Podcast
Questions and Answers
Which of the following biometrics will most likely be used without the need for enrollment? (Choose two)
Which of the following biometrics will most likely be used without the need for enrollment? (Choose two)
Which of the following would best assist a small company that does not have security staff in improving its security posture?
Which of the following would best assist a small company that does not have security staff in improving its security posture?
Which of the following attacks most likely occurred on the original DNS server when the helpdesk escalated a website access issue?
Which of the following attacks most likely occurred on the original DNS server when the helpdesk escalated a website access issue?
Which of the following describes what a cyber security manager is doing by conducting biannual meetings to discuss responses to hypothetical cyberattacks?
Which of the following describes what a cyber security manager is doing by conducting biannual meetings to discuss responses to hypothetical cyberattacks?
Signup and view all the answers
Which of the following recommendations would BEST prevent a Remote Access Trojan (RAT) from recurring on an organization's banking credentials?
Which of the following recommendations would BEST prevent a Remote Access Trojan (RAT) from recurring on an organization's banking credentials?
Signup and view all the answers
Which of the following application attacks is being tested when a security analyst sends an internal user a link and can browse the website with a different session ID?
Which of the following application attacks is being tested when a security analyst sends an internal user a link and can browse the website with a different session ID?
Signup and view all the answers
Which of the following control types is an Intrusion Detection System (IDS)?
Which of the following control types is an Intrusion Detection System (IDS)?
Signup and view all the answers
Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident?
Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident?
Signup and view all the answers
Which of the following solutions would be BEST to provide security, manageability, and visibility into multiple SaaS and IaaS platforms?
Which of the following solutions would be BEST to provide security, manageability, and visibility into multiple SaaS and IaaS platforms?
Signup and view all the answers
Which of the following implementations would be BEST to prevent web application outages caused by developers uploading new versions of shared libraries?
Which of the following implementations would be BEST to prevent web application outages caused by developers uploading new versions of shared libraries?
Signup and view all the answers
Which tool will a security administrator MOST likely use to confirm suspicions of unnecessary services running on a server?
Which tool will a security administrator MOST likely use to confirm suspicions of unnecessary services running on a server?
Signup and view all the answers
Which of the following would BEST protect the company from data exfiltration via removable media?
Which of the following would BEST protect the company from data exfiltration via removable media?
Signup and view all the answers
In which of the following common use cases would steganography be employed?
In which of the following common use cases would steganography be employed?
Signup and view all the answers
Which option will BEST ensure a site's users are not compromised after a reset of their credentials following a large data breach?
Which option will BEST ensure a site's users are not compromised after a reset of their credentials following a large data breach?
Signup and view all the answers
In which of the following risk management strategies would cybersecurity insurance be used?
In which of the following risk management strategies would cybersecurity insurance be used?
Signup and view all the answers
Which of the following describes the GREATEST risk to intellectual property when using conductive metal lockboxes for personal electronic devices?
Which of the following describes the GREATEST risk to intellectual property when using conductive metal lockboxes for personal electronic devices?
Signup and view all the answers
Which activity is a security analyst performing when reviewing historical logs for specific activity outlined in a security advisory?
Which activity is a security analyst performing when reviewing historical logs for specific activity outlined in a security advisory?
Signup and view all the answers
Which of the following would MOST likely support the integrity of a voting machine?
Which of the following would MOST likely support the integrity of a voting machine?
Signup and view all the answers
Which of the following regulations should a Chief Information Security Officer (CISO) understand before creating data privacy policies?
Which of the following regulations should a Chief Information Security Officer (CISO) understand before creating data privacy policies?
Signup and view all the answers
Which type of threat is represented when the IT department at a university is concerned about professors placing servers on the network to bypass security controls?
Which type of threat is represented when the IT department at a university is concerned about professors placing servers on the network to bypass security controls?
Signup and view all the answers
Which obligation does a commercial cyber-threat intelligence organization have before releasing threat intelligence to subscribers?
Which obligation does a commercial cyber-threat intelligence organization have before releasing threat intelligence to subscribers?
Signup and view all the answers
Which situation is MOST likely occurring when end users suddenly download .tar.gz files without initiating the downloads?
Which situation is MOST likely occurring when end users suddenly download .tar.gz files without initiating the downloads?
Signup and view all the answers
Which plan is an organization MOST likely developing in the event of a complete loss of critical systems and data?
Which plan is an organization MOST likely developing in the event of a complete loss of critical systems and data?
Signup and view all the answers
What is the purpose of a risk register?
What is the purpose of a risk register?
Signup and view all the answers
Which type of attack is BEST described when a university loses Internet connectivity due to an edge-router vulnerability?
Which type of attack is BEST described when a university loses Internet connectivity due to an edge-router vulnerability?
Signup and view all the answers
Which standard must a company comply with before accepting credit cards on its e-commerce platform?
Which standard must a company comply with before accepting credit cards on its e-commerce platform?
Signup and view all the answers
Which security exploit is not readily available for which a vendor patch is unavailable?
Which security exploit is not readily available for which a vendor patch is unavailable?
Signup and view all the answers
Which social engineering technique is being used when a CFO receives an email requesting a fund transfer due to an alleged emergency?
Which social engineering technique is being used when a CFO receives an email requesting a fund transfer due to an alleged emergency?
Signup and view all the answers
To implement a third factor for multifactor authentication, which option would meet the organization's needs?
To implement a third factor for multifactor authentication, which option would meet the organization's needs?
Signup and view all the answers
Which forensic technique should be used to preserve the admissibility of evidence during an investigation?
Which forensic technique should be used to preserve the admissibility of evidence during an investigation?
Signup and view all the answers
Which type of SSL certificate would BEST meet the requirements for a company wanting to cover multiple subdomains?
Which type of SSL certificate would BEST meet the requirements for a company wanting to cover multiple subdomains?
Signup and view all the answers
Study Notes
Authentication and Biometrics
- Organizations can utilize machine learning to enhance authentication, improving accuracy over time without biometric enrollment.
- Two common biometrics likely used without prior enrollment are gait and facial recognition.
Security Improvements for Small Companies
- A small company lacking security staff can enhance its security posture through a Security Orchestration Automation and Response (SOAR) solution.
DNS Issues and Attacks
- If users report inaccessibility to previously available websites, it may indicate a domain hijacking.
- Flushing the DNS cache may not resolve this if the original DNS server has been compromised.
Cybersecurity Exercises
- Conducting tabletop exercises helps organizations prepare for potential cyberattacks by simulating incidents and assessing responses.
Prevention of Remote Access Trojans (RATs)
- Implementing application whitelisting can help prevent future infections from RATs that bypass antivirus detection.
Application Attacks
- Cross-site request forgery (CSRF) attacks involve unauthorized commands being transmitted from a user that a web application trusts.
Intrusion Detection Systems (IDS)
- An IDS functions as a detective control, identifying potential security breaches.
Vendor Negotiations
- Service Level Agreements (SLA) are crucial when negotiating vendor response times to outages.
Security in Cloud Solutions
- Cloud Access Security Brokers (CASB) enhance security, visibility, and management across SaaS and IaaS platforms for organizations.
Data Integrity in Development
- Containerization is an effective strategy to prevent issues arising from unintentional updates to shared library components in applications.
Network Scanning Tools
- Nmap is a commonly used tool for discovering running services on a system to confirm security suspicions.
Insider Threat Protection
- To mitigate risks of data exfiltration via removable media, blocking access to these devices using host-based security tools is effective.
Steganography Usage
- Steganography is primarily used for obfuscation, hiding data within other data formats.
Protection of Reset Credentials
- Ensuring encrypted credentials in transit is vital when resetting user passwords, particularly after data breaches.
Cybersecurity Insurance in Risk Management
- Cybersecurity insurance is a method of risk transference, shifting the burden of certain risks to an insurance provider.
Intellectual Property Risks
- Data exfiltration over mobile hotspots is a major concern when implementing policies around personal electronic devices.
Threat Hunting Activities
- Threat hunting involves reviewing historical logs for specific activities indicated by new security advisories.
Voting Machine Integrity
- Perfect forward secrecy can help maintain the integrity of voting machines against eavesdropping attempts.
International Data Privacy Standards
- The General Data Protection Regulation (GDPR) is critical for organizations aiming to align policies with international data protection standards.
Shadow IT Threats
- Shadow IT refers to the risks posed by unauthorized applications or devices being used within an organization.
Threat Intelligence Contracts
- Cyber-threat intelligence organizations must anonymize personally identifiable information (PII) before sharing threat intelligence.
Malware Infection Indicators
- Sudden downloads of unexpected file types may indicate that a RAT is transferring additional tools to compromised systems.
Disaster Recovery Planning
- Organizations develop disaster recovery plans to outline response strategies in case of critical system failures.
Risk Register Purpose
- A risk register is used to identify risks, assign risk owners, and implement measures for mitigation.
Network Attacks and Outages
- Denial-of-Service (DoS) and race conditions can lead to intermittent connection losses due to vulnerabilities in network equipment.
Compliance for E-commerce
- Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is necessary for companies accepting credit cards.
Vulnerability Exploits
- A zero-day exploit refers to vulnerabilities for which no vendor patch is available, posing significant security risks.
Social Engineering Techniques
- Whaling targets high-profile individuals for financial fraud through deceptive communications like phishing emails.
Multifactor Authentication Expansion
- Adding fingerprints can serve as the third factor for multifactor authentication systems already using smart cards and passwords.
Forensic Evidence Preservation
- Maintaining the chain of custody is essential in preserving the admissibility of evidence during legal investigations.
SSL Certificate Requirements
- A wildcard SSL certificate covers multiple subdomains, making it suitable for organizations with varying application URLs.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz covers essential concepts in cybersecurity, including authentication methods, security improvements for small businesses, DNS issues, and strategies to prevent remote access trojans. Test your knowledge on how organizations can enhance their security posture and respond to potential cyber threats.
