Cybersecurity Practices and Incident Response

Questions and Answers

What would be the most effective immediate response to a cybersecurity incident?

Purchase cybersecurity insurance

Implement an exception for all data center services

Move the servers to a protected segment (correct)

Hire a third-party to perform an extensive audit

Which term best describes the steps for processing orders during an Internet connection failure?

Platform diversity

Continuity of operations (correct)

Cold site recovery

Tabletop exercise

What method would best facilitate credential examination for individuals entering a data center?

Biometric access systems (correct)

Manual entry systems

Visitor logs

Security badges with RFID

Which approach is characterized by a third-party gathering information without direct access to a company's internal network?

Passive reconnaissance

How would you best describe a strategy involving some employee information encrypted and other data in plaintext?

Hybrid encryption

What mechanism determines how to handle an email from a third-party if the sending server is not on the authorized list?

SPF

To minimize database corruption during unexpected power loss, which strategy should be employed?

Journaling

Which type of threat actor typically targets systems to achieve direct financial gain?

Organized crime

What is the best approach to establish security policy rules for corporate mobile devices?

Mobile device management solutions

What should a security engineer do if a significant vulnerability in Windows servers has not been patched?

Prioritize the patching process

What term best describes a system being compromised through an existing known vulnerability?

Exploit vulnerability

Which of the following practices is essential for managing additional information from users while keeping it separate from company data?

Data segregation frameworks

In building an ambulance service network, what aspect should be prioritized to ensure effectiveness?

System availability

What does a text alert received for changes in access rights on a database signify?

Automation

What is the best measure to prevent potential data exfiltration via external storage drives?

Blocking the use of removable media

What describes an alert system that informs when access rights are modified on sensitive databases?

Intrusion detection system (IDS)

Which of the following would MOST likely describe the issue where users are being directed to a different IP address than the bank's web server?

DNS poisoning

Which of the following considerations are MOST commonly associated with a hybrid cloud model?

Network protection mismatches

What would be the BEST method for a security administrator to ensure that former employees cannot access company systems?

Verify account access after disabling access

Which term is used to describe how cautious an organization might be regarding a specific risk?

Risk appetite

Which of the following describes the type of data created by a company that generates standard government reports each calendar quarter?

Regulated

After a critical error occurs following a patching process on a web server, which action should be taken NEXT?

Follow the steps listed in the backout plan

What BEST describes an attack in which specially crafted packets are sent to crash a server?

DDoS

What should be implemented by the security team of an insurance company to meet requirements for data breach policies?

Use a centralized authentication server

Which part of the incident response process best describes a security administrator building new servers and security systems to get financial systems back online?

Recovery

What preventative measure can be taken to minimize the risk of Microservice outages in a hybrid cloud environment?

Implementing API gateways

From the firewall logs indicating a Trojan was blocked, what can be observed regarding the IP addresses involved?

The source IP is the internal network address

What approach should be taken to effectively manage the risk of data breaches in a large organization?

Regular security audits and vulnerability assessments

What is the most likely reason for the breach of private company information after installing new wireless access points?

Misconfiguration

What is the MOST likely reason for receiving a 'Your connection is not private' error?

An on-path attack intercepting connections

Which of the following would be the LEAST effective method for ensuring a website maintains a login with existing credentials from a third-party site?

Store user credentials on the website

How can the absence of a patch for a significant vulnerability in an Internet-facing firewall be best described?

End-of-life

What describes the disaster recovery exercise involving IT and senior directors discussing processes during a simulated disaster?

Training

How often should the firewall hardware be expected to fail between repairs in terms of uptime contracts?

The expected average failure rate should align with industry standards

What is the best way for a security administrator to block users from visiting websites hosting malicious software?

DNS filtering

What is one of the security measures that should be taken for data access outside of normal working hours?

Enforce immediate logging and alerting for such access

What action is indicated by the firewall logs showing an alert for a Trojan blocking?

The Trojan was intercepted before execution

Which incident response step is the system administrator following when imaging the operating system to a known-good version after a malware infection?

Recovery

What describes the process of placing a SCADA system on a segmented network with limited access?

Network segregation

Which of the following is NOT a common feature of a disaster recovery plan discussed during an exercise?

Financial projections

Which option is most likely to be included in a company's quarterly security awareness campaign?

Suspicious message reports from users

To prevent the reintroduction of a vulnerability that was previously patched, which measure should the security administrator implement?

Change management

Which method is the best approach to ensure unique hashes during the application login process?

Salting

What best describes the implementation of SCAP in an organization's security monitoring?

Automate the validation and patching of security issues

Who is responsible for managing access rights to a large database containing customer information?

Data owner

With the addition of a 'Private' classification to a content management system, what is the primary purpose this change likely serves?

Provide additional granularity in data classification

Which security practice is focused on ensuring software patches do not reintroduce previous vulnerabilities?

Patch management

In a security awareness campaign, which method would be least effective in improving user detection of phishing attempts?

Monitoring email attachments for malware

Study Notes

Third-Party Information Gathering

• A company hired a third party to gather information about their servers and data.
• The third party cannot directly access the internal network.
• The best description of this approach is passive reconnaissance.

Email Server Message Disposition

• A company's email server received an email from a third party.
• The origin server didn't match authorized devices.
• Disposition of the message is determined using SPF, NAC, DMARC, or DKIM.

Threat Actor Financial Motive

• The threat actor most likely to attack systems for financial gain is organized crime.

Security Vulnerability Description

• A server was compromised due to a known operating system vulnerability.
• This finding is BEST described as a known operating system vulnerability exploit.

Emergency Medical Dispatch Priority

• System availability is the highest priority for an ambulance service network.

Database Access Alert Description

• A text alert was triggered when access rights were changed on a database containing private customer information.
• The alert describes a security concern about database access rights.

Data in Use, Obfuscated Data, Trade Secrets, and Regulated Data

• Data in use is data that is currently being used by a system.
• Obfuscated data is data that has been made difficult to understand.
• Trade secrets are confidential information that gives a company a competitive edge.
• Regulated data is data that is subject to government regulations.

Data Breach Policies and Requirements

• Data access records from all devices must be saved and archived.
• Data access outside of normal working hours must be reported immediately.
• Data access must occur only within the country.
• Access logs, and audit reports must be created from a single database.
• Security team will need to use GPS location, data account authentication server, and access logs and audit reports from a single database to meet these requirements.

Firewall Log Information

• A firewall log shows that a Trojan attempt was blocked from a specific IP address. The victim's IP address is 136.127.92.171.

Third-Party Website Certification Issue

• A user received a message "Your connection is not private. NET::ERR_CERT_INVALID" from a third-party website.
• This message indicates a trustworthiness issue and is MOST likely because of a deauthentication attack.

Website Login Credentials

• The best way to provide website logins using existing third-party credentials is to store these credentials within the site's internal database.

Firewall Hardware Uptime

• Details about how often firewall hardware is expected to fail are called Mean Time Between Failures (MTBF).

Attacker's Phone Call Description

• An attacker pretended to be a company director to gain access, this is social engineering.

Formal Partnership Agreement Description

• A formal agreement between two companies to qualify their partnership is called an acceptable use policy.

Email Signature Justification

• Companies use digital signatures to ensure email integrity, authenticity, and confidentiality.

Embedded OS System Error Description

• An embedded operating system constantly rebooting due to a file system error is called "memory injection," potentially stemming from malicious code corruption on the machine.

Password Policy Issues and Corrections

• Current password policies lack restrictions on attempts and lack password change requirements.
• Password policy corrections are frequent password changes, and password limitations on attempts or errors.

Server Update Delays Response

• The best immediate response to servers not updated in a year and needing two weeks to deploy updates is to move the servers to a protected segment.

Business Management Steps Description

• Steps for responding to an Internet connection failure in the business process are called Continuity of Operations/Cold site recovery (and table top exercises are ways to practice for this contingency).

Data Center Employee Credential Examination

• The best way to examine credentials for data center building entry is to use authentication process, such as multi factor authentication (MFA).

Employee Information Encryption Strategy Description

• Storing some employee information in encrypted form, while other details remain unencrypted, is called "full-disk encryption" for stored data, but not all.

Database Corruption Minimization Strategy

• The best method to minimize database corruption if power is lost to a server is to do replication. This will duplicate the database to another server.

Corporate Mobile Device Security Policy Establishment

• To create a corporate mobile device security policy, policies should be created, or implemented to: Automatically lock devices after a predefined time period, Track the location of the device, and prevent user's information from being mixed with company information or data.

Monthly Vulnerability Scan Results Description

• A monthly vulnerability scan showing no vulnerabilities, while a known vulnerability was announced last week, means there is a false negative.

Security Event Automation Use Cases

• IT help desk automation of security events includes escalation, guard rails, continuous integration, and resource provisioning.

Wireless Network Authentication Configuration

• To authenticate users with their corporate credentials when using a company wireless network, 802.1x should be used.

VPN Service Posture Assessment

• A VPN service performing a posture assessment during login is a form of security testing and is a critical assessment.

Access Control Model Description

• Access control model used to assign individual rights and permissions to a file on a network drive is called a discretionary access control model.

Text Message Attack Description

• A user received a text message with a link for logging into a work schedule. The best description of this attack would be "smishing."

Company Policy Formalization Description

• The company process for formalizing the design and deployment processes for their applications is called "development lifecycle."

Incident Response Process Description

• Copying a suspected malware executable to a sandbox for analysis is part of the incident response process..

Bank Website Visitor Decrease with Possible Attack Description

• A decrease in bank website visitors, coupled with traffic being routed to a different IP address, suggests a deauthentication attack.

Password Policy Security Control

• The security policies lack the use of salt in password hashing. Salting is needed when implementing a password policy.

Server Vulnerability Issue Description

• A vulnerability that was patched previously surfacing again means it is an "end-of-life" vulnerability.

Disaster Recovery Process Description

• A simulated disaster to discuss logistics and processes of resolving the disaster is a disaster recovery exercise.

Security Access Control Method Description

• Blocking access to websites hosting malicious software in an organization can be accomplished with "DNS filtering".

Malware Infection Incident Response Steps

• When a system has a malware infection, the best response is to create "lessons learned".

Description

This quiz covers critical aspects of cybersecurity, including immediate responses to incidents, handling order processing during network failures, and strategies for employee data protection. Assess your knowledge on the role of third-party information gathering and mechanisms for email handling based on server authorization.