Podcast
Questions and Answers
Which of the following will increase cryptographic security?
Which of the following will increase cryptographic security?
- Hashing
- Algorithms that require less computing power
- High data entropy (correct)
- Longer key longevity
What BEST describes zero-day exploits?
What BEST describes zero-day exploits?
- When a zero-day exploit is discovered, the system cannot be protected by any means.
- Zero-day exploits have their own scoring category in CVSS.
- A zero-day exploit is initially undetectable, and no patch for it exists. (correct)
- Discovering zero-day exploits is always performed via bug bounty programs.
In order to restrict PHI documents, what should be performed FIRST?
In order to restrict PHI documents, what should be performed FIRST?
- Retention
- Governance
- Change management
- Classification (correct)
Which attack has taken place based on the provided server output?
Which attack has taken place based on the provided server output?
What type of attack is described when a user inside a company network receives a certificate mismatch warning when trying to access a website?
What type of attack is described when a user inside a company network receives a certificate mismatch warning when trying to access a website?
Which tool is effective in preventing a user from accessing unauthorized removable media?
Which tool is effective in preventing a user from accessing unauthorized removable media?
What solution would BEST meet the requirements of increased scalability and flexibility for back-end infrastructure mentioned by the Chief Security Officer?
What solution would BEST meet the requirements of increased scalability and flexibility for back-end infrastructure mentioned by the Chief Security Officer?
Which social engineering technique seeks to exploit a person's sense of urgency?
Which social engineering technique seeks to exploit a person's sense of urgency?
In the scenario described, which attack involves redirecting network traffic to an attacker-controlled system?
In the scenario described, which attack involves redirecting network traffic to an attacker-controlled system?
What is a cost-effective physical control to enforce a USB removable media restriction policy?
What is a cost-effective physical control to enforce a USB removable media restriction policy?
What security measure can be used to physically block data exchange via USB ports?
What security measure can be used to physically block data exchange via USB ports?
What security control can be implemented when a company suspects compromised accounts due to suspicious logins from unknown locations?
What security control can be implemented when a company suspects compromised accounts due to suspicious logins from unknown locations?
Which action is NOT a suitable method for protecting accounts of traveling employees while avoiding blocking legitimate login requests?
Which action is NOT a suitable method for protecting accounts of traveling employees while avoiding blocking legitimate login requests?
Which method is most effective for an organization looking to share threat intelligence with peer groups?
Which method is most effective for an organization looking to share threat intelligence with peer groups?
What is the BEST way to enforce a restriction policy on USB removable media?
What is the BEST way to enforce a restriction policy on USB removable media?
What is a common security measure taken to prevent unauthorized access through compromised accounts?
What is a common security measure taken to prevent unauthorized access through compromised accounts?
What provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?
What provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?
In a collaborative research project where universities need to share compute and storage resources, which cloud deployment strategy would BEST meet this need?
In a collaborative research project where universities need to share compute and storage resources, which cloud deployment strategy would BEST meet this need?
To prove that data has not been tampered with since it was collected, a forensic analyst will MOST likely use which method?
To prove that data has not been tampered with since it was collected, a forensic analyst will MOST likely use which method?
After a public website's credentials database was leaked, leading to compromised business accounts, what would BEST mitigate the issue?
After a public website's credentials database was leaked, leading to compromised business accounts, what would BEST mitigate the issue?
To fingerprint a web server, what tool would a security analyst MOST likely use?
To fingerprint a web server, what tool would a security analyst MOST likely use?
What could be used to prioritize mitigation steps for known vulnerabilities in an organization?
What could be used to prioritize mitigation steps for known vulnerabilities in an organization?
What type of account is MOST appropriate for a security analyst to share a file for further incident analysis?
What type of account is MOST appropriate for a security analyst to share a file for further incident analysis?
When a security analyst shares a file named host1.pcap for further incident analysis, what tool is the team member MOST likely to use to open this file?
When a security analyst shares a file named host1.pcap for further incident analysis, what tool is the team member MOST likely to use to open this file?
If an application developer accidentally uploads a company's code-signing certificate private key to a public web server, what should the company do FIRST?
If an application developer accidentally uploads a company's code-signing certificate private key to a public web server, what should the company do FIRST?
An organization compares system settings against secure configuration guidelines. What type of control has the organization implemented?
An organization compares system settings against secure configuration guidelines. What type of control has the organization implemented?
To reduce the risk of unsanctioned high-risk SaaS applications, what is the BEST security solution recommended by the Chief Information Security Officer?
To reduce the risk of unsanctioned high-risk SaaS applications, what is the BEST security solution recommended by the Chief Information Security Officer?
If an organization wants to block unsanctioned high-risk SaaS applications from user access, what could be an effective security measure?
If an organization wants to block unsanctioned high-risk SaaS applications from user access, what could be an effective security measure?
