29 Questions
What is a potential risk for a company's claims processing department with a mobile workforce?
Malware infection from email attachments
What would be an effective way to prevent malware infections from email attachments?
Implementing application whitelisting
What is a benefit of implementing cloud-based content filtering with sandboxing capabilities?
Identifying and containing malware threats
Why is it essential to secure laptops in the claims processing department?
To prevent malware infections from email attachments
What is a potential consequence of not implementing security measures in the claims processing department?
Malware infection from email attachments
Which type of cloud deployment model ensures compliance with healthcare standards for virtualization and cloud computing?
Hybrid IaaS solution in a single-tenancy cloud
What is the primary goal of using input validation to prevent API scraping?
To prevent high processor utilization
What is the primary purpose of using rate limiting and CSRF protection to safeguard APIs?
To prevent scraping activities and CSRF attacks
What is the primary purpose of using UEFI/BIOS in hardening host systems?
To add protection to the boot loader
What is the primary purpose of using TPM in hardening host systems?
To provide a trusted platform module
What is the primary goal of hiding data stored in databases?
To protect data from unauthorized access
What is the primary concern related to the log aggregator in the given solution?
Lack of encryption of data in transit
What should the organization do after successfully applying mitigations to reduce the likelihood of impact?
Assess the residual risk
What is the primary benefit of leveraging cryptographic solutions to protect data that is in use?
Ensuring data is encrypted at all times
What is the purpose of the SSL VPN with MFA in the given solution?
To provide secure remote access to the log aggregator
What is the primary benefit of using full disk encryption on the log aggregator?
Protecting against unauthorized access to data at rest
What is the purpose of compressing and encrypting data prior to archiving in the cloud?
To protect against data remnants in the cloud
What was the primary cause of performance issues in the e-commerce company's web server during the last two holiday seasons?
Too many connections
What is the most cost-effective solution to avoid performance issues in the e-commerce company's web server?
Move the server to a cloud provider
What is the most important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?
Assuring the integrity of messages
What was the impact of the ransomware attack on the financial institution's human resources fileshare?
The fileshare was encrypted, and restoration will take four hours
How often did the financial institution back up their human resources fileshare?
Every 48 hours
What was the response time of the security operations personnel to the ransomware attack?
They were unaware of the activity until it was too late to stop it
What is the primary reason for not allowing web servers to initiate communication with the Internet?
To prevent external attacks from initiating communication with the web servers
Which of the following is a requirement for employees' computing devices in the proposed corporate firewall architecture?
They can only connect to web services over ports 80 and 443
What is the primary goal of implementing a stateful firewall in the proposed corporate firewall architecture?
To track and analyze the state of network connections
What is the primary benefit of implementing Layer 7 filtering and routing in the proposed corporate firewall architecture?
It allows for more granular control over network traffic
What is the primary goal of the security architect in the proposed corporate firewall architecture?
To ensure all web servers receive updates via HTTP/S from the corporate network
What is the primary benefit of ensuring the integrity of each module of a program?
It prevents malicious users from altering the code
A security engineer identifies security concerns in a solution involving log transmission and storage. Which security issue should be the engineer's greatest concern?
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
