalytic attack?

Answer hidden

All hosts on the network are sending logs via syslog-ng to the log collector. The log collector is behind its own firewall, The security professional wants to make sure not to put extra load on the firewall due to the amount of traffic that is passing through it. Which of the following types of filtering would

MOST likely be used?

Answer hidden

An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution?

Answer hidden

A security practitioner has been asked to model best practices for disaster recovery (DR) and business continuity. The practitioner has decided that a formal committee is needed to establish a business continuity policy. Which of the following BEST describes this stage of business continuity development?

Answer hidden

What is the MOST appropriate hierarchy of documents when implementing a security program?

Answer hidden

Which of the following is the MOST common cause of system or security failures?

Answer hidden

Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?

Answer hidden

Information security practitioners are in the midst of implementing a new firewall. Which of the following failure methods would BEST prioritize security in the event of failure?

Answer hidden

Which of the following is a PRIMARY security weakness in the design of Domain Name System (DNS)?

Answer hidden

Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?

Answer hidden

A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization's information security manager has received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?

Answer hidden

Which of the following protects personally identifiable information (PII) used by financial services organizations?

Answer hidden

Which of the following is a common term for log reviews, synthetic transactions, and code reviews?

Answer hidden

At what stage of the Software Development Life Cycle (SDLC) does software vulnerability remediation MOST likely cost the least to implement?

Answer hidden

Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this IAM action?

Answer hidden

Using Address Space Layout Randomization (ASLR) reduces the potential for which of the following attacks?

Answer hidden

Which of the following ensures old log data is not overwritten?

Answer hidden

What is the benefit of using Network Admission Control (NAC)?

Answer hidden

The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?

Answer hidden

Which of the following is the BEST approach to implement multiple servers on a virtual system?

Answer hidden

Which of the following is the MOST important consideration in selecting a security testing method based on different Radio-Frequency Identification (RFID) vulnerability types?

Answer hidden

A financial services organization has employed a security consultant to review processes used by employees across various teams. The consultant interviewed a member of the application development practice and found gaps in their threat model. Which of the following correctly represents a trigger for when a threat model should be revised?

Answer hidden

When testing password strength, which of the following is the BEST method for brute forcing passwords?

Answer hidden

What is a use for mandatory access control (MAC)?

Answer hidden

Which of the following MUST be done before a digital forensics investigator may acquire digital evidence?

Answer hidden

A security engineer is required to integrate security into a software project that is implemented by small groups test quickly, continuously, and independently develop, test, and deploy code to the cloud. The engineer will MOST likely integrate with which software development process?

Answer hidden

An authentication system that uses challenge and response was recently implemented on an organization's network, because the organization conducted an annual penetration test showing that testers were able to move laterally using authenticated credentials. Which attack method was MOST likely used to achieve this?

Answer hidden

Which of the following is an example of a vulnerability of full-disk encryption (FDE)?

Answer hidden

What is the PRIMARY purpose of creating and reporting metrics for a security awareness, training, and education program?

Answer hidden

Which one of the following BEST protects vendor accounts that are used for emergency maintenance?

Answer hidden

Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?

Answer hidden

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery. Which of the following is the MOST challenging aspect of this investigation?

Answer hidden

To minimize the vulnerabilities of a web-based application, which of the following FIRST actions will lock down the system and minimize the risk of an attack?

Answer hidden

A hospital has allowed virtual private networking (VPN) access to remote database developers. Upon auditing the internal firewall configuration, the network administrator discovered that split-tunneling was enabled. What is the concern with this configuration?

Answer hidden

A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Which type of report BEST meets this requirement?

Answer hidden

What action should be taken by a business line that is unwilling to accept the residual risk in a system after implementing compensating controls?

Answer hidden

Which of the following BEST represents a defense in depth concept?

Answer hidden

Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?

Answer hidden

A client server infrastructure that provides user-to-server authentication describes which one of the following?

Answer hidden

An organization has developed a way for customers to share information from their wearable devices with each other. Unfortunately, the users were not informed as to what information collected would be shared. What technical controls should be put in place to remedy the privacy issue while still trying to accomplish the organization's business goals?

Answer hidden

In which process MUST security be considered during the acquisition of new software?

Answer hidden

An organization contracts with a consultant to perform a System Organization Control (SOC) 2 audit on their internal security controls. An auditor documents a finding related to an Application Programming Interface (API) performing an action that is not aligned with the scope or objective of the system. Which trust service principle would be MOST applicable in this situation?

Answer hidden

Study Notes

Network Access Control (NAC)

• An organization implemented Network Access Control (NAC) at IEEE 802.1x, but printers don't support the standard.
• The BEST solution is to configure the NAC to accept unauthenticated devices on a separate VLAN, allowing for controlled access.

Risk Management

• Risk management balances the costs of security measures with the gains in mission capability.

Software Assurance

• Software assurance helps prevent increases in risks by ensuring software is secure, reliable, and trustworthy.

Code Signing

• Software developers typically sign their code to protect code integrity.

Security Evaluation Model

• The Common Criteria security evaluation model assesses a product's Security Assurance Level (SAL) in comparison to similar solutions.

Risk Matrix

• A risk matrix is a table used to assess the likelihood and impact of risks.

Evidence Collection

• Memory analysis is used to collect evidence when an attacker is suspected of using a rootkit, as it provides a fast analysis.

Access Control

• Time-based access control should be implemented to allow access to a file labeled "Financial Forecast" only between 9:00 a.m. and 5:00 p.m., Monday through Friday.

Secure Data Sharing

• Secure data sharing with partners via the internet typically uses the HTTPS protocol, connecting to port 443.

Operating System Security

• The kernel is the part of an operating system responsible for providing security interfaces between the hardware, OS, and other components.

Network Disruption

• A Layer-2 network spanning two geographically diverse data centers experiencing disruption is most likely caused by a hardware failure in a switch or router.

Evidence Handling

• Collected evidence should be secured in a locked container, refrigerated if necessary, and documented with a chain of custody.

Security Officer Effectiveness

• A security officer's effectiveness is highly dependent on their ability to communicate effectively with management and staff.

Single Sign-On (SSO)

• For an organization to enable SSO with their partners using the organization's domain credentials, security personnel should use Security Assertion Markup Language (SAML).

SIEM Performance Improvement

• The PRIMARY action to improve SIEM performance when faced with repeated unsuccessful login attempts is to configure appropriate alerts and correlation rules.

Software-Defined Networking (SDN)

• A security concern with SDN is the potential for misconfigurations and centralized attack points.

Digital Investigations

• The MOST important rule in digital investigations is to preserve evidence.

Secure Communications Channel

• To establish an ultra-secure communications channel where interception is impossible without detection, end-to-end encryption is essential.

IM Security

• The MOST significant challenge to securing IM traffic within a network perimeter is managing the vast number and variety of IM applications used by employees.

Data Privacy

• To protect user data privacy while storing it on an offsite server, use tokenization to replace sensitive information with unique identifiers.

Patch Management

• The FIRST step in developing a patch management plan is to identify all systems and applications requiring patches.

Ethical Conflicts

• When resolving ethical conflicts, information security professionals must prioritize, in order:
  • Laws and regulations
  • Professional ethics
  • Employer's policies
  • Personal ethics

Security Reviews

• The BEST technique for security reviews during system development is a combination of peer reviews, code analysis, and security testing.

RFID Asset Management

• RFID assists asset management by providing real-time tracking and location information for assets tagged with RFID chips.

IDaaS Integration

• Cloud services and on-premises solutions can integrate with IDaaS as the authoritative source of user identities using protocols like SAML and OAuth.

Security Monitoring

• Security Information and Event Management (SIEM) tools are used to monitor devices and record information in a central database for analysis.

Secure Coding

• Secure coding can be developed by adhering to security best practices, using secure development tools, and conducting code reviews.

Agile Development Secure Design

• To ensure secure design principles are implemented in Agile development, information security can create secure coding guidelines, integrate security training into sprints, and conduct penetration testing in each iteration.

Physical Perimeter

• A fence with access control is the primary device for defining a cost-efficient physical perimeter to deter casual trespassers.

Data Acquisition

• Obtaining personal data through lawful and fair means aligns with the principle of data minimization.

Login Page Security

• To mitigate user enumeration on a web application login page, implement CAPTCHAs or rate limiting.

Network Assurance

• For a converged WAN supporting applications like VoIP, network quality of service (QoS) becomes even more crucial for assurance.

SAML Spoofing

• Attackers can leverage SAML spoofing to gain unauthorized access by impersonating a registered account and querying the SAML provider.

IDaaS benefits

• IDaaS is chosen for its ability to simplify user authentication, reduce administrative overhead, and improve security compared to traditional on-premises solutions.

Security Requirements Development

• Security requirements should be developed during the requirements gathering phase of the system life cycle.

VM Security

• The BEST option for securing virtual machines in a virtual network configuration is to utilize isolated virtual networks with dedicated security controls.

Secure Coding Validation

• Dynamic application security testing (DAST) is the MOST effective method to validate secure coding techniques against vulnerabilities like injection and overflow attacks.

DDoS Botnet

• Mirai malware, used to create a large-scale botnet for DDoS attacks, primarily targeted IoT devices as the source of attack traffic.

Security Assessment

• To gain a comprehensive understanding of a startup's security posture, a penetration test provides the BEST information.

Cloud Data Security Requirements

• The data owner is responsible for identifying and approving data security requirements in a cloud ecosystem.

Data Sanitization

• For secure removal of data from decommissioned hard drives, low-level formatting offers the MOST secure method while maximizing resale value.

SCADA System Security

• Firewalling and network segmentation are controls used to reduce device exposure to malware in SCADA systems.

Compensating Control

• A UPS (Uninterruptible Power Supply) can compensate for not having electrical surge protectors installed.

Third-Party Network Access

• The BEST method for determining remote network access to a third-party security service is to conduct a thorough risk assessment, considering the service's security posture, and evaluating the potential impact of a breach.

Outsourced Network Management

• To protect critical data assets when outsourcing network management, use a combination of security monitoring, regular audits, and strong contractual agreements with the third party.

ICMP Attacks

• The FIRST step in reducing network exposure to ICMP-based attacks is to block unnecessary ICMP traffic at the firewall level.

Secure Digital Signature

• Code signing is the security mechanism that addresses the requirement for an application to check for a secure digital signature before access.

Network Breach Detection

• A honeypot is the MOST effective solution for discovering a successful network breach, as it lures attackers into a controlled environment for detection.

Recovery Point Objective (RPO)

• When reviewing an application with a short RPO, an architect assesses Availability, as a single data center location increases risk.

Outsourcing Agreement Provisions

• Security operations personnel prioritize the security audit and information disclosure clauses in outsourcing agreements.

Cyber-Physical System (CPS) Security

• Security practitioners should prioritize the protection of sensitive data and control functionality when designing a CPS.

Wireless Spectrum Selection

• When rebuilding wireless infrastructure, the MOST important factors to consider in selecting a wireless spectrum are:
  • Regulatory compliance
  • Potential interference
  • Coverage requirements

Subscription Service

• A subscription service that provides power, climate control, raised flooring, and telephone wiring but not computer equipment is best described as a collocation service.

Logical Access Control Goal

• The PRIMARY goal of logical access control is to ensure only authorized users can access information and resources.

Client-Side Script Vulnerability

• Sending malicious code in the form of a client-side script is categorized as a Cross-Site Scripting (XSS) vulnerability.

Mobile Device Security Assessment

• The MOST likely phase of the product lifecycle to assess the security of various mobile devices is the design and development phase.

Lockout Attack

• A hacker can use a lockout capability to start a brute force password attack.

Content Tracking

• Watermarking is used to track the distribution of content, embedding a code into the content that can be tracked.

Cryptanalytic Attack

• Using ciphertext and clear text to derive the cipher key is an example of a known plaintext attack.

Firewall Filtering

• To avoid overloading the firewall with syslog traffic, the MOST likely filtering used would be based on source IP address and port.

Data Redundancy Issue

• To address redundant and unusable data filling up a SAN, a deduplication solution is the BEST technical solution.

Business Continuity Development

• Formation of a committee to establish a business continuity policy is the BEST description of the policy development stage in business continuity.

Security Program Hierarchy

• The MOST appropriate hierarchy of documents when implementing a security program is:
  • Security policy
  • Security standards
  • Security guidelines
  • Security procedures

System Failure Cause

• Human error is the MOST common cause of system or security failures.

Attribute-Based Access Control (ABAC)

• ABAC is an access control method where users issue access requests based on system resources, features assigned to those resources, operational context, and policies specified in terms of those features and context.

Firewall Failure Prioritization

• Fail-open is the BEST failure method to prioritize security in the event of a firewall failure.

DNS Weakness

• The PRIMARY security weakness in DNS design is the lack of inherent authentication.

Reference Monitor

• The role of the reference monitor in access control is to enforce the security model by mediating all access requests based on predefined policies.

CUI Transfer

• The role that provides authoritative guidance for transferring Controlled Unclassified Information (CUI) between systems of differing security classifications is the Data Owner.

PII Protection

• The Gramm-Leach-Bliley Act protects Personally Identifiable Information (PII) used by financial services organizations.

Security Reviews

• Log reviews, synthetic transactions, and code reviews are collectively known as security assessments.

Software Vulnerability Remediation Cost

• The LEAST expensive stage to remediate software vulnerabilities is the design and development stage.

Extended Identity IAM Flow

• Under the Extended Identity principle, the IAM action flow between partner businesses is as follows:
  • A partner business requests access to a resource from the partner.
  • The requesting business's IAM system sends an authentication request to the resource provider's IAM system.
  • The resource provider's IAM system authenticates the user.
  • The authenticated user is granted access to the resource.

ASLR Attack Mitigation

• Address Space Layout Randomization (ASLR) reduces the potential for buffer overflow attacks, which exploit vulnerabilities in fixed memory locations.

Log Data Overwriting

• Log rotation ensures old log data is not overwritten by managing the storage and retention of log files.

NAC Benefits

• NAC provides benefits such as:
  • Controlling access to the network based on device posture
  • Enforcing security policies on devices connecting to the network
  • Reducing the risk of malware entering the network
  • Improving network security posture overall

GDPR Security Requirements

• GDPR requires organizations to assess risks and implement appropriate technical and organizational measures for data protection, considering factors like:
  • Confidentiality: Protecting data from unauthorized access.
  • Integrity: Ensuring data accuracy and completeness.
  • Availability: Making data accessible to authorized users when needed.
  • Accountability: Demonstrating compliance with data protection requirements.

Virtual System Server Implementation

• The BEST approach to implement multiple servers on a virtual system is to use virtual machines on separate virtual networks.

RFID Security Testing

• The MOST important consideration in choosing a security testing method for different RFID vulnerability types is the specific vulnerability being targeted.

Threat Model Revision

• A threat model should be revised when:
  • New vulnerabilities are identified
  • Changes are made to the application or system
  • Existing controls are no longer effective
  • New threats emerge in the environment

Password Brute Forcing

• The BEST method for brute-forcing passwords during testing is using a dictionary attack, which tries common words and phrases to guess passwords.

MAC Use

• Mandatory Access Control (MAC) is typically used to protect highly sensitive information by enforcing strict access rules based on user classifications and data sensitivity levels.

Digital Evidence Acquisition

• Before acquiring digital evidence, a forensics investigator MUST:
  • Secure the crime scene
  • Document the chain of custody
  • Obtain a warrant or permission for access

Secure Software Development Integration

• A security engineer integrating security into a software project using Agile methods will MOST likely integrate with Continuous Integration/Continuous Delivery (CI/CD).

Lateral Movement Attack

• Credential stuffing attacks are MOST likely used to achieve lateral movement using authenticated credentials.

FDE Vulnerability

• A vulnerability of full-disk encryption (FDE) is that the encryption keys may be stored in a way that is vulnerable to compromise.

Security Awareness Metrics

• The PRIMARY purpose of security awareness metrics is to measure program effectiveness and identify areas for improvement.

Vendor Account Security

• The BEST way to protect vendor accounts used for emergency maintenance is to use multi-factor authentication.

OS Security Interface

• The kernel is the part of an operating system (OS) responsible for providing security interfaces between the hardware, OS, and other components.

SCADA Investigation Challenge

• In an ICS-focused malware investigation involving SCADA systems, the MOST challenging aspect is the potential for irreversible damage to physical assets, making recovery a priority.

Web Application Security

• The FIRST action to lock down a web application and minimize risk is to apply security hardening by disabling unnecessary services and features.

Split Tunneling Concern

• The concern with split tunneling in VPN configurations is that data not destined for the intended network is sent unencrypted through the public network, increasing the risk of data breaches.

SOC Report

• A SOC 2 Type II report BEST meets the need for an abbreviated report that can be freely distributed by a cloud hosting provider, as it describes controls operating over a period of time.

Residual Risk Mitigation

• If a business line is unwilling to accept residual risk after compensating controls are implemented:
  • Accept the risks and document the rationale.
  • Implement additional control measures to reduce the risk further.
  • Re-evaluate the project or business requirements that pose the risk.

Defense in Depth

• Using a combination of security controls like firewalls, intrusion detection systems, and data loss prevention mechanisms is an example of the defense in depth concept.

Firewall Types

• A stateful packet inspection firewall tracks the state of connections and allows or denies traffic based on the connection context, while a stateless packet filter firewall makes decisions based solely on individual packet characteristics.

Client-Server Authentication

• A client-server authentication infrastructure where users authenticate to the server describes an authentication protocol like Kerberos.

Privacy Control

• To address data privacy concerns when sharing information from wearable devices, implement:
  • Data minimization: Only share necessary information.
  • User consent: Inform users about data collection and sharing.
  • Data encryption: Encrypt data in transit and at rest.

Software Security Considerations

• Security must be considered during the requirements gathering stage of the software acquisition process.

Trust Service Principle

• The trust service principle MOST applicable to an API performing an action outside its scope is Due Diligence.