Comptia Security+ Practice Exam 6

Questions and Answers

PDF Questions PDF Answers

Which technique is most appropriate for uncovering indicators of insider threats?

Blocking known file sharing sites

Requiring credit monitoring

Performing security awareness training

Implementing impossible travel alerts (correct)

What type of documentation would note the risk associated with a chlorine processing facility near company offices?

Site risk assessment (correct)

Physical risk register

Environmental impact report

Disaster recovery plan

What action should be taken if a developed application cannot access a specific internal resource?

Modify the allow/deny list for those specific resources (correct)

Utilize standard network protocols

Configure the application in a sandbox environment

Follow the secure coding practices for the internal resource

Which tool would be most effective for an analyst to match SIEM alerts to domains from a threat intelligence report?

nslookup

To enable MFA for a newly upgraded wireless system, which technology is necessary after installing access points?

RADIUS

What is a likely reason for intermittent connectivity reported by users on a specific subnet?

Faulty cabling causing packet loss

Which of the following could result in an inability to access specific resources in a network application?

All of the above

What should an organization consider when assessing risks associated with a hazardous facility nearby?

All of the above

What additional layer of protection can be implemented to prevent compromised credentials from accessing the corporate network?

Conditional access policies

Which method is most effective in educating employees about the significance of cybersecurity?

Phishing campaigns

To comply with a company policy requiring all new SaaS applications to authenticate users via a centralized service, which authentication type should be used?

SSO

What type of attack is indicated by the web server log snippet that includes access to the '/etc/passwd' file?

Directory traversal

What is the primary risk associated with Company A and Company B hosting each other's disaster recovery sites at their primary data centers?

The data center sites are not geographically dispersed

What preventive measure could have avoided the login failures and web server crashes after a new log-in page was introduced?

Input validation

Which type of service is most likely needed to handle user authentication for multiple services efficiently?

SSO

Which logging practice would most likely enhance security by providing insights on unauthorized data access attempts?

Real-time monitoring of logs

What type of information is typically extracted from image files that may contain geolocation coordinates?

Metadata

Which system has the capability to physically verify individuals entering and exiting a restricted area?

Access control vestibule

What is the most crucial consideration for an organization when developing a data privacy program?

Role as controller and processor

Which container security practice is most effective in preventing an attack after a zero-day vulnerability is exploited?

Executing containers using unprivileged credentials

Which architecture model is best suited for establishing a secure cloud-based file transfer between two data centers?

PKI

What is the purpose of risk transference in risk management strategies?

To share risk with others

What type of social engineering attack is exemplified when an employee plugs in a found USB flash drive?

Baiting

Which method is primarily focused on gaining insights into device settings and configurations?

Configuration review

What is the best method to categorize and share a threat actor's TTPs effectively?

Using the MITRE ATT&CK framework

Which of the following methods provides the best assurance that data has been properly disposed of?

Shredding

Which input is best mitigated through input sanitization?

alert("Warning!");

Which concept describes the implementation of spare devices for critical infrastructure?

High availability

What technique is used to add complexity to password hashes?

Salting

What is the main security feature provided by an air-gapped system?

Security through physical disconnection

What is the likely cause of a web services outage indicated by increased network traffic?

DDoS attack

Which organizational data is most likely regulated and subject to strict privacy laws?

Personal Identifiable Information (PII)

Which control type was applied after a ransomware attack by patching the server?

Corrective control

What authentication protocol would best meet the requirements of logging actions per command and using TCP communication?

TACACS+

What report would best demonstrate the security controls of a hosting provider over the past six months?

SOC 2 Type 2 report

What should be corrected to solve the issue of performance degradation when accessing network fileshares with dropped return traffic?

Host-based firewall settings

Which solution best meets the requirements of storage scalability and single circuit failure resilience for a new platform hosting virtual machines?

Transitioning the platform to an IaaS provider

What type of security control should be implemented to prevent unauthorized data exfiltration via Wi-Fi in a secure facility?

Faraday cage

Which tool is best suited for discovering insecure ports and legacy protocols on servers?

Nessus

Based on failed authentication attempts logged, which type of attack is most likely indicated?

Brute-force

What is used to describe discrete characteristics of a potential weakness that results in a severity number?

CVSS

What attack is indicated by a high number of DE authentication requests from an unidentified device on the network?

Disassociation

Which best describes the controls implemented when segmenting a critical server to a VLAN accessible only by specific devices?

Technical

What concept best supports incorporating tasks like deleting test accounts and data securely during production deployment?

Secrets management

What likely enabled a successful data exfiltration attempt that evaded monitoring analytics?

Susceptibilities in the classifier enabled counter-AI techniques.

Which framework provides guidelines for managing and reducing information security risk?

NIST CSF

What attribute is most appropriate when implementing Multi-Factor Authentication (MFA)?

Validating the user's location

What solution is best to control access from an internal network to a segregated production network while minimizing exposure?

Jump server

Which configuration should consistently be set to prevent issues with logging access to SAN from different servers?

NTP

Which source would provide the most relevant information on adversary behavior for system hardening?

MITRE ATT&CK

In digital forensics, which category pertains specifically to the collection of data such as disk images?

Acquisition

What is the primary responsibility of a data steward within an organization?

Data steward

Which of the following could help reduce unauthorized access to an organization's network based on unusual login activity?

Implementation of conditional access policies

Which type of facility is most likely to utilize a SCADA system?

Water treatment plant

If a network analyst discovers a second guest network broadcasting at full signal strength in a lobby area, what is the most probable explanation?

Evil twin attack

In order to comply with a security policy that restricts bidirectional internet access to production servers, what should an organization configure?

Firewall rule

What initiative is utilized by some organizations to reward security researchers for locating vulnerabilities?

Bug bounty

To mitigate a vulnerability that allows exiting kiosk mode on a virtual thin client, which control should be considered?

Using application approved lists

What vulnerability is likely being exploited if an attacker is attempting to inject scripts through a web application?

Cross-site scripting

How can an organization balance the need for real data during development while complying with privacy requirements?

Data masking

What term best describes the acceptable level of risk that an organization is willing to take when designing controls?

Risk appetite

Which technology is known for efficiently utilizing compute and memory resources for application workloads?

Containers

Which secure coding practice involves keeping critical business logic within a database?

Stored procedures

What term describes a sophisticated exploit that exploits a previously unknown vulnerability?

Zero-day

Which container security practice has the greatest chance of preventing an attack after exploiting a zero-day vulnerability?

Executing containers using unprivileged credentials

What architecture model is best suited for securely transferring files between two data centers in the cloud?

PKI

Which approach is most effective in mitigating the impact of lateral movement by a malicious actor in a containerized environment?

Establishing strict access controls among containers

What is the primary benefit of executing containers using unprivileged credentials?

It reduces the risk of escalation during a security breach

In securing a cloud-based file transfer between two data centers, which solution would be ineffective?

Switching to a standard file transfer system like FTP

Study Notes

Insider Threat Reduction

• Impossible Travel Alerts are used to identify and prevent unauthorized access to sensitive information by employees who are not authorized to be in certain locations.

Governance, Risk, and Compliance

• Site Risk Assessment is a document that identifies potential risks to an organization's operations, assets, and personnel, including risks associated with the physical environment.

Application Development and Testing

• Modifying the Allow/Deny List for specific resources is a common practice to restrict access to sensitive resources. Changing the allow/deny list ensures that the application only accesses the resources it needs to function properly.

Threat Intelligence Analysis

• nslookup is a command-line tool for querying Domain Name System (DNS) servers. This tool helps the analyst to determine whether the SIEM alerts can be attributed to the domains of the threat intelligence report by providing information about the domain's IP address and associated DNS records.

Multi-Factor Authentication (MFA) for Wireless Networks

• RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) services. It's used to enable MFA on wireless networks by communicating with the access points and authenticating users based on their credentials and MFA factors.

Network Troubleshooting

• arp -a is a command used to display the Address Resolution Protocol (ARP) cache on a system. The output of this command shows the mapping between IP addresses and MAC addresses on the local subnet.
• The output (7(192.168.1.7) at) indicates that the workstation's ARP cache has an entry for the IP address 192.168.1.7, which maps to the MAC address 7.
• The output suggests that the intermittent connectivity issues might be caused by ARP poisoning or spoofing attacks.
• Spoofing attacks can disrupt network communication by manipulating the ARP cache of devices to point traffic to malicious attackers instead of legitimate destinations.

Access Standards and Security

• To enhance security, businesses can use conditional access policies to enhance protection beyond MFA.
• Kerberos ticketing, terminal access controllers, and key vaults are other security measures, but conditional access policies are the most effective in this situation.

Security Awareness Training

• Phishing campaigns are effective tools for training employees on cybersecurity best practices.
• Acceptable use policies, employee handbooks, and social media analysis can also contribute, but are not as effective as phishing simulations.

Centralized Authentication

• Single Sign-On (SSO) is the most suitable authentication type for enforcing a policy that requires all new SaaS applications to use a centralized authentication service.
• While services like RADIUS, OpenID, Kerberos, and CHAP are used for authentication, SSO offers central authentication, making it the best option for this requirement.

Directory Traversal Attack

• The web server logs show evidence of a directory traversal attack. The attacker is attempting to access system files (like /etc/passwd, etc/groups) by using relative path manipulations.

Disaster Recovery Site Risks

• The greatest risk with this arrangement is the lack of geographic dispersal for the data center sites.
• While shared physical security, redundant power, and timely access are concerns, the lack of geographic distance presents the most significant threat.
• Companies are encouraged to have disaster recovery sites in geographically different locations for even greater resilience and reducing risk in case of a disaster affecting the primary site.

Input Validation and Security

• The issue with the customer-facing login page is likely caused by a lack of input validation.
• Without validation, malicious input can cause server instability or outages.
• Request throttling, SSL, and password rotation policies are important, but input validation is the primary preventative measure in this scenario.

MITRE ATT&CK

• MITRE ATT&CK is a comprehensive knowledge base of adversary tactics and techniques.
• Security administrators can leverage it to understand real-world attack patterns and apply appropriate mitigations.
• CSIRT, CVSS, and SOAR have different roles related to cybersecurity, but MITRE ATT&CK is the best resource for adversary behavior insights.

Digital Forensic Acquisition

• The digital forensic category the company wants to implement is Acquisition. It involves the collection of data, which includes acquiring disk images and volatile memory from computers.
• The acquisition process is crucial for preserving evidence in its original state for analysis and potential legal use.

Data Steward

• The analyst in the HR organization is acting as a Data Steward.
• They are responsible for maintaining the data dictionary and ensuring its accuracy and timeliness.
• Data Owner, Data Processor, and Data Protection Officer have different responsibilities related to data management.

Reducing Login Attacks

• The following recommendations would reduce the likelihood of unauthorized logins:
  • Conditional access policies: These policies can restrict access based on location, device, and other factors.
  • Implementation of additional authentication factors: Using multi-factor authentication strengthens login security.
• Disciplinary actions for users, regular account audits, enforcement of content filtering, and review of user permissions are generally good practices, but may not directly address the issue of unauthorized logins from external locations.

SCADA Systems in Industries

• SCADA systems are frequently used in critical infrastructure like water treatment plants. They control and monitor industrial processes, making them a vital part of these operations.
• Surveillance systems, smartwatches, and Wi-Fi-enabled thermostats are not generally considered SCADA systems.

Evil Twin Attack

• The scenario describes an Evil Twin attack.
• An attacker sets up a rogue access point with a similar name to the legitimate guest network.
• This aims to trick users into connecting to the attacker's network, allowing them to intercept traffic or compromise devices connected to the bogus network.

Firewall Rules and Network Security

• To comply with the company's policy restricting bidirectional internet access to only production servers, firewall rules must be configured.
• Firewall rules control network traffic flow, enabling granular control over internet access.
• DLP policies, MDM servers, and URL filters have different security functions and are not the best solutions for this specific requirement.

Bug Bounty Programs

• Bug bounty programs are used to recognize and reward security researchers for discovering vulnerabilities and exploits.
• It incentivizes responsible disclosure of vulnerabilities, which helps organizations improve security.
• Red teaming, footprinting, and lateral movement are security testing techniques, but are not directly related to rewarding security researchers.

Mitigating Privilege Escalation

• To prevent exiting kiosk mode and accessing system-level resources leading to privilege escalation, using application approved/denied lists is the most appropriate mitigation.
• It restricts applications that can be executed on the virtual thin client, limiting the potential attack surface.
• Web content filtering, additional firewall rules, and network segmentation are security measures, but are not as effective for this specific issue compared to using application whitelisting.

Cross-Site Scripting Attack

• The attacker is trying to exploit a cross-site scripting (XSS) vulnerability.
• XSS attacks involve injecting malicious scripts into web pages or applications, allowing the attacker to execute code on the victim's browser, which could potentially steal sensitive data.
• The log entry shows the attacker attempting to insert malicious JavaScript into the URL query string with the potential aim of executing code on the user's browser when visiting the malicious site.

Data Masking for Development

• To satisfy both the CPO's need to remove PII from the development environment and the developers' need for real data, the most effective solution is data masking.
• It substitutes sensitive data with non-sensitive values without affecting the functionality of the application.
• Data purge, encryption, and totalization have different purposes and may not meet both requirements.

Risk Appetite in Security Design

• Risk appetite refers to the amount of risk an organization is willing to accept.
• Security architects use it to design controls that align with the organization’s overall risk tolerance.
• Control risk, risk register, and inherent risk are related concepts in risk management but are not as directly related to the decision-making process of security design.

Containerization for Efficient Resource Utilization

• Containers are a technology that can better utilize compute and memory resources for on-premises application workloads.
• Containers provide a lightweight and portable packaging for software applications, enabling more efficient resource allocation.
• Microservices, serverless architecture, and community clouds focus on different aspects of cloud computing and may not be as efficient for resource utilization on-premises.

Stored Procedures and Secure Coding

• Stored procedures involve storing business logic within a database, enhancing security by isolating it from client-side code.
• It reduces the risk of SQL injection attacks by separating business logic from the presentation layer.
• Normalization, obfuscation, and tokenization are other methods used to enhance security, but they do not directly relate to storing business logic within the database.

Zero-Day Exploits

• Zero-day exploits are vulnerabilities that are unknown to vendors and have no patches available.
• They can be exploited for malicious purposes before any security measures are in place.
• Data loss, data exfiltration, and supply chain attacks are different types of threats.

Firewall Rules and Endpoint Traffic

• The issue is likely caused by a misconfigured host-based firewall setting.
• The firewall may be blocking the return traffic, preventing the endpoint from accessing the fileshare.
• Antivirus, intrusion detection systems, and the /etc/hosts file are not directly related to the issue.

Iaas and Virtual Machine Hosting

• Transitioning the platform to an IaaS provider best fulfills the utility company's requirements.
• IaaS (Infrastructure as a Service) provides scalable and resilient infrastructure, enabling them to meet the needs for memory utilization, storage scalability, and single circuit failure resistance.
• Connecting PDUs to redundant power supplies, configuring load balancing, and deploying large NAS devices are valuable measures, but IaaS provides a more comprehensive cloud-based solution in this case.

Faraday Cage and Data Exfiltration

• To prevent unauthorized data exfiltration via Wi-Fi from within a secure facility, a Faraday cage is the most effective security control.
• A Faraday cage blocks electromagnetic radiation, effectively preventing wireless signals from entering or leaving the enclosed area.
• Air-gapped networks, screened subnets, and 802.1X certificates have different security functions and are not as effective for stopping data exfiltration via Wi-Fi.

Nessus Vulnerability Scanner

• Nessus is a vulnerability scanner used by security auditors.
• It can be used to identify open ports, enabled legacy protocols, and other security vulnerabilities on servers and other network devices.
• Curl, Wireshark, and netcat are different tools used for networking and data analysis.

Brute-Force Attack

• The log output shows a series of failed authentication attempts from the same IP (120.34.2.5) using different ports.
• These attempts are likely part of a brute-force attack.
• The attacker is trying multiple password combinations to gain unauthorized access.
• SQL injection, rootkits, keyloggers, and null authentication are different security threats and don't match the pattern observed.

CVSS (Common Vulnerability Scoring System)

• CVSS is used to describe potential weaknesses.
• It assigns a severity score based on various factors, including attack complexity, impact, and exploitability.
• CVE (Common Vulnerabilities and Exposures), CAR (Common Access Request), and CERT (Computer Emergency Response Team) are different resources related to vulnerability management and security response.

Deauth Attack

• The scenario describes a deauthentication (Deauth) attack.
• The attacker is sending deauthentication frames to disrupt the wireless connection between the affected device and the access point.
• The sudden increase in deauthentication requests is a clear indication of this attack.

Compensating Control and Technical Control

• The network team's actions of segmenting a critical server to a VLAN, restricting access to specific devices, and isolating it from the perimeter network, are examples of both compensating control and technical control.
• Compensating controls are adopted where standard controls are not feasible.
• Isolating the server from the perimeter network is a compensating control because it's used to mitigate the risks associated with using an end-of-life server.
• The VLAN configuration and access restrictions are technical controls because they involve implementing specific technical measures to enhance security.
• Technical controls can be either physical or logical.

Secrets Management and Deployment Planning

• Secrets management is a security concept that involves managing sensitive data like passwords, API keys, and other credentials throughout their lifecycle.
• By incorporating secrets management into deployment plans, the product manager can:
  • Delete test accounts and data securely.
  • Share administrative passwords safely during the transition to production.
• Network segmentation, data classification, and access reviews are important security practices, but they don't directly address the specific requirements of secure testing account and data deletion and password sharing.

Machine Learning Model Susceptibility

• The most likely explanation for the malicious transfer being labeled as an “authenticated media stream” is a susceptibility in the classifier model enabling counter-AI techniques.
• The slight modification of the PCAP suggests an intentional manipulation that bypassed the model's original detection logic.
• Tainting, a supply chain implant, and a middle position would not account for the successful bypass after an initial failure.

NIST Cybersecurity Framework

• The NIST Cybersecurity Framework (CSF) provides guidelines for managing and mitigating cybersecurity risks.
• It focuses on identifying, assessing, managing, and monitoring risks within an organization's information systems.
• CIS (Center for Internet Security), ISO (International Organization for Standardization), and PCI DSS (Payment Card Industry Data Security Standard) are other frameworks that address specific domains of security.

MFA and Location Validation

• Validating the user's location is the most suitable attribute to implement when using multi-factor authentication (MFA).
• This helps prevent unauthorized access from unusual locations.
• Requiring image identification, enforcing special characters in passwords, and having users agree to terms of service are not directly related to the goal of securing MFA.

Jump Servers for Network Segmentation

• Using a jump server is the most effective way for a manufacturing organization to control and monitor access between internal business and segregated production networks while minimizing exposure.
• It provides a secure intermediary system for accessing the production network, reducing the attack surface from the business network.
• Proxy servers, NGFWs, and WAFs have different functions in network security.

NTP Synchronization and Access Control

• To consistently prevent issues like the log entries, the servers in the same subnetwork should be configured with network time protocol (NTP) synchronization.
• NTP ensures accurate timekeeping on all devices across a network, which can be critical in investigations involving timestamps.
• Geolocation, TOTP, and MFA are useful security measures but do not directly address the time synchronization issue in this scenario.

Choose Your Own Device (CYOD) Policy

• The following requirements apply specifically to a CYOD policy:
  • The company should retain ownership of the phone: This is crucial in a CYOD environment to ensure the company can manage the device and ensure compliance.
  • The user can request to customize the device: Giving users the option to customize the device can improve user satisfaction and acceptance.
• Other options, such as restricting the model of phone, prohibiting personal applications, or mandating antivirus, are not inherent components of a CYOD policy.

Risk Transference

• Risk transference involves shifting the burden of risk to another party, usually through insurance or outsourcing.
• It allows an organization to avoid the cost of managing and mitigating a specific risk.
• Risk avoidance, risk mitigation, and risk acceptance are different risk management strategies.

Brute-Force Attack (Linux)

• The log entries show repeated failed password attempts targeting the "root" user from the same IP address, using multiple SSH ports. This indicates a brute-force attack on the server's SSH login.

Hot Site for Disaster Recovery

• For a company in a hurricane-prone area seeking quick operational resumption, a hot site is the best disaster recovery option.
• A hot site is immediately operational, having already installed hardware, software, and data, allowing for immediate recovery after a disaster.
• Cold, tertiary, and warm sites have varying levels of preparedness and recovery time.

Configuration Review

• Configuration review is the process of systematically examining the settings of devices and systems to identify any misconfigurations or vulnerabilities.
• It helps verify if devices are configured securely and according to the organization's security policies.
• Log analysis, credentialed scans, web application scans, and network scans are other important security procedures.

MITRE ATT&CK Framework for Sharing TTPs

• The MITRE ATT&CK framework is a centralized database of adversary Tactics, Techniques, and Procedures (TTPs).
• It allows security analysts to categorize and share threat actor behavior consistently with colleagues and partner organizations.
• Sharing lessons-learned reports, CVE IDs, and log files is helpful, but the MITRE ATT&CK framework provides a more standardized approach for consistent understanding and communication of TTPs.

High Availability (HA)

• The organization's decision to purchase and configure spare devices for critical network infrastructure is driven by High Availability (HA).
• HA ensures that critical services remain operational even if a component fails.
• Software-defined networking, scalability, and decentralization are also important concepts in network management but are not the primary reasons for having spare devices.

Password Salting

• Salting entails appending a random value to the end of a password before hashing.
• It enhances security by creating unique hashes for the same password even across different systems.
• This makes rainbow table attacks less effective since the table would need to include all the salt combinations.
• Key stretching, steganography, and MD5 checksum have different purposes and are not directly related to password salting.

Corrective Control for Vulnerability Remediation

• The administrator used a corrective control when applying a patch to the server to resolve the CVE score.
• Corrective controls are implemented after a security incident to rectify the vulnerabilities.
• Deterrent controls, compensating controls, and directive controls have different purposes related to security.

Baiting Social Engineering

• The employee's actions in the parking lot scenario are an instance of a baiting social engineering attack.
• The attacker lures the victim by leaving something seemingly valuable behind (the USB drive), aiming to get them to interact with the device and compromise their system.

Input Sanitization and XSS Attacks

• Input sanitization is a good practice for mitigating cross-site scripting (XSS) attacks.
• The code "alert("Warning!");" is a typical XSS payload that would be blocked by proper input validation and sanitization techniques.
• Nmap scans, email phishing links, and browser warnings are associated with other security issues and vulnerabilities.

PII and PHI Regulation

• Two types of data most likely subject to regulations and laws are:
  • PII (Personally Identifiable Information): Data that can identify individuals, like names, addresses, and social security numbers.
  • PHI (Protected Health Information): Data related to patients' health, including medical records.
• Trade secrets, proprietary information, OSINT (Open-Source Intelligence), and public data may be subject to other laws and regulations, but PII and PHI are particularly sensitive and heavily regulated.

Shredding for Media Destruction

• The strongest assurance of proper data disposal is achieved through physical destruction methods, especially shredding.
• Shredding ensures the media cannot be easily reconstructed and reduces the risk of data breach.
• Degaussing, multipass wipe, hashing, and erasure are also data destruction methods, but shredding provides the highest level of physical assurance.

SOC 2 Type 2 Report for Security Controls

• A SOC 2 Type 2 report is the best proof that the hosting provider's security controls have been in place and effectively protecting customer data for the past six months.
• Type 2 reports provide evidence of the effectiveness of controls over time, demonstrating compliance and security maturity.
• The NIST CSF, CIS Top 20 compliance reports, and vulnerability reports are useful resources for security assessments, but don't specifically focus on demonstrating the effectiveness of security controls over an extended period.

TACACS+ for Centralized Authentication

• TACACS+ (Terminal Access Controller Access Control System Plus) is the most suitable authentication protocol for managing credentials and permissions to network devices.
• It offers centralized authentication, role-based access control, and command authorization with detailed logging, meeting the security requirements of logging all actions and providing per-command permissions.
• Kerberos, CHAP, and RADIUS have different strengths and limitations in the area of network device authentication.

Signature Updates for Endpoint Protection

• Policy signatures need to be updated before completing a weekly endpoint check.
• Signatures are crucial for identifying and detecting new and evolving threats, ensuring the endpoint protection application is up to date.
• Updating policy engines, policies, and definitions are also essential parts of endpoint security management.

DDoS Attack and Web Services Outage

• The web services outage caused by a sudden surge in network traffic indicates a Distributed Denial of Service (DDoS) attack.
• The attack overwhelms the web services with traffic, making them unavailable to legitimate users.

Security Threats and Countermeasures

• Logic Bomb: A malicious code that triggers an action when a certain condition is met.
• Brute-force Attacks: Attempts to guess passwords or encryption keys by trying all possible combinations.
• Buffer Overflow: Exploits a vulnerability where programs write data beyond the allocated memory space, potentially overwriting critical data or executing malicious code.
• DDoS (Distributed Denial of Service): An attack that overwhelms a target system with traffic from multiple sources, making it unavailable to legitimate users.
• Air-gapped Systems: Isolates a system from any network connection to prevent unauthorized access or data transfer. This provides physical disconnection for security.

Data Security Concepts And Tools

• Metadata: Data about data, including information like creation date, author, and geolocation coordinates.
• Access Control Vestibule: A secure area where individuals can be physically verified before entering a restricted area.

Data Privacy and Compliance

• Data Privacy Program: A set of policies and procedures designed to protect personal information.
• Data Controller: An organization responsible for determining the purposes and means of processing personal data.
• Data Processor: An organization that processes personal data on behalf of a controller.

Container Security Best Practices

• Unprivileged Credentials: Running containers with limited permissions reduces the impact of a compromise, preventing malicious actors from gaining full control of the host system.

Secure File Transfer Environments

• PKI (Public Key Infrastructure): A system for managing and distributing digital certificates to verify identities and secure communication. It's a suitable architecture for secure, cloud-based file transfers.

Container Security Practices

• Running containers with unprivileged credentials can greatly reduce the impact of a compromised container.
• Exploiting a zero-day vulnerability can lead to an attacker taking control of an entire container cluster.
• Attackers can use lateral movement to compromise additional containers and host systems.

Secure File Transfer

• Public Key Infrastructure (PKI) supports secure file transfer between two data centers.
• PKI is a framework for managing digital certificates.
• Digital certificates provide authentication and encryption for communications.

Description

Test your knowledge on insider threat reduction, governance, risk management, and threat intelligence analysis. This quiz covers topics like impossible travel alerts, site risk assessments, access control lists, and DNS tools. Perfect for those looking to enhance their understanding of information security practices.