Podcast
Questions and Answers
A company implements mandatory vacations for all employees, where another employee temporarily covers their responsibilities. Which security control type does this BEST represent?
A company implements mandatory vacations for all employees, where another employee temporarily covers their responsibilities. Which security control type does this BEST represent?
- Detective (correct)
- Preventive
- Corrective
- Directive
Which of the following is the PRIMARY goal of 'availability' within the CIA triad?
Which of the following is the PRIMARY goal of 'availability' within the CIA triad?
- Ensuring data is accessible to authorized users when needed. (correct)
- Providing proof of actions to prevent denial.
- Maintaining the correctness and completeness of data.
- Preventing unauthorized access to sensitive information.
Implementing load balancers for web servers primarily addresses which aspect of the CIA triad?
Implementing load balancers for web servers primarily addresses which aspect of the CIA triad?
- Non-Repudiation
- Availability (correct)
- Integrity
- Confidentiality
An organization uses digital signatures to ensure that employees cannot deny having signed off on critical policy documents. Which security principle is being enforced?
An organization uses digital signatures to ensure that employees cannot deny having signed off on critical policy documents. Which security principle is being enforced?
A highly secure facility requires three different forms of authentication: a fingerprint scan, a smart card, and a PIN. What authentication factors are being employed?
A highly secure facility requires three different forms of authentication: a fingerprint scan, a smart card, and a PIN. What authentication factors are being employed?
Which type of security control is primarily implemented and executed by people to ensure day-to-day compliance with security policies?
Which type of security control is primarily implemented and executed by people to ensure day-to-day compliance with security policies?
A company implements security cameras and perimeter fences around its data center. Which category of security controls do these measures represent?
A company implements security cameras and perimeter fences around its data center. Which category of security controls do these measures represent?
Which of the following best describes a 'deterrent' security control?
Which of the following best describes a 'deterrent' security control?
An organization's security policy mandates routine vulnerability assessments. Under which category of security controls does this fall?
An organization's security policy mandates routine vulnerability assessments. Under which category of security controls does this fall?
In a scenario where an organization implements both biometric authentication for server access and conducts regular security awareness training for all employees, what primary security principle is being applied?
In a scenario where an organization implements both biometric authentication for server access and conducts regular security awareness training for all employees, what primary security principle is being applied?
Which access control model relies on predefined roles and job functions to assign permissions?
Which access control model relies on predefined roles and job functions to assign permissions?
In a Zero Trust security model, what principle is most important in securing access to resources?
In a Zero Trust security model, what principle is most important in securing access to resources?
What is the primary goal of conducting a Gap Analysis in security?
What is the primary goal of conducting a Gap Analysis in security?
Which of the following is NOT typically a component of a zero-trust security plan?
Which of the following is NOT typically a component of a zero-trust security plan?
In the context of Public Key Infrastructure (PKI), what role does the Certificate Authority (CA) play?
In the context of Public Key Infrastructure (PKI), what role does the Certificate Authority (CA) play?
An organization implements a network of honeypots that simulate a complete system environment. What is the MOST likely strategic goal behind using this type of deception technology?
An organization implements a network of honeypots that simulate a complete system environment. What is the MOST likely strategic goal behind using this type of deception technology?
Which protocol is specifically designed to provide real-time validation of digital certificates?
Which protocol is specifically designed to provide real-time validation of digital certificates?
What is the primary function of a Certificate Signing Request (CSR)?
What is the primary function of a Certificate Signing Request (CSR)?
Which type of digital certificate is used for basic website encryption?
Which type of digital certificate is used for basic website encryption?
What is the primary purpose of a Hardware Security Module (HSM)?
What is the primary purpose of a Hardware Security Module (HSM)?
In the context of data protection, what does tokenization primarily achieve?
In the context of data protection, what does tokenization primarily achieve?
How does salting enhance the security of hashing algorithms?
How does salting enhance the security of hashing algorithms?
Which cryptographic process relies on the sender's private key to create a digital signature?
Which cryptographic process relies on the sender's private key to create a digital signature?
Consider a scenario where an attacker exploits a vulnerability in an organization's email server to distribute phishing emails. Identify all of the components or methods that represent the 'attack surface' in this context. Select all that apply:
Consider a scenario where an attacker exploits a vulnerability in an organization's email server to distribute phishing emails. Identify all of the components or methods that represent the 'attack surface' in this context. Select all that apply:
Which of the following is NOT typically considered an attack surface in the context of communication systems?
Which of the following is NOT typically considered an attack surface in the context of communication systems?
Which of the following accurately describes the threat vector known as 'Smishing'?
Which of the following accurately describes the threat vector known as 'Smishing'?
In the context of image-based communication, which of the following represents a threat vector?
In the context of image-based communication, which of the following represents a threat vector?
Which communication method is most closely associated with 'vishing'?
Which communication method is most closely associated with 'vishing'?
Which of the following is a primary risk associated with the use of removable devices?
Which of the following is a primary risk associated with the use of removable devices?
What is a key characteristic of 'agent-less' software attack surfaces?
What is a key characteristic of 'agent-less' software attack surfaces?
What security vulnerability is most directly associated with open service ports?
What security vulnerability is most directly associated with open service ports?
What is the primary objective of Business Email Compromise (BEC) attacks?
What is the primary objective of Business Email Compromise (BEC) attacks?
Which threat vector is MOST directly related to manipulating individuals into divulging confidential information by impersonating authority figures?
Which threat vector is MOST directly related to manipulating individuals into divulging confidential information by impersonating authority figures?
Consider a scenario where an attacker compromises a website frequently visited by employees of a specific company and injects it with malware, which then infects the computers of these employees. Which type of attack does this BEST describe?
Consider a scenario where an attacker compromises a website frequently visited by employees of a specific company and injects it with malware, which then infects the computers of these employees. Which type of attack does this BEST describe?
Which of the following scenarios best exemplifies typosquatting?
Which of the following scenarios best exemplifies typosquatting?
Why is reducing the attack surface considered a crucial security measure?
Why is reducing the attack surface considered a crucial security measure?
In the context of system security, what is the primary role of 'threat vectors'?
In the context of system security, what is the primary role of 'threat vectors'?
Which of the following scenarios represents steganography as a threat vector?
Which of the following scenarios represents steganography as a threat vector?
A security analyst observes multiple failed login attempts followed by a successful login from an unfamiliar location. Further investigation reveals that the account's password was recently changed. Which of the following attack vectors is MOST likely?
A security analyst observes multiple failed login attempts followed by a successful login from an unfamiliar location. Further investigation reveals that the account's password was recently changed. Which of the following attack vectors is MOST likely?
An organization's security team detects a sudden and significant increase in outbound network traffic to a known command-and-control server, coupled with reports of several user accounts exhibiting unusual activity, such as accessing files they don't normally interact with. However, all systems are reporting normal CPU and memory usage, and endpoint detection tools show no signs of malware. Which of the following attack vectors is MOST likely?
An organization's security team detects a sudden and significant increase in outbound network traffic to a known command-and-control server, coupled with reports of several user accounts exhibiting unusual activity, such as accessing files they don't normally interact with. However, all systems are reporting normal CPU and memory usage, and endpoint detection tools show no signs of malware. Which of the following attack vectors is MOST likely?
Flashcards are hidden until you start studying
