Podcast
Questions and Answers
What issue is the company facing with the badge readers for building access?
What issue is the company facing with the badge readers for building access?
- Identity fraud
- Phishing
- Shoulder surfing
- Tailgating (correct)
Why is the DLP appliance considered a weak design element in the organization's network setup?
Why is the DLP appliance considered a weak design element in the organization's network setup?
- Adding two hops in the VPN tunnel may slow down remote connections.
- Split-tunnel connections can negatively impact the DLP appliance's performance.
- The DLP appliance should be integrated into a NGFW.
- Encrypted VPN traffic will not be inspected when entering or leaving the network. (correct)
What type of attack involves someone following an authorized person to gain entry into secure areas?
What type of attack involves someone following an authorized person to gain entry into secure areas?
- Identity fraud
- Shoulder surfing
- Phishing
- Tailgating (correct)
What is the potential problem with split-tunnel connections in the organization's network setup?
What is the potential problem with split-tunnel connections in the organization's network setup?
What action might slow down remote connections in the organization's network?
What action might slow down remote connections in the organization's network?
What threat vector could be exploited if encrypted VPN traffic is not inspected?
What threat vector could be exploited if encrypted VPN traffic is not inspected?
What cloud model would best suit an organization that wants to move only its email solution to the cloud?
What cloud model would best suit an organization that wants to move only its email solution to the cloud?
Which type of attack occurred when a user input credentials into a pop-up window on a trusted website?
Which type of attack occurred when a user input credentials into a pop-up window on a trusted website?
What tool with multiple components would be most suitable for tracking, analyzing, and monitoring devices without relying solely on definitions?
What tool with multiple components would be most suitable for tracking, analyzing, and monitoring devices without relying solely on definitions?
Which cloud model would be suitable if an organization wants to maintain control over the software it develops and deploys in the cloud?
Which cloud model would be suitable if an organization wants to maintain control over the software it develops and deploys in the cloud?
Which attack involves falsely creating digital certificates?
Which attack involves falsely creating digital certificates?
What would be the appropriate solution for an organization wanting to prevent unauthorized access to its network based on behavior monitoring?
What would be the appropriate solution for an organization wanting to prevent unauthorized access to its network based on behavior monitoring?
What action is the Chief Privacy Officer (CPO) adamant about in the context of PII in the development environment?
What action is the Chief Privacy Officer (CPO) adamant about in the context of PII in the development environment?
Why are the developers hesitant to remove real data from the development environment?
Why are the developers hesitant to remove real data from the development environment?
In the context of investigating a malware incident, what is the malware accessing?
In the context of investigating a malware incident, what is the malware accessing?
Where is the outbound Internet traffic logged in the scenario?
Where is the outbound Internet traffic logged in the scenario?
What would be the best command for the security analyst to use on the syslog server to search for recent traffic to the command-and-control website?
What would be the best command for the security analyst to use on the syslog server to search for recent traffic to the command-and-control website?
What is the primary concern of the security analyst when investigating the malware incident?
What is the primary concern of the security analyst when investigating the malware incident?
How did the attacker gain administrative access to the network in the scenario described?
How did the attacker gain administrative access to the network in the scenario described?
What method did the attacker most likely use to maintain control of the compromised computer systems?
What method did the attacker most likely use to maintain control of the compromised computer systems?
What type of policy change was implemented in the company's recent BYOD policy?
What type of policy change was implemented in the company's recent BYOD policy?
Which authentication method is NOT compliant with the new BYOD policy requirement?
Which authentication method is NOT compliant with the new BYOD policy requirement?
What type of attack was initiated through the social media site in the scenario?
What type of attack was initiated through the social media site in the scenario?
What was one of the outcomes of the security breach within the financial services firm?
What was one of the outcomes of the security breach within the financial services firm?
What is the most effective way to limit access to sensitive documents in a SaaS application by individuals in high-risk countries?
What is the most effective way to limit access to sensitive documents in a SaaS application by individuals in high-risk countries?
Based on a security analyst reviewing logs, which attack is most likely occurring?
Based on a security analyst reviewing logs, which attack is most likely occurring?
What method can a company use to prevent unauthorized access to web APIs abused by unknown parties?
What method can a company use to prevent unauthorized access to web APIs abused by unknown parties?
In the context of data security, what does the term 'data masking' refer to?
In the context of data security, what does the term 'data masking' refer to?
A company wants to ensure compliance with data protection regulations across different regions. What approach should they consider?
A company wants to ensure compliance with data protection regulations across different regions. What approach should they consider?
Flashcards are hidden until you start studying
