Untitled Quiz

Questions and Answers

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

• Subject role
• Secured zones
• Adaptive identity (correct)
• Threat scope reduction

A company that is located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to immediately continue operations. Which of the following is the best type of site for this company?

• Warm
• Cold
• Tertiary
• Hot (correct)

The CIRT is reviewing an incident that involved a human resources recruiter exfiltration sensitive company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?

• UTM utilizing a threat feed
• WAF utilizing SSL decryption
• NGWF application inspection (correct)
• SD-WAN utilizing IPSec

Malware spread across a company’s network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

Watering-hole (D)

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Social engineering (A)

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

A thorough analysis of the supply chain (A)

Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

SIEM (Security Information and Event Management System) (B)

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53; Access list outbound deny 0.0.0.0/0 0.0.0.0/0 (C)

To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being filmed. Which of the following best describes these types of controls? (Select two).

Directive (B), Deterrent (D)

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity?

Red (C)

A security analyst reviews domain activity logs and notices the following: Which of the following is the best explanation for what the security analyst has discovered?

An attacker is attempting to brute force jsmith’s account. (A)

Flashcards

Zero Trust: Analyst Evaluation

Restricting access based on defined subjects and security zones.

Hot Site

Site equipped to quickly resume operations after a disaster.

NGWF application inspection

Security device that examines application traffic to identify and block malicious content.

Watering hole attack

Attack that compromises a commonly visited website to infect users.

Social engineering

Manipulating someone into divulging confidential information.

Supply chain analysis

Thoroughly analyzing the sourcing chain to avoid counterfeit components.

SIEM

A tool that centralizes security alerting and monitoring.

Limiting outbound DNS traffic

Firewall ACL permits DNS traffic only from a specific internal IP.

Preventive control

A control that prevents unwanted actions.

Deterrent control

A control that discourages people from doing bad things.

Red Team

Team involved in offensive security assessments and social engineering.

Brute-force Attack

Multi-factor Auth Failed

Local data protection regulations

Regulations about data privacy that impact cloud hosting providers.

Intellectual property

Type of sensitive employee data used daily in research.

Automation

Using automation for daily security setting checks.

Backout plan

Plan outlining a system's restoration to a working state.

Risk threshold

Maximum acceptable risk level.

SLA

Document defines service uptime guarantees.

Bug bounty

Program compensating researchers for discovered vulnerabilities.

Least privilege

Granting minimum permissions required for job duties.

Study Notes

• Zero Trust principles within the data plane are best evaluated using adaptive identity, a system that continually validates user access.
• When developing a disaster recovery plan in a hurricane-prone area, a hot site is the best option, as it allows for immediate continuation of operations.
• A NGWF (Next Generation Web Firewall) with application inspection would be able to identify and block a human resources recruiter exfiltrating sensitive company data over HTTP on port 53.
• Malware spreading after visiting a compromised industry blog is best described as a watering-hole attack.
• A user reporting a caller wanting credit card information to close an invoice, claiming to be the CFO, recognizes social engineering from security awareness training.
• To address risks from procuring counterfeit hardware, a thorough analysis of the supply chain is most effective.
• A SIEM (Security Information and Event Management System) collects logs from multiple sources into a centralized system for security alerting and monitoring.
• To limit outbound DNS traffic to one device (IP address 10.50.10.25), the firewall ACL should permit outbound traffic from 10.50.10.25/32 to any destination on port 53, and deny all other outbound traffic.
• Implementing a CCTV system with signs in a data center improves security through preventative and deterrent controls.
• An offensive security assessment, including penetration testing and social engineering, is performed by a Red Team.
• Repeated failed MFA attempts after successful password authentication suggests an attacker is attempting to brute force an account.
• When expanding data centers internationally, a cloud-hosting provider should first consider local data protection regulations.
• Research and development employees primarily work with intellectual property, requiring training to protect it.
• Automation is the best way to consistently determine whether server security settings have been modified daily.
• When deploying changes to a production system, a backout plan is essential to restore the system to a working state if performance issues occur.
• The maximum allowance of accepted risk is described by the risk threshold
• A client demanding 99.99% uptime should find this information in the Service Level Agreement (SLA) from the provider.
• Allowing security testing of internet-facing applications with compensation for discovered vulnerabilities describes a bug bounty program.
• Applying the principle of least privilege to a human resources fileshare is best for ensuring confidentiality.
• A penetration test where the organization provides basic information about the device is a partially known environment test.
• A false positive alert from endpoint protection software when an employee attempts to download a file is most likely due to a misconfiguration in the software.
• The most common path for data loss in an air-gapped network is through removable devices.
• Software developers should post hashes on the website to allow users to verify the integrity of downloaded files.
• A Service Level Agreement (SLA) defines the timeframe in which a vendor needs to respond.
• Changing the default password on a company VPN appliance would prevents the local admin account used for remote login instead of using least privilege.
• A foreign government would most likely hire organized crime to attack critical systems in other countries.
• A risk from opening ports on a firewall for a new system supported by a SaaS provider is default credentials.
• Setting up a SIEM system and assigning an analyst to review logs weekly sets up detective controls.
• Setting up a VPN and placing a jump server inside the firewall, is the best recommendation, when a security analyst discovers a host is running a remote desktop to access the production network
• AAA (Authentication, Authorization, Accounting) is the security concept implemented with a RADIUS server.
• Containers are best suited for constantly changing environments.
• A security implication of kiosks using end-of-life operating systems is patch availability.
• Setting up a SIEM system and assigning an analyst to review logs weekly implements detective controls.
• An attacker posing as the CEO asking for gift cards uses impersonating techniques
• Critical is the category of data most impacted when data is lost.
• Salting is used to add extra complexity before using a one-way data transformation algorithm.
• A company planning a disaster recovery site must consider geographic dispersion to avoid losing regulated backup data in a single natural disaster.
• Preparation is the phase in incident response when roles and responsibilities are reviewed.
• Updating processes for sending wire transfers is the most effective way to prevent accounting clerks from sending money to an attacker's bank account after receiving fraudulent instructions.
• A jump server helps prevent direct access to database servers from database administrators' workstations.
• Implementing an Intrusion Prevention System (IPS) is best for an enterprise experiencing attacks that exploit known vulnerabilities in older browser versions.
• Badge access and access control vestibules are two of the best ways to ensure only authorized personnel can access a secure facility.
• Zero Trust is being set up by a systems administrator to provide a secure zone to enforce company wide access control, and reduce the scope of threats.
• Testing a firewall change in a non-production environment before enabling it in the production network helps prevent causing company servers becoming unreachable.
• A jump server is the best solution to prevent unauthorized access to internal company resources.
• IPsec is what a security consultant should use for remote access.
• Apply classifications to the data before deploying a Data Loss Prevention solution to prevent exfiltration of sensitive customer data.
• Implementing least privilege is what the IT manager is setting up when the help desk lead and IT manager will have access to the admin console.
• Using a Nation-state threat actor is most likely to use large financial resources to attack critical systems located in other countries
• Maintaining a full inventory of hardware and software helps security analysts measure the overall risk.
• After remediating vulnerabilities a rescan of the network should be performed next.
• Segmentation would best mitigate quickly a legacy network access vulnerability.
• Steganography describes the concealing of code and text within a graphical picture.
• A domain user accessing and encrypting files on a database describes Insider threat.
• Deploying a SASE (Secure Access Service Edge) Solution to remote employees will reduce all VPN traffic while providing secured tunnel access to the data center.
• Shadow IT describes the IT scenario where the marketing department uses project management software which has not been approved by IT security.
• Load balancing should be set up to increase resilience by spitting the applications between 2 identical sites.
• Least privilege access controls is most likely inhibiting the transfer of a patch to a critical system when the patch fails to transfer.
• Threat hunting is what a security analyst will do, when a Cyber operations team informs them about a new attack but SIEM has not been configured.
• A rootkit was most likely deployed if cmd.exe file changes, but the OS logs reflect that no patches were applied.
• A severless framework is the best low-cost cloud based application hosting solution.
• Subject is a data role to describe the customer for a business that has a marketing department.
• A Role based access control access control model is likely what is causing an engineer who moved to another team is being unable to access the shared folders, due to their account not being moved to the new security group.
• Security architecture should be taken into consideration first.
• A statement of work (SOW) is best for estimating the number of hours to compete the engagement with a vendor working to perform a pen test.
• Reflected denial of service is what is occurring if a users report being unable to reach external websites and there is minimal CPU usage, but the network is flooded with inbound traffic.
• Behavioral-Based is what an engine should most likely configure to minimize the impact of the increasing traffic during attacks
• Availability security concepts are most likely being followed during the implentation of protection against DDoS attacks.
• A Risk Register is documents and is most likely used to document risks, responsible parties, and threshold.
• Secure zones would be most relevant for evaluating Zero trust.
• Updating EDR policies to block automatic execution for downloaded programs would most likely occur during a phishing attack.
• DLP Data loss prevention tools can assist with detecting accidental PII being emailed to customers.
• server hardening should include Disabling default accounts and removing unnecessary services.
• A red penetration testing team is focused only on trying to compromise an organization using an attackers tactics.
• The administrator should set up File integrity monitoring as a method to secure data.
• Mitigate is what a legacy system will do first.
• Organized cybercrime is what CISO (Chief Infromation SEcurity Officer) should raise awareness to in reports.
• Containerization a strategy that will reduce the individual operating systems.
• Install WAF to best protect attacks.
• UPS would mitigate the impact on the environment.
• buffer overflow which is exploited when an attacker overwrites.
• Update the catergorization to allow user access.
• Access badges are best way to secure data from intrusion.
• Firmware should be used to maintain security.
• Conduct a table top exercise.
• Mean Time to RTO(recovery time objective) would solve the repair.
• App allowlist.
• Identity proofing.
• Federation and password complexity are a access management concept that is used for company accounts.
• SSO ( sSingle Sign On) is a Saas app.
• A Primary Secuirty is to setup a BYOD program.
• Jailbreaking is when a vulnerability is accosiated is software outside of manugacutrers.
• Access inbound deny would allow this request.
• Smishing and Phishing are social engineering techniques.
• Notfy security , can be used for awareness.
• Infrastructure is the best deployment.
• Tabletop.
• Web based administration.
• A gift of card is a compromise.
• Log endpoint and logs.
• Private and private need to be classified.
• Campensating control actions.