Podcast
Questions and Answers
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?
Which of the following should a security administrator adhere to when setting up a new set of firewall rules?
Which of the following should a security administrator adhere to when setting up a new set of firewall rules?
A company is compensating researchers based on vulnerabilities discovered in its internet-facing application. What type of program is this?
A company is compensating researchers based on vulnerabilities discovered in its internet-facing application. What type of program is this?
Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?
Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?
Signup and view all the answers
Which of the following enables the use of an input field to run commands that can view or manipulate data?
Which of the following enables the use of an input field to run commands that can view or manipulate data?
Signup and view all the answers
Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. What type of data are these employees most likely to use in day-to-day work activities?
Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. What type of data are these employees most likely to use in day-to-day work activities?
Signup and view all the answers
Which of the following is the best reason to complete an audit in a banking environment?
Which of the following is the best reason to complete an audit in a banking environment?
Signup and view all the answers
A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?
A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?
Signup and view all the answers
Which of the following is the most likely to be included as an element of communication in a security awareness program?
Which of the following is the most likely to be included as an element of communication in a security awareness program?
Signup and view all the answers
Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?
Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?
Signup and view all the answers
After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?
After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?
Signup and view all the answers
A security administrator needs a method to secure data in an environment that includes some form of checks to track any changes. Which of the following should the administrator set up to achieve this goal?
A security administrator needs a method to secure data in an environment that includes some form of checks to track any changes. Which of the following should the administrator set up to achieve this goal?
Signup and view all the answers
An administrator is reviewing a single server's security logs and discovers the following: '$Failed password audit$'. Which of the following best describes the action captured in this log entry?
An administrator is reviewing a single server's security logs and discovers the following: '$Failed password audit$'. Which of the following best describes the action captured in this log entry?
Signup and view all the answers
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
Signup and view all the answers
A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?
A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?
Signup and view all the answers
A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Choose two.)
A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Choose two.)
Signup and view all the answers
Which of the following describes the reason root cause analysis should be conducted as part of incident response?
Which of the following describes the reason root cause analysis should be conducted as part of incident response?
Signup and view all the answers
Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?
Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?
Signup and view all the answers
A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?
A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?
Signup and view all the answers
A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?
A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?
Signup and view all the answers
Which of the following is a hardware-specific vulnerability?
Which of the following is a hardware-specific vulnerability?
Signup and view all the answers
While troubleshooting a firewall configuration, a technician determines that a 'deny any' policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?
While troubleshooting a firewall configuration, a technician determines that a 'deny any' policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?
Signup and view all the answers
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?
Signup and view all the answers
A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?
A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?
Signup and view all the answers
A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?
A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?
Signup and view all the answers
A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?
A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?
Signup and view all the answers
Which of the following is required for an organization to properly manage its restore process in the event of system failure?
Which of the following is required for an organization to properly manage its restore process in the event of system failure?
Signup and view all the answers
A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?
A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?
Signup and view all the answers
Which of the following vulnerabilities is associated with installing software outside of a manufacturer's approved software repository?
Which of the following vulnerabilities is associated with installing software outside of a manufacturer's approved software repository?
Signup and view all the answers
Which of the following would be the best way to block unknown programs from executing?
Which of the following would be the best way to block unknown programs from executing?
Signup and view all the answers
A security analyst is reviewing the following logs. Which of the following attacks is most likely occurring?
A security analyst is reviewing the following logs. Which of the following attacks is most likely occurring?
Signup and view all the answers
A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity?
A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity?
Signup and view all the answers
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
Signup and view all the answers
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?
Signup and view all the answers
An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?
An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?
Signup and view all the answers
Which of the following can be used to identify potential attacker activities without affecting production servers?
Which of the following can be used to identify potential attacker activities without affecting production servers?
Signup and view all the answers
A company's web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?
A company's web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?
Signup and view all the answers
During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?
During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?
Signup and view all the answers
During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?
During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?
Signup and view all the answers
A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?
A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?
Signup and view all the answers
A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?
A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?
Signup and view all the answers
A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks. SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?
A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks. SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?
Signup and view all the answers
A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?
A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?
Signup and view all the answers
A security administrator would like to protect data on employees' laptops. Which of the following encryption techniques should the security administrator use?
A security administrator would like to protect data on employees' laptops. Which of the following encryption techniques should the security administrator use?
Signup and view all the answers
Which of the following security control types does an acceptable use policy best represent?
Which of the following security control types does an acceptable use policy best represent?
Signup and view all the answers
A security practitioner completes a vulnerability assessment and the operations team remediates the vulnerabilities. What should be done next?
A security practitioner completes a vulnerability assessment and the operations team remediates the vulnerabilities. What should be done next?
Signup and view all the answers
What activity best describes a user logging in remotely after hours and copying large amounts of data to a personal device?
What activity best describes a user logging in remotely after hours and copying large amounts of data to a personal device?
Signup and view all the answers
Which of the following allows for the attribution of messages to individuals?
Which of the following allows for the attribution of messages to individuals?
Signup and view all the answers
What is the best way to consistently determine on a daily basis if security settings on servers have been modified?
What is the best way to consistently determine on a daily basis if security settings on servers have been modified?
Signup and view all the answers
What security technique is adopted by including regular expressions in source code to remove special characters from variables set by forms in a web application?
What security technique is adopted by including regular expressions in source code to remove special characters from variables set by forms in a web application?
Signup and view all the answers
What should a security analyst do to reduce the impact when a user clicks on a link in a phishing message?
What should a security analyst do to reduce the impact when a user clicks on a link in a phishing message?
Signup and view all the answers
What has been implemented when a host-based firewall on a legacy Linux system allows connections from specific internal IP addresses?
What has been implemented when a host-based firewall on a legacy Linux system allows connections from specific internal IP addresses?
Signup and view all the answers
Which automation technique should a systems administrator use to streamline account creation for new manual accounts?
Which automation technique should a systems administrator use to streamline account creation for new manual accounts?
Signup and view all the answers
What type of control is set up when a company assigns an analyst to review logs on a weekly basis in a SIEM system?
What type of control is set up when a company assigns an analyst to review logs on a weekly basis in a SIEM system?
Signup and view all the answers
What is a low-cost cloud-based application-hosting solution suitable for a systems administrator?
What is a low-cost cloud-based application-hosting solution suitable for a systems administrator?
Signup and view all the answers
What action describes the act of ignoring detected malicious activity on a server in the future?
What action describes the act of ignoring detected malicious activity on a server in the future?
Signup and view all the answers
What is the best explanation for a security analyst discovering that an attacker is attempting to brute force a user's account?
What is the best explanation for a security analyst discovering that an attacker is attempting to brute force a user's account?
Signup and view all the answers
What should a company consider to prevent damage to the server room and downtime due to weather events?
What should a company consider to prevent damage to the server room and downtime due to weather events?
Signup and view all the answers
What is a primary security concern for a company implementing a BYOD program?
What is a primary security concern for a company implementing a BYOD program?
Signup and view all the answers
Which of the following would be best suited for constantly changing environments?
Which of the following would be best suited for constantly changing environments?
Signup and view all the answers
Which of the following incident response activities ensures evidence is properly handled?
Which of the following incident response activities ensures evidence is properly handled?
Signup and view all the answers
An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions to use a new account. Which of the following would most likely prevent this activity in the future?
An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions to use a new account. Which of the following would most likely prevent this activity in the future?
Signup and view all the answers
A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?
A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?
Signup and view all the answers
Which of the following data roles describes the customer in a scenario where a company's marketing department collects, modifies, and stores sensitive customer data?
Which of the following data roles describes the customer in a scenario where a company's marketing department collects, modifies, and stores sensitive customer data?
Signup and view all the answers
Which of the following describes the maximum allowance of accepted risk?
Which of the following describes the maximum allowance of accepted risk?
Signup and view all the answers
A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?
A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?
Signup and view all the answers
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
Signup and view all the answers
A systems administrator is working on a solution with the following requirements: Provide a secure zone, enforce a company-wide access control policy, and reduce the scope of threats. Which of the following is the systems administrator setting up?
A systems administrator is working on a solution with the following requirements: Provide a secure zone, enforce a company-wide access control policy, and reduce the scope of threats. Which of the following is the systems administrator setting up?
Signup and view all the answers
Which of the following involves an attempt to take advantage of database misconfigurations?
Which of the following involves an attempt to take advantage of database misconfigurations?
Signup and view all the answers
Which of the following is used to validate a certificate when it is presented to a user?
Which of the following is used to validate a certificate when it is presented to a user?
Signup and view all the answers
One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?
One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?
Signup and view all the answers
Which of the following is used to quantitatively measure the criticality of a vulnerability?
Which of the following is used to quantitatively measure the criticality of a vulnerability?
Signup and view all the answers
Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?
Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?
Signup and view all the answers
An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?
An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?
Signup and view all the answers
After reviewing the following vulnerability scanning report, a security analyst performs the following test. Which of the following would the security analyst conclude for this reported vulnerability?
After reviewing the following vulnerability scanning report, a security analyst performs the following test. Which of the following would the security analyst conclude for this reported vulnerability?
Signup and view all the answers
An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?
An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?
Signup and view all the answers
A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?
A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?
Signup and view all the answers
Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?
Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?
Signup and view all the answers
After a security awareness training session, a user reported a suspicious call requesting credit card information claiming to be the Chief Financial Officer. Which topic did the user recognize from the training?
After a security awareness training session, a user reported a suspicious call requesting credit card information claiming to be the Chief Financial Officer. Which topic did the user recognize from the training?
Signup and view all the answers
An administrator assists in archiving information about customer transactions for the proper time period. Which data policy is the administrator carrying out?
An administrator assists in archiving information about customer transactions for the proper time period. Which data policy is the administrator carrying out?
Signup and view all the answers
A company is working with a vendor to perform a penetration test. Which includes an estimate about the number of hours required to complete the engagement?
A company is working with a vendor to perform a penetration test. Which includes an estimate about the number of hours required to complete the engagement?
Signup and view all the answers
A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which threat actor does this report describe?
A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which threat actor does this report describe?
Signup and view all the answers
Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?
Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?
Signup and view all the answers
Which of the following can best protect against an employee inadvertently installing malware on a company system?
Which of the following can best protect against an employee inadvertently installing malware on a company system?
Signup and view all the answers
A company is adding a clause to its Acceptable Use Policy (AUP) stating employees are not allowed to modify the operating system on mobile devices. Which vulnerability is the organization addressing?
A company is adding a clause to its Acceptable Use Policy (AUP) stating employees are not allowed to modify the operating system on mobile devices. Which vulnerability is the organization addressing?
Signup and view all the answers
An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. What should the administrator use to accomplish this goal?
An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. What should the administrator use to accomplish this goal?
Signup and view all the answers
Which of the following is the most common data loss path for an air-gapped network?
Which of the following is the most common data loss path for an air-gapped network?
Signup and view all the answers
Malware spread across a company's network after an employee visited a compromised industry blog. What type of attack is this?
Malware spread across a company's network after an employee visited a compromised industry blog. What type of attack is this?
Signup and view all the answers
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. Which solution will allow a reduction in traffic while providing secured access to the data center and monitoring of remote employee internet traffic?
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. Which solution will allow a reduction in traffic while providing secured access to the data center and monitoring of remote employee internet traffic?
Signup and view all the answers
Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
Signup and view all the answers
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
Signup and view all the answers
An employee clicked a link in an email that asked the employee to update contact information. The employee entered login information but received a “page not found” error message. What type of social engineering attack occurred?
An employee clicked a link in an email that asked the employee to update contact information. The employee entered login information but received a “page not found” error message. What type of social engineering attack occurred?
Signup and view all the answers
An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which firewall ACLs will accomplish this goal?
An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which firewall ACLs will accomplish this goal?
Signup and view all the answers
A data administrator is configuring authentication for a SaaS application to reduce the number of credentials employees need. The company prefers to use domain credentials to access new SaaS applications. Which method would allow this functionality?
A data administrator is configuring authentication for a SaaS application to reduce the number of credentials employees need. The company prefers to use domain credentials to access new SaaS applications. Which method would allow this functionality?
Signup and view all the answers
Which scenario describes a possible business email compromise attack?
Which scenario describes a possible business email compromise attack?
Signup and view all the answers
A company prevented direct access from the database administrators’ workstations to the network segment containing database servers. What should a database administrator use to access the database servers?
A company prevented direct access from the database administrators’ workstations to the network segment containing database servers. What should a database administrator use to access the database servers?
Signup and view all the answers
An organization’s internet-facing website was compromised due to a buffer overflow. What should the organization deploy to protect against similar attacks?
An organization’s internet-facing website was compromised due to a buffer overflow. What should the organization deploy to protect against similar attacks?
Signup and view all the answers
An administrator notices several users logging in from suspicious IP addresses and resets affected users’ passwords after confirming the unauthorized logins. What should the administrator implement to prevent this type of attack?
An administrator notices several users logging in from suspicious IP addresses and resets affected users’ passwords after confirming the unauthorized logins. What should the administrator implement to prevent this type of attack?
Signup and view all the answers
An employee receives a text message pretending to be from the payroll department, asking for credential verification. Which social engineering techniques are being attempted?
An employee receives a text message pretending to be from the payroll department, asking for credential verification. Which social engineering techniques are being attempted?
Signup and view all the answers
Several employees received a fraudulent text message from someone claiming to be the CEO, requesting gift cards for employee recognition awards. What are the best responses to this situation?
Several employees received a fraudulent text message from someone claiming to be the CEO, requesting gift cards for employee recognition awards. What are the best responses to this situation?
Signup and view all the answers
A company is required to use certified hardware when building networks. What best addresses the risks associated with procuring counterfeit hardware?
A company is required to use certified hardware when building networks. What best addresses the risks associated with procuring counterfeit hardware?
Signup and view all the answers
Which of the following provides the details about the terms of a test with a third-party penetration tester?
Which of the following provides the details about the terms of a test with a third-party penetration tester?
Signup and view all the answers
Study Notes
Threat Actors and Attack Methods
- Organized crime is the most likely threat actor to be hired by a foreign government to attack critical systems located in other countries.
- Phishing is a type of social engineering attack where an attacker sends an email that appears to be from a legitimate source, asking the user to enter login credentials.
- Brand impersonation is a type of social engineering attack where an attacker impersonates a legitimate company or brand to trick users into revealing sensitive information.
- Typosquatting is a type of social engineering attack where an attacker registers a domain name that is similar to a legitimate domain name, with the goal of tricking users into revealing sensitive information.
Authentication and Access Control
- Salting is used to add extra complexity before using a one-way data transformation algorithm.
- Single sign-on (SSO) allows users to access multiple applications with a single set of login credentials.
- Multifactor authentication (MFA) is a security process that requires a user to provide multiple forms of identification to access a system or resource.
Network Security
- A jump server is a secure server that provides access to a network segment that contains sensitive resources.
- A web application firewall (WAF) is a security system that protects web applications from attacks.
- A next-generation firewall (NGFW) is a security system that provides advanced threat protection and visibility into network traffic.
Incident Response and Management
- A disaster recovery plan (DRP) is a set of procedures to follow in the event of a disaster or system failure.
- A rules of engagement (ROE) document outlines the terms and conditions of a penetration test or security assessment.
Risk Management and Security Controls
- Certifying hardware and software can help prevent the use of counterfeit or compromised products.
- Implementing a zero-trust model involves verifying the identity and permissions of all users and devices before granting access to resources.
- A bastion host is a secure server that provides access to internal resources while minimizing the traffic allowed through the security boundary.
Penetration Testing and Vulnerability Management
- A penetration test is a simulated cyber attack against a computer system, network, or web application to assess its security.
- A rules of engagement (ROE) document outlines the terms and conditions of a penetration test or security assessment.
- Side-loading is a type of vulnerability that occurs when software is installed outside of a manufacturer's approved software repository.
Security Operations and Monitoring
-
A security information and event management (SIEM) system is a security system that collects and analyzes log data from various sources to detect and respond to security threats.
-
A web filter is a security system that scans URLs and blocks access to non-encrypted websites.
-
A firewall rule can be used to block traffic from a specific IP address or range of IP addresses.### Cyber Security Concepts
-
A security analyst should perform threat hunting to identify new tactics malicious actors are using to compromise networks when SIEM alerts have not yet been configured.
-
Cyber insurance is a strategy that addresses items listed on the risk register, which represents a transfer strategy.
-
Full disk encryption is the technique that should be used to protect data on employees' laptops.
-
An acceptable use policy is a type of preventive security control.
-
Least privilege is the security technique that restricts access to the administrator console of help desk software to only the IT manager and the help desk lead.
-
A risk register is used to document risks, responsible parties, and thresholds.
-
When setting up a new set of firewall rules, a security administrator should adhere to change management procedure.
-
A bug bounty program is a type of program that allows individuals to security test a company's internet-facing application and compensates researchers based on the vulnerabilities discovered.
-
Nation-state actors are the most likely to use large financial resources to attack critical systems located in other countries.
-
SQL injection is a type of attack that enables the use of an input field to run commands that can view or manipulate data.
-
Intellectual property is the type of data that employees in the research and development business unit are most likely to use in day-to-day work activities.
-
Labeling laptops with asset inventory stickers and associating them with employee IDs provides security benefits, including:
- Notifying the correct employee if a security incident occurs on the device
- Mapping users to their devices when configuring software MFA tokens
-
Modify the content of recurring training is the best option to improve situational and environmental awareness of existing users as they transition from remote to in-office work.
-
A dashboard is the best way to present data to the board of directors when creating a quarterly report detailing the number of incidents that impacted the organization.
-
Rootkit is the most likely occurrence if a file integrity monitoring tool alerts that the hash of the cmd.exe file has changed, and the OS logs show no patches were applied in the last two months.
-
In an IaaS model for a cloud environment, the client is responsible for securing the company's database, according to the shared responsibility model.
-
A SOW (Statement of Work) is the document that a security company should provide to a client, outlining the project, cost, and completion time frame.
-
Input validation is the application security technique that should be implemented to prevent cross-site scripting vulnerabilities.
-
Ease of recovery and ability to patch must be considered when designing a high-availability network.
-
When applying a high-priority patch to a production system, the first step is to create a change control request.
-
Root cause analysis should be conducted as part of incident response to prevent future incidents of the same nature.
-
If a large bank fails an internal PCI DSS compliance assessment, the most likely outcome is fines.
-
Capacity planning is the step in developing a business continuity strategy that determines how many staff members would be required to sustain the business in the case of a disruption.
-
Geolocation policy is the most effective way to limit access to sensitive documents in a SaaS application to individuals in high-risk countries.
-
Firmware version is a hardware-specific vulnerability.
-
A deny any policy should be added to the bottom of the ACL when troubleshooting a firewall configuration to deny any unmatched traffic.### Security Best Practices
-
To prevent issues, it's essential to test policies in a non-production environment before enabling them in the production network.
-
Documenting new policies in a change request and submitting it to change management can also help prevent issues.
Data Centers and Backup
- A cold site is the best option for a new backup data center with a cost-benefit focus and an RTO and RPO of around two days.
- A cold site is a backup data center that has the necessary infrastructure to support IT systems, but does not have the actual systems or equipment installed.
Data Classification and Security
- Sensitive data classification should be used to secure patient data in a hospital setting.
- Sanitization is the process of securely wiping hard drives before sending decommissioned systems to recycling.
Cloud Security and Compliance
- When expanding data centers to new international locations, a cloud-hosting provider should consider local data protection regulations first.
- An application allow list is the best way to block unknown programs from executing.
Penetration Testing and Social Engineering
- A red team conducts offensive security assessments, including penetration testing and social engineering.
- Code signing is the most appropriate option to ensure the authenticity of company-developed software.
Incident Response and Analysis
- A honeypot can be used to identify potential attacker activities without affecting production servers.
- Analysis is the incident response activity that involves understanding the source of an incident.
- After remediating vulnerabilities, the next step should be to rescan the network.
Insider Threats and Data Protection
- Insider threat describes a user's activity when they log in remotely after hours and copy large amounts of data to a personal device.
- Non-repudiation allows for the attribution of messages to individuals.
- DLP (Data Loss Prevention) solutions can assist with detecting an employee who has accidentally emailed a file containing customer's PII.
Automation and Security
- Automation is the best way to consistently determine on a daily basis whether security settings on servers have been modified.
- Regular expressions can be used to remove special characters from variables set by forms in a web application, which is an input validation technique.
Network Security and Segmentation
- A host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses, which is an example of a compensating control.
- Network segmentation is a technique used to divide a network into smaller, isolated zones to reduce the attack surface.
Security Information and Event Management (SIEM)
- A SIEM system is used to detect and respond to security incidents, and it is an example of a detective control.
- Automation techniques, such as user provisioning scripts, can streamline account creation and reduce the risk of incorrect access or permissions.
Cloud Computing and Application Hosting
- A serverless framework is a low-cost, cloud-based application-hosting solution.
- Serverless computing is a cloud computing model in which the cloud provider manages the infrastructure and dynamically allocates computing resources.
Security Operations and Threat Analysis
- Tuning is the process of ignoring detected activity in the future, which is a common activity in security operations.
- A security analyst may review domain activity logs to detect and respond to security threats.
Business Continuity and Disaster Recovery
- Geographic dispersion is a strategy used to reduce the risk of weather events causing damage to the server room and downtime.
- Off-site backups are a common strategy used to ensure business continuity in the event of a disaster.
BYOD and Mobile Security
- Jailbreaking is a primary security concern for a company setting up a BYOD program, as it can increase the risk of security breaches.
- BYOD (Bring Your Own Device) is a policy that allows employees to use their personal devices for work purposes.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Practice questions for the CompTIA Security+ SY0-701 exam, covering various topics in computer security. Test your knowledge and prepare for the certification exam.