Comptia Security+ Practice Exam 3

Questions and Answers

PDF Questions PDF Answers

Which option is used to detect an employee who is emailing a customer list to a personal account before leaving the company?

FIM

EDR

DLP (correct)

IDS

What is the most likely reason a download was blocked according to endpoint protection software in a case of false positive?

A misconfiguration in the endpoint protection software (correct)

Incorrect file permissions

A zero-day vulnerability in the file

A supply chain attack on the endpoint protection vendor

What should a systems administrator set up to split the traffic between two identical sites?

Failover

Parallel processing

Geographic disruption

Load balancing (correct)

Which effective change management procedure should be in place when a patch fails?

Having a backup plan when a patch fails

What concepts should be considered when calculating risk ratings after an assessment?

Impact and likelihood

Which option is the best way to secure an on-site data center against potential insider intrusion?

Access badge

Which fundamental security requirement is fulfilled by deploying a load balancer in a cloud environment?

Availability

What data management policy should an organization implement to maintain financial data for three years and customer data for five years?

Retention

Which security device is capable of identifying and blocking HTTP traffic over port 53?

NGFW utilizing application inspection

What is the best site type for a company located in a hurricane-prone area to ensure immediate operational continuity?

Hot

What does a false positive in a vulnerability scan indicate?

The vulnerability is not present despite being identified.

Which concept is critical for a company to include in security awareness training to protect intellectual property?

Insider threat detection

What type of analysis is conducted when reviewing the source code of an application for vulnerabilities?

Static

Which action is most likely to prevent future fraudulent wire transfers in an organization?

Updating processes for sending wire transfers

What is the best solution to mitigate the impact of an extended power outage on a company's operations?

UPS

What process describes calculating the time needed to resolve a hardware issue with a server?

Mean time to repair

What best describes the security engineer's decision to not perform further due diligence on a business application due to time constraints?

Risk acceptance

Which cryptographic technique would enable a financial institution to store and manipulate customer data in the cloud while keeping it encrypted?

Homomorphic

What command should the systems administrator use to change the permissions of the /etc/shadow file to meet the security baseline?

chmod

Which command would NOT be useful for changing file permissions on a Linux server?

grep

If a systems administrator identifies that the permissions of the /etc/shadow file exceed the security baseline, which command would directly address this violation?

chmod

What is the primary purpose of the /etc/shadow file in a Linux environment?

To store user passwords securely

Which command is suitable to review the existing contents of a file without making any changes?

grep

What is the primary security concern when using legacy systems for production service?

Lack of vendor support

Which algorithm is specifically performed to ensure data integrity by verifying that data has not been altered?

Hash

Receiving an unexpected invoice from a vendor not in the management database is an example of what type of scam?

Invoice scam

What best describes a penetration test that mimics an actual external attack on a system?

Unknown environment

What is the primary goal when implementing a hash algorithm in data security?

Verify integrity of data

What is the primary purpose of a tabletop exercise among various stakeholders?

To discuss roles in a security incident

Which technology is best suited for preventing unauthorized data disclosure under existing labeling and classification systems?

DLP

In the context of a security manager's controls, what category do MFA and patch management primarily fall under?

Preventative and Technical

What is the most effective recommendation to prevent SQL injection vulnerabilities on a website?

Utilize input sanitization

Which two MDM features are most effective in mitigating risks associated with lost mobile devices being misused?

Remote wipe

What describes the strategy of hosting part of an infrastructure with apparent vulnerabilities to detect unauthorized access?

Honeypot

What technology should a developer use to obfuscate source code and prevent reverse engineering?

Obfuscation toolkit

Which method is NOT recommended for protecting sensitive data as part of an information security strategy?

Weak passwords

What is the primary control mechanism to ensure that employees are assigned different roles to detect fraud effectively?

Job rotation

Which set of questions pertains specifically to evaluating potential risks and controls of an application?

Risk control self-assessment

Which two protocols are most appropriate for securely transferring files between servers via the command line?

SFTP

Which approach is best suited for ensuring that employees maintain separate logins and distinct password requirements for different SaaS applications?

Integrating each SaaS solution with the identity provider

What control mechanism helps manage the associated risks and compliance of applications through self-assessment routines?

Risk control self-assessment

Which technology should a company implement to protect its data without using a VPN while allowing remote work?

Secure web gateway

What method would effectively detect unauthorized data movement caused by malware?

Monitoring outbound traffic

To mitigate risks associated with shadow IT in a cloud-first organization, which solution should be deployed?

Deploying an appropriate in-line CASB solution

Which environment uses a subset of customer data to assess the impacts of major system upgrades?

Staging

What should a cybersecurity incident response team do first upon finding malware on corporate desktops?

Contain the impacted hosts

Which MFA method integrates seamlessly into user workflows and supports employee-owned devices?

Push notifications

Which option is least likely to help secure an organization's data against unauthorized access during remote work?

Allowing unrestricted access to all resources

Which approach is likely to improve visibility and control over the use of cloud applications in an organization?

Deploying a CASB solution

Which protocol should be implemented to ensure that the video stream from cloud-managed IP cameras is both encrypted and authenticated?

SRTP

What key factor should the security team evaluate to address the issue of mobile users not accessing the internet due to overlapping WAP frequencies?

Channel overlap

What is the most likely reason hourly employee credentials were compromised while salaried employee credentials remained safe?

Internal DNS servers were poisoned.

In securing the video footage from cloud-managed IP cameras, what does the term 'authenticated' imply in this context?

Only authorized users can view the footage.

Which installation consideration could improve user connectivity in light of overlapping WLAN access points?

Adjusting power settings of the WAPs

How can organizations mitigate the risk of credential theft when employees clock in and out remotely?

Limit access to the time-keeping website to internal IPs.

In the context of networked kiosks, what could be a consequence of hourly employees recording time after leaving the building?

Higher likelihood of credential theft.

What could be a potential impact on security when allowing employees to clock in and out using external websites?

Higher exposure to phishing attempts.

Which data role is tasked with identifying risks and determining appropriate access to data?

Owner

What type of backup solution allows for the recovery of the entire system including the operating system after a disaster?

Image

What should an organization establish first to standardize its operating system variations before deploying a system image?

Baseline configuration

What is the initial step in creating an anomaly detection process?

Building a baseline

To achieve the goal of outsourcing firmware and application patching in a cloud strategy, which model is best suited?

SaaS

Which document is the security analyst creating for the server team to ensure device hardening best practices?

Secure configuration guide

What technology should a company utilize to minimize the time and cost associated with code deployment?

Serverless architecture

What term describes the attack where an intruder moves laterally through a network using stolen credentials without cracking them?

Credential stuffing

What type of document details the order for bringing critical systems back online after an outage?

Disaster recovery plan

Which solution allows a company to keep sensitive data secure without providing equipment to an offshore team?

VDI

What practice would help prevent operational issues due to loss of knowledge when an employee managing batch jobs resigns?

Job rotation

Which backup strategy is most effective for recovering from a ransomware incident within predefined RPOs and RTOs?

Daily full backups stored on premises in magnetic offline media

What scenario most likely explains unsolicited phone calls made using company numbers to a partner organization?

The service provider has assigned multiple companies the same numbers.

What should a company do if an external vendor leaves behind sensitive data after a visit?

Notify the external vendor about the file.

How can a company enhance control over the use of cloud applications by employees?

Deploy a cloud access security broker (CASB).

What is an effective measure to prevent unauthorized access during remote work?

Employ multi-factor authentication (MFA).

What type of data does a file with architecture information and code snippets best represent?

Proprietary

Which solution would be most effective for reducing manual work in a security operations center?

SOAR

Which application type is accessible from anywhere without on-premises requirements?

SaaS

What is the main security risk when employees can access blocked sites through another device?

A rogue access point is allowing users to bypass controls.

What term describes unapproved software that introduces vulnerabilities to a corporate network?

Shadow IT

If several users' computers were infected after viewing shared files, what type of attack is most likely involved?

Remote access Trojan

What measure should a security team implement to protect documents from being left unattended in MFPs?

Deploy an authentication factor requiring in-person action before printing.

What type of attack does a significant number of failed log-in attempts from the same IP address indicate?

Spraying attack

What is the primary reason for a forensic specialist to prioritize the sequence of forensic analysis?

Order of volatility

Which log source is best for determining whether a user succeeded in accessing a site after clicking a phishing link?

Network logs

What type of control is represented by a DNS logging tool that logs suspicious websites and generates daily reports?

Detective

Which of the following solutions most comprehensively addresses issues with domain administrator credentials being regularly unchanged?

Reviewing the domain administrator group and enforcing password rotation

Which option would least effectively mitigate the risk posed by insufficient password management among IT staff?

Restricting password complexity requirements

What is the most suitable long-term approach to enhancing password security for domain administration?

Implementing multifactor authentication for accounts

Which risk management practice is most beneficial in keeping domain administrator credentials secure?

Enforcing role-based access control for sensitive accounts

Which method is best suited for network authentication while also ensuring unapproved devices are isolated?

802.1X

What is the most effective way to protect a server running unsupported software from network threats?

Air gap

In which scenario is tokenization most effectively applied?

Safely storing credit card information

What is the most likely explanation for a user being locked out of their account after clicking an email link?

Cross-site request forgery

Which tool can be used by a security director to prioritize vulnerability patching?

CVSS

Why is implementing SMS OTP considered riskier than TOTP?

The security of OTPs relies on cellular network security.

What is a common cause of unintentional corporate credential leakage in cloud environments?

Code repositories

Which of the following practices minimizes the risk associated with legacy applications running on production servers?

Network segmentation

What is the primary reason for implementing two-person integrity security control in a process?

To reduce the risk of unauthorized access or improper execution

Which tool is most effective for refining incident response procedures in a security operations center?

Playbooks

What best characterizes an executive team evaluating the effectiveness of their incident response plan?

Tabletop exercise

What recommendation would most likely be made to protect a login database from the consequences of a breach?

Hashing

Which insider threat vector is frequently used for data exfiltration?

Utilizing unidentified removable devices

What measure can a systems administrator take to enhance security for a system running an end-of-life operating system?

Moving the system to an isolated VLAN

Which type of alert is most likely to be overlooked over time by analysts?

False positive alerts

What should a security analyst examine after discovering deleted logs on a workstation suspected of malicious activity?

Intrusion Prevention System (IPS) logs

What plan is an IT manager creating to ensure operations continue during a global incident?

Business continuity

Which solution allows employees remote access without interception concerns?

VPN

What is the first step a security team should take to reduce the number of credentials employees maintain?

Select an IdP

Which method should a bank use to ensure customers' PII is not modified?

File integrity monitoring

Which logs should be analyzed to identify the impacted host after a cybersecurity incident involving a command-and-control server?

Firewall

What is the best method to identify legacy systems within an organization?

Vulnerability scan

In which phase of incident response is report generation likely to occur?

Lessons learned

What describes the action of automating a trivial task while ensuring team members understand the script?

To prevent a single point of failure

Which topic is most likely included within an organization's SDLC?

Information security policy

What should an administrator do after noticing an increase in support calls regarding spoofed websites?

Implement security awareness training

Which log would a security analyst check next after finding that logs on an endpoint were deleted?

Firewall

What is the primary purpose of running daily vulnerability scans on corporate endpoints?

To track the status of patching installations

Which mode should a security engineer use to effectively block signature-based attacks with an IPS?

Active

What type of tool is used to alert if specific files are attempted to be emailed outside of the organization?

DLP

What describes the understanding between a company and a client regarding service provision and timelines?

SLA

What is the process allowing a user to install unauthorized software on a smartphone?

Jailbreaking

Which access control is likely preventing a patch from being transferred to a critical system?

Least privilege

How was a rogue device most likely allowed to connect to a corporate network using 802.1X access control?

A user performed a MAC cloning attack with a personal device.

What should the CISO use to compare company security policies with external regulatory requirements?

External examination

Which example would be best mitigated by input sanitization?

alert('Warning!');

What is the most important evaluation for maintaining a data privacy program?

Role as controller and processor

During a penetration test, what type of test does an unauthorized entry attempt with an access badge represent?

Physical

What is the best solution for a security engineer to protect a newly hosted web service?

WAF

What should be configured to prevent a visitor from plugging a laptop into a network jack and accessing the company's network?

Port security

Study Notes

Data Loss Prevention

• Data Loss Prevention (DLP) is a technology used to prevent sensitive data from leaving an organization's network.

Endpoint Protection Software

• Endpoint protection software can block downloads based on various criteria, including file type, file signature, or known malicious content.

Load Balancing

• Load balancing distributes network traffic across multiple servers or systems for efficient resource utilization and performance.

Change Management

• Effective change management includes planning for potential failures and having backup plans in place.

Risk Rating

• Risk rating involves assessing the potential impact and likelihood of a risk, helping organizations prioritize mitigation efforts.

Physical Security

• Access badges are used to control and restrict physical access to secure areas, including data centers.

Disaster Recovery

• A hot site is a disaster recovery site that is fully operational and ready to assume the operations of the primary site with minimal downtime.

Vulnerability Scanning

• A false positive occurs when a vulnerability scan identifies a vulnerability that does not actually exist.

Security Awareness Training

• Insider threat detection is a crucial aspect of security awareness training, helping employees understand their role in preventing data breaches.

Static Code Analysis

• Static code analysis is a technique used to analyze code without executing it, identifying potential vulnerabilities and security issues.

Wire Transfer Security

• Updating processes for sending wire transfers can help prevent fraudulent activities, such as phishing attacks targeting accounting clerks.

Power Outages

• Uninterruptible Power Supply (UPS) systems provide temporary power backup during power outages, ensuring the continuous operation of critical systems.

Mean Time To Repair

• Mean Time to Repair (MTTR) measures the average time it takes to repair or resolve a system failure.

Risk Acceptance

• Risk acceptance involves acknowledging a specific risk and choosing to live with its potential consequences.

Homomorphic Encryption

• Homomorphic Encryption allows data to be processed and manipulated while still remaining encrypted due to its sensitivity, preventing unauthorized access.

Chmod Command

• The chmod command changes the permissions of a file or directory, allowing administrators to restrict access to sensitive files like /etc/shadow on Linux systems.

Linux Server Security Audit

• The /etc/shadow file contains encrypted passwords for user accounts on a Linux system.
• It's crucial to maintain strong security for this file because it holds sensitive information.
• The chmod command is used to change file permissions.
• The system administrator will use chmod to restrict the permissions on the /etc/shadow file to the appropriate baseline levels.

Tabletop Exercise

• A meeting where stakeholders discuss hypothetical roles and responsibilities during a security incident or disaster.

Data Loss Prevention

• Used to protect PII by using a company's existing labeling and classification system.

MFA and Patch Management

• Control Types:
  • Preventative: Prevents security incidents from occurring.
  • Technical: Uses technical security controls to achieve security objectives.

Input Sanitization

• Protects against SQL injection by sanitizing input data before processing, preventing malicious code from being injected into database queries.

MDM Features

• Devices can be configured to address security concerns such as lost or stolen phones.
  • Screen Locks: Prevents unauthorized access to data.
  • Remote Wipe: Allows for secure remote deletion of data from a device.

Honeypot

• A system designed to lure and capture attackers by appearing to be a legitimate company asset, allowing security teams to analyze attacker behavior.

Obfuscation Toolkit

• Used to protect source code by making it difficult to reverse engineer or debug, helping prevent unauthorized access to the code's logic.

Legacy Systems

• Lack of Vendor Support: Presents a major security concern as updates and security patches may not be available for obsolete systems, making them vulnerable to exploits.

Hash

• An algorithm executed to validate data integrity by generating a unique hash value, ensuring data hasn't been tampered with during transmission or storage.

Invoice Scam

• Involves receiving a fraudulent invoice requesting payment for services not provided by a legitimate vendor, posing a risk to an organization's finances.

Unknown Environment

• A penetration test conducted in an unknown environment, imitating real-world attack scenarios, where attackers have minimal information about the target.

Security Controls and Risk Management

• Job Rotation is a security control that can help to detect fraud by assigning employees to different roles. This prevents employees from becoming too familiar with one role and allows for greater oversight.
• Risk Control Self-Assessment is a process where a company evaluates its own risks and controls. This helps to identify any gaps in security and to prioritize remediation efforts.
• SSH (Secure Shell) and SFTP (Secure File Transfer Protocol) are both secure protocols that can be used to remotely and securely transfer files between servers.
• Identity provider integration can be used to resolve the security issue of employees having separate logins and password complexity requirements for different SaaS solutions. This creates centralized authentication and management for multiple SaaS applications.

Remote Work Security

• Secure Web Gateway is a security solution used to filter and protect web traffic, ensuring only authorized and safe access to websites and services.

Data Exfiltration

• Monitoring outbound traffic helps detect suspicious data transfers, potentially identifying malware or unauthorized data movement from a system.

Cloud-First Approach Security

• Cloud Access Security Broker (CASB) is a security solution designed to protect data and applications in cloud environments. CASBs monitor and control cloud traffic, enforcing security policies and reducing risks associated with shadow IT.

System Upgrades and Feature Demonstrations

• Staging environment is a testing environment used to prepare for production deployments. It's ideal for evaluating system upgrades, testing new features, and replicating the production environment without impacting live systems.

Cybersecurity Incident Response

• Containing impacted hosts is the first priority during a cybersecurity incident to prevent further spread of malware or compromise of other systems.

Multi-Factor Authentication (MFA) in the Workplace

• Push notifications offer a seamless and user-friendly MFA experience for employees. They are easy to integrate into workflows and can be used on employee-owned devices.

Network Security Protocols

• SRTP (Secure Real-time Transport Protocol) is used to encrypt and authenticate live video streams, ensuring secure communication between IP cameras and the service provider.

Wireless Network Security

• Channel Overlap occurs when different wireless access points (WAPs) use the same or overlapping frequencies, causing interference and reduced network performance.

Credential Compromise & Security Breaches

• DNS Poisoning occurs when malicious actors compromise internal DNS servers, redirecting legitimate websites to malicious domains that steal credentials.

Single Sign-On (SSO) and Security Tools

• SAML (Security Assertion Markup Language) allows companies to integrate security tools with their existing user directory, eliminating the need for separate user accounts.

Network Security Assessment Tools

• hping is a network tool that allows security analysts to generate custom packets for testing firewalls and other network devices.

Data Roles

• The data owner is responsible for identifying data risks and access control

Backup Solutions

• Image backups allow for complete system recovery, including OS, in case of disaster

System Standardization

• Baseline configurations help standardize operating system configurations before deployment

Anomaly Detection

• Building a baseline is the first step in creating an anomaly detection process

Cloud Adoption Strategy

• SaaS (Software as a Service) allows for outsourcing of patching for firmware, operating systems, and applications

Security Hardening

• A secure configuration guide provides instructions for hardening new devices

Code Deployment Efficiency

• Serverless architecture reduces the time and cost of code deployment

Lateral Movement Attack

• Pass-the-hash attacks enable attackers to use stolen credentials to move laterally through a network, without cracking them

Printing Center Attacks

• Dumpster diving involves searching through trash for sensitive information, including information related to printing center operations

Password Security

• Salting prevents attackers from using rainbow tables to decrypt passwords. Salting adds random data to a password before hashing it.

Disaster Recovery Plan

• A security team created a document detailing the order in which critical systems should be brought back online following a major outage.

Virtual Desktop Infrastructure (VDI)

• A company implemented VDI to secure data by keeping it on a company device but not requiring the off-shore team to have physical devices.

Job Rotation

• A company implemented job rotation to prevent a major disruption caused by a batch job failure after the resignation of an employee who managed the jobs.

Offline Data Backup

• A company implemented daily full backups stored on premises in magnetic offline media to ensure recovery from ransomware within agreed-upon RPOS and RTOS.

Service Provider Number Assignment

• A security analyst determined a company's phone numbers were being used for unsolicited phone calls by callers speaking a foreign language. The numbers were not being spoofed.

Proprietary Data

• An external vendor left a file containing detailed architecture information and code snippets on a server. This file was identified as proprietary data.

Security Operations Center and Automation

• A company implemented a Security Orchestration, Automation, and Response (SOAR) solution to enhance threat detection in their security operations center and reduce the workload of security analysts.

Software as a Service (SaaS)

• A company used SaaS to access an application that had no local requirements and was accessible from anywhere.

Rogue Access Point

• A company that used Wi-Fi with content filtering found a rogue access point allowing users to bypass content filtering controls.

Shadow IT

• The security team discovered that the deployment of unapproved software by employees introduced vulnerabilities to a corporate network. This is an example of shadow IT.

Remote Access Trojan

• Users were infected with malware after viewing shared files. No other activity was observed in log files. - This was most likely caused by a remote access Trojan.

Authentication Before Printing

• A company implemented a secure authentication process for their MFPs to mitigate risks of confidential documents being left unattended. This required in-person action before printing.

Password Spraying

• A security analyst identified an attack targeting user accounts through failed login attempts from a specific IP address. The attack was categorized as password spraying.

Volatile Data Preservation and Forensic Analysis

• Forensic specialists prioritize tasks to preserve data and analyze after an incident based on order of volatility.

Network Logs

• An analyst reviewed an incident where a user clicked a phishing link to determine if the connection was successful. Network logs are useful for this type of investigation.

Incident Response: Lessons Learned

• Conducting lessons learned is the final step in an incident response lifecycle.

Private Key and Self-Signed Certificate

• An unidentified key and certificate associated with a spoofed identity were identified as a private key and self-signed certificate.

Cybersecurity Framework (CSF)

• Two merging companies standardized their information security programs by following the same CSF (Cybersecurity Framework).

Network Authentication

• 802.1X is a network access control protocol that provides secure authentication for wired and wireless networks.
• 802.1X can be used to enforce device authentication using certificates.
• 802.1X can isolate unapproved devices in quarantine subnets and enforce device updates before accessing resources.

Application Server Protection

• Air gapping effectively isolates an application server by removing its network connectivity.
• **Air gapping **effectively protects against network threats by removing the possibility of exploitation.

Privacy Techniques

• Tokenization replaces sensitive data with unique tokens, reducing the risk of direct exposure.
• Tokenization is appropriate for storing credit card information securely.

Website Security

• Cross-site request forgery (CSRF) exploits a user's authenticated session to perform unauthorized actions.
• CSRF can result in password changes without the user's knowledge by sending malicious requests through trusted websites.

Vulnerability Prioritization

• Common Vulnerability Scoring System (CVSS) provides a standardized method for prioritizing and ranking vulnerabilities.
• CVSS scores assess the severity of vulnerabilities based on factors like impact and exploitability.

Authentication Methods

• SMS One-time Passwords (OTP) are more susceptible to interception than Time-based One-time Passwords (TOTP).
• TOTP relies on time-based cryptographic algorithms, offering increased security compared to SMS OTP.

Credential Leakage

• Code repositories often contain hardcoded credentials, making them a common source of unintentional leakage.
• Code repositories should be carefully scanned and monitored for sensitive data exposure.

Security Controls

• Detective controls identify and monitor security events for suspicious activity.
• DNS logging tools monitor website traffic and detect suspicious behaviors.

Domain Administrator Security

• Reviewing the domain administrator group and removing unnecessary administrators is a crucial step in securing administrator accounts
• Rotating passwords regularly for all domain administrators is essential to prevent unauthorized access.
• Integrating with an Identity Provider (IdP) and implementing Single Sign-On (SSO) with multi-factor authentication (MFA) strengthens security.

Two-Person Integrity Security Control

• A two-person integrity security control helps reduce the risk of incorrect procedures or unauthorized user actions.

Incident Response Procedures

• Security operations centers should utilize playbooks to improve their incident response procedures.

Tabletop Exercises

• Tabletop exercises are a way for executive teams to test the company's incident response plan.

Log-In Database Protection

• Hashing is a security measure that can help protect a login database from breaches.

Insider Threat Vectors

• Unidentified removable devices are the most common way insider threat actors exfiltrate data.

Legacy Operating Systems

• Placing a system running an end-of-life operating system in an isolated VLAN can increase enterprise security.

Alert Types

• False positive alerts are most likely to be ignored over time.

Log Analysis after Suspicious Activity

• If logs on an endpoint are deleted during an investigation, the analyst should look at the firewall logs.

Daily Vulnerability Scans

• Daily vulnerability scans allow organizations to track the status of patch installations.

IPS Modes

• Active mode is the best IPS mode for blocking signature-based attacks.

DLP

• Data Loss Prevention (DLP) tools can be used to identify and alert on specific files being emailed outside of the organization.

Service Level Agreements

• An SLA describes the understanding between a company and a client about the services provided and the timeframe for completion.

Jailbreaking

• Jailbreaking allows users to install unauthorized software and enable new features on smartphones.

Least Privilege

• Least privilege access control is most likely to inhibit the transfer of a patch if it fails.

Rogue Device Access

• A MAC cloning attack is the most likely reason a rogue device was able to connect to the network.

External Examination

• External examinations help CISOs understand how a company's security policies compare to external regulations.

Input Sanitization

• Input sanitization can mitigate the risk of injection attacks.

Data Privacy Program Considerations

• The most important consideration for a data privacy program is the organization's role as a data controller and processor.

Physical Penetration Test

• A penetration tester using an unauthorized access badge to enter an area represents a physical penetration test.

Web Application Firewall

• A WAF is the most likely solution to add to a security infrastructure for protecting a new web portal service.

Port Security

• Port security should be configured to prevent unauthorized devices from connecting to the network.

Confidentiality

• Confidentiality involves protecting sensitive information from unauthorized access, consistent with the need-to-know principle.

Cloud Security Best Practices

• Visualization and isolation of resources are essential for following security best practices when deploying cloud services.

Warm Recovery Site

• A warm recovery site is the best option for a business that needs a recovery site without immediate failover and wants to reduce the recovery workload.

Load Balancing

• Load balancing increases application resilience by splitting traffic between two identical sites.

Business Continuity Planning

• Business continuity planning describes how an organization will continue operating during a global incident.

VPN

• VPNs provide secure remote access without interception concerns.

Identity Provider

• Selecting an Identity Provider (IdP) is the first step an organization should take when consolidating user credentials for multiple SaaS applications.

File Integrity Monitoring

• File integrity monitoring is used to ensure that sensitive data is not modified.

Identifying Impacted Hosts During a Cyber-Security Incident

• Analyzing DHCP and firewall logs is most likely to identify the impacted host during a command-and-control server incident.

Identifying Legacy Systems

• Vulnerability scans can be used to identify legacy systems.

Incident Response Phases

• The lessons learned phase of an incident response involves generating reports.

Preventing a Single Point of Failure

• Ensuring other team members understand how a script works helps prevent a single point of failure.

Software Development Life Cycle (SDLC)

• Information security policies are typically included in the SDLC.

Security Awareness Training

• Security awareness training can help employees understand how to identify and avoid spoofed websites.

Social Engineering

• Social engineering attacks exploit human behavior to gain access to systems or information.

AUP

• An Acceptable Use Policy (AUP) is an example of a managerial control.

Data Loss Prevention (DLP)

• DLP solutions can help mitigate the risk of sensitive data exfiltration.

End of Life

• End of life (EOL) occurs when a legacy device stops receiving updates and patches.

Asset Inventory Maintenance

• an asset inventory must be maintained to identify systems requiring patches.

Due Diligence

• Researching laws and regulations related to information security operations within a specific industry is known as due diligence.

Description

Test your knowledge on key cybersecurity concepts including Data Loss Prevention, Endpoint Protection, and Risk Management. This quiz covers essential strategies for protecting sensitive data and ensuring operational continuity in organizations.