Help
Options
Question
What is the main danger that comes from Shadow IT?
click to flip
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't know
Question
Which of the following mitigation techniques can help limit the damage caused by malicious or compromised users by setting a level of access to users that corresponds to their assigned tasks?
Remaining cards (89)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
set1test2
| Question | Answer |
|---|---|
| What is the main danger that comes from Shadow IT? | Larger attack vector |
| Which of the following mitigation techniques can help limit the damage caused by malicious or compromised users by setting a level of access to users that corresponds to their assigned tasks? | Least priviledge |
| What type of encryption affects a defined, formatted block of storage, which could span across multiple partitions? | Volume encryption |
| Which attribute of a threat actor refers to their ability to develop unique exploit techniques and tools? | Capability |
| Which of the following represents a valid format for a CVE identifier? | 2022-12345 |
| In a business process analysis (BPA), which factor encompasses the human resources and additional support needed to carry out a mission essential function? | staff |
| A company wants to implement a more flexible access control system that can adjust to changing user behavior. Which of the following technologies can help the company achieve this goal? | adaptive identity |
| Which of the following cryptographic algorithms is primarily used for digital signatures and key exchanges, rather than direct encryption of data? | ECC |
| What kind of data is usually shielded from the public view for the protect the security of the individuals concerned? | private |
| Which of the following BEST describes the data controller's role in relation to GDPR and data governance? | Identifies purposes and conditions of data processing and ensures compliance with legal standards |
| 11. She checks his online banking account and sees that there are several transactions that she did not authorize. What type of web-based vulnerability has she likely encountered? | Cross site scripting XSS |
| When a security specialist wishes to obtain a holistic view of the health and security status of foundational IT components, such as networks, cloud services, and servers, which type of monitoring should they prioritize? | Infrastructure monitoring |
| you are most concerned with protecting the privacy of patients, so you will need to prevent unauthorized people from seeing data. Which of the following mitigation techniques can help you achieve this goal? | Least Priviledge |
| Kelly Innovations LLC is using a certificate within their internal testing environment. Due to the lack of inherent trust from external systems, they avoid using this certificate publicly. Which type of certificate is Kelly Innovations LLC likely using? | Self-Signed Certificate |
| Given Dion Training's initiative to formulate a disaster recovery plan, which of the following solutions provides the BEST uninterrupted power source in the event of unforeseen power disruptions, particularly in situations prone to natural disasters? | Generators |
| to ensure the security of your network and data, you must adhere to best practices for provisioning and de-provisioning user accounts. Which of the following actions best demonstrates proper provisioning and de-provisioning practices for user accounts? | Provision User accounts with least priv, and promptly de provision upon term |
| Upon investigating, Jamario found that these computers had been replaced with a shell program, making it seem as if they couldn't access their files. Which type of malware is MOST likely responsible for the events at Dion Training Solutions? | Screen-locking Ransomeware |
| Bluebird Technologies has hired a penetration tester. In the test she will attempt to enter the building by using a fake ID and by piggybacking at the entrance. What type of penetration testing will she be doing? | Physical |
| Which of the following statements BEST explains the importance of employee retention in securing an organization? | Employee retntion helps to maintain institutional knowledge and expertise in manging security autommation |
| 20. Which of the following terms refers to examinations conducted by an outside organization to assess an entity's compliance with specific legal standards? | External regulatory audits |
| John is reviewing an assessment where it has been determined that a successful cyber attack could result in significant operational downtime and data recovery costs Which term BEST quantifies the severity of this potential event? | Impact |
| Which of the following statements BEST explains the importance of the Bug Bounty program in the context of vulnerability management? | encourages ethical hackers to id an report sec vulnerabilities |
| Dion Training wants to secure only a specific section of their server's hard drive that contains sensitive client data. Which encryption method would be BEST suited for this requirement? | partition Encryption |
| Which of the following statements BEST explains the importance of package monitoring in the context of vulnerability management? | it helps identify and address vulerabilities in software packages |
| Which of the following types of threat actors is likely to be the least sophisticated? | unskilled actor |
| Among the following who is MOST likely to make unauthorized copies of sensitive data they were initially granted access to for a specific project? | Contractor |
| They want a solution that seamlessly integrates these aspects, especially for users or devices located outside their primary office. Which of the following technologies should they consider adopting? | SASE - secure access service Edge |
| If the access control system fails, which mode should be adopted to ensure that no unauthorized personnel can enter the facility, even if it means some inconvenience to authorized staff? | Fail- Closed |
| What is the primary purpose of internal compliance reporting? | To provide compliance updates to the organizations Management |
| 30. What is the purpose of the audit committee? | overseeing an organizations internalcontrols and financiall reporting |
| Which of the following technologies allows creating multiple isolated environments on a single physical device? | Virtualization |
| They want to determine the amount of the time they will need to repair the system after a disruption. This will help them to ensure timely recovery from the event. What measure do they want to determine? | MTTR |
| An organization is looking to protect sensitive financial data stored in spreadsheets. Which of the following methods would be the MOST effective in ensuring the data's confidentiality and integrity? | Data encryption and digital watermarking |
| Which of the following statements BEST explains the importance of automating user provisioning? | It ensures timely access to resources and enhances productivity |
| Which of the following methods converts original data into a coded format to prevent unauthorized access and requires a key to decode it? | encryption |
| Which of the following BEST explains the difference between False Positive and False Negative in the context of vulnerability management? | false positive - incorrectly indicates a potential threat false negative - security alert theat inadequestly dismisses a legitimate threat |
| Which of the following attackers operates MOST often under the direction of governments with the goal of furthering national interests, war, or geopolitical objectives? | state sponsered actor |
| To stay updated with changing threats and vulnerabilities, which of the following assessment methods BEST emphasizes periodic evaluations? | Recurring Risk assesment |
| The Trojan was installed on the device when the employee installed a piece of software from a website instead of the official app store. Which of the following describes the source of the problem? | Side loading |
| 40. Which of the following BEST explains the concept of Alerting in the context of security activities? | alerting provides real time notifications of security incidents and potential threats |
| Given that the unauthorized access was attempting to communicate via TCP to a sensitive internal server on port 443, and there were also abnormal DNS requests observed, which of the following would be MOST valuable to investigate the incident further | TLS handshake details and DNS query responses |
| Safeguard Systems is looking to secure voice communication between its branch offices. Which of the following protocols would provide encryption specifically for voice traffic over IP? | SRTP |
| Enrique at Kelly Innovations LLC is worried about ransomware attacks after a competitor recently fell victim. While devising a multi-layered defense strategy, which aspect related to backups would be VITAL for him to consider? | Encrypting backupss - this ensures even if an attacker gets his back ups the cannot decipher the contents |
| A water treatment facility relies on SCADA systems for automation. This environment can introduce which of the following security vulnerabilities? | Legacy protocols without encryption |
| Why are CVE identifiers important for cybersecurity professionals? | They offer a standardized way to share vulnerability data |
| Which of the following is a type of vulnerability involves accessing or modifying data or communications from other virtual machines by exploiting the fact that they share one CPU? | Resource Reuse |
| Terence, a facilities manager, is concerned about piggybacking. Which of the following physical control methods will BEST address this problem? | Access Control Vestibules |
| What term refers to the expected frequency of occurrence of a specific risk within a given time frame? | What term refers to the expected frequency of occurrence of a specific risk within a given time frame? |
| Which term relates to the complexity of a threat actor's methods and operations? | Sophistication |
| 50. Take the Cake, a bakery, recently bought software to improve security. The software randomly adds data to the input of a hash function before it hashes it. What is the software doing? | Take the Cake, a bakery, recently bought software to improve security. The software randomly adds data to the input of a hash function before it hashes it. What is the software doing? |
| Which category of data includes information such as trade secrets and patents? | Which category of data includes information such as trade secrets and patents? |
| They are considering the level of risk they are willing to accept to achieve the aggressive set of goals the CEO has created. What is the term for what they are considering? | Risk Apetite |
| Which of the following BEST describes the roles that Scherazade and Sahra? | Data controller and Processor |
| Which of the following terms refers to a document that defines tasks that different parties perform in a cloud service agreement? | Resposibility matrix |
| He suspects this is due to users relying on easily guessable patterns and words. What is the BEST approach for Reed to ensure that passwords are not easily decipherable? | Mandating increased complexity passwords |
| Dion Training Solutions is looking to implement a security measure where individual entries within their customer database are encrypted separately. Which of the following BEST describes this security approach? | Record - Level Encryption |
| Which of the following BEST describes the primary role of an audit committee in the context of cybersecurity? | Overseeing Cybersec risks and ensuring regulatory Compliance |
| Which activity is often considered as a financial safeguard against the potential aftermath of a security breach? | aquiring cyber liability insurance |
| Which of the following BEST describes the significance of key length in encryption standards? | It sets the minimum key length |
| 60. Which of the following procedures outlines the steps for controlling alterations to IT systems within an organization? | Change management procedure |
| What is the term for a type of open service port that is commonly used for remote access servers and can be used to perform man-in-the-middle attacks on a Windows computer, but not on computers using other operating systems? | rdp |
| As part of their expansion, Kelly Innovations LLC decided to break their monolithic application into microservices. While this provides scalability, which of the following security implications should the organization be MOST concerned with? | Granular access control requirements |
| Which of the following BEST describes the data owner's role in an organization's data governance framework? | Ensures data protections, levels of access permissions and security measure |
| What part of PKI allows the storing of encrypted keys with a third party so keys can be recovered if they are lost? | What part of PKI allows the storing of encrypted keys with a third party so keys can be recovered if they are lost? |
| You also find out that the hacker used a tool that she obtained on a website. The tool automated the exploitation process. What type of threat actor are you most likely dealing with? | unskilled hacker |
| After receiving your username and password, you are required to provide a fingerprint scan using a biometric reader. Which type of multi-factor authentication (MFA) factor does the biometric reader represent? | Something you are |
| A former technician of Dion Innovations who was recently laid off launches a series of distributed denial of service (DDoS) attacks against the company's main website. What is the likely motivation behind these attacks? | Revenge |
| A security engineer is testing the security of a web application and finds that it is vulnerable to a type of attack that involves manipulating the input parameters to access files or folders that are not intended to be accessible by the user. wat is this | Injection |
| What term refers to a formal examination of an organization's procedures, controls, and operations, ensuring they comply with established guidelines, standards, or regulations? | System / process audit |
| 70. Which of the following refers to the act where malware running on a guest OS manages to get to another guest or the host within a virtualized environment? | VM Escape |
| In what type of penetration testing are the testers given usernames, passwords, and other information that would normally be gathered in the first phase? | Known Environment |
| Which of the following BEST describes a system that allocates permissions and access based on pre-defined organizational guidelines, strategies, codes, roles, or requirements? | Policy - Driven Access Control |
| Which of the following data considerations pertains to data that is currently being processed by a computer? | Data in use |
| Which of the following authentication mechanisms is Dion Training Solutions MOST likely using to prevent credential replay attacks? | Kerberos uses a unique ticketing system |
| Which of the following is NOT true about the importance of Security Information and Event Management (SIEM)? | SIEM systems can aid in the precurment and asset mgmt of secure software systems |
| What part of a BPA for mission essential functions provides a detailed, step-by-step description of the procedural tasks performed? | Process Flow |
| To enhance security, the IT department wants to ensure that sensitive data, such as credit card numbers, remains protected even while being actively processed in the system's memory. Which technology would be MOST effective in safeguarding data-in-use? | Homomorphic Encryption |
| In the realm of digital forensics, which activity is a primary focus during the preservation phase? | Generating and documenting cryptographic hashes of digital evidence to verify its integrity |
| Jeanette just bought a new refrigerator. It has the ability to monitor foods that she is running low on and place them on her phone's grocery list app. What is the refrigerator an example of? | IoT |
| 80. At Kelly Innovations LLC, Susan is reviewing credential management practices for cloud services. Which approach is discouraged due to its inherent security risks? | Using the CSP root user for daily logon activity |
| As a cybersecurity analyst, you recommend implementing a federation solution for this purpose. Which of the following approaches would be the most effective way to implement federation in the given scenario? | Use SAML to facilitate the exchange of identity informationamong organizations. |
| Which of the following best explains the importance of Insurance in vulnerability management? | Insurance can provide financial support in mitigatinf the aftermath of a security breach |
| She was told that Erastein will be negotiating a treaty with Arus and the documents will help Erastein get land they have long wanted. Which of the following BEST describes Geneve's motivation for the data exfiltration? | Political |
| As a security analyst, you are investigating a suspicious file activity incident. While examining metadata associated with different files, which of the following pieces of information is NOT typically presented in metadata? | The file extension of the file |
| Which of the following terms BEST describes a situation in which a company avoids addressing known system inefficiencies or shortcuts due to time constraints, potentially leading to future rework and vulnerabilities? | technical Debt |
| an effort to protect against future financial consequences, the company decides to explore measures that could help mitigate these risks. Which action is Dion Training Solutions likely to take? | Purchase cyber liability insurance |
| She has decided to substitute the sensitive data with non-sensitive representations. The sensitive data and non-sensitive representation will be stored in a separate database. Which data security technique is likely bein used? | Tokenization is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token. The token and the data it substitutes are stored in a secure database. |
| Stanley, an IT Technician, is setting up a secure connection between his company’s web server and a client’s web browser using SSL/TLS. Which common method for authenticating systems is being used in this scenario? | Digital certificates |
| Dion Training has implemented fixes for buffer overflow vulnerabilities in their application. To validate the effectiveness of their remediation efforts, which approach should be considered? | Contracting a cybersec firm for a targeted vulnerability assesment |
| As a security analyst, you are analyzing network logs to assist in your investigation of a suspected cyberattack. Which of the following pieces of information is NOT typically documented in the network log data? | content of encryopted data packets |
Created by:
Studyingsux