Help
Options
Question
In the onboarding process of a new employee, which of the following tasks does NOT accurately represent the responsibilities of the IT and HR functions in ensuring secure access for the individual?
click to flip
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't know
Question
customers of E-ShopHub reported being redirected to a different website with different products. the IT team discovered that the DNS entries were not modified, but the domain registration details were changed, pointing to another hosting service.
Remaining cards (89)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Set1 Test4
| Question | Answer |
|---|---|
| In the onboarding process of a new employee, which of the following tasks does NOT accurately represent the responsibilities of the IT and HR functions in ensuring secure access for the individual? | automatically assigning all possible privileges to the user for a trial period |
| customers of E-ShopHub reported being redirected to a different website with different products. the IT team discovered that the DNS entries were not modified, but the domain registration details were changed, pointing to another hosting service. | Domain Hijacking |
| Sasha received an unexpected call from someone claiming to be from the IT department. The caller asked her to confirm her username and password for a system upgrade. Which of the following terms BEST describes the scenario Sasha encountered? | Social Engineering |
| Which of the following types of penetration tests provides the tester with comprehensive knowledge of the target environment, including the system's architecture, design, and source code, to identify hidden vulnerabilities? | White Box |
| Kelly Innovations LLC frequently develops and tests new software builds. sometimes they need to revert to a previous build several times a day due to unexpected issues. Which backup frequency would be the MOST appropriate for their use case? | Continuous Backups |
| Which of the following is a physical security measure typically employed outside buildings or sensitive areas to prevent vehicles from causing damage or gaining unauthorized access? | Bollards |
| Which of the following is MOST crucial when determining the ongoing supportability of a newly introduced security automation tool in the organization's environment? | Availability of skilled personel |
| A cloud service provider recently underwent an audit to confirm their compliance with international data security standards. The final report provided by the auditors served as an attestation of the provider's security measures. | It assures that the providers security controls comply with the established standards |
| An IT technician is implementing a method to encrypt the operating system, program files, user files, and other data on a drive. Which of the following encryption methods is being used? | Full disk Encryption |
| At VegiCorps, the SOC team makes security policy decisions and directs other areas of the company to implement them so there is consistency across the company. What type of security governance model is being used? | Centralized governance |
| Which of the following statements is NOT TRUE concerning the significance of Data Loss Prevention (DLP)? | DLP systems are essential to the development of business systems that prevent malicious actors from accessing systems |
| David, a project manager at Dion Training, ensures that details of his upcoming product release are shared only on a need-to-know basis, even within the company. He's wary of information leaks that could benefit competitors | Operational Security |
| The company's IT policy allows only senior developers and administrators to make changes in production to minimize risks. Which of the following BEST describes the security principle the company is adhering to? | Principal of least priviledge |
| Which of the following statements about the role of Application Programming Interfaces (APIs) is NOT true? | APIS are used to enhance user interfaces |
| When Dion Training is considering the deployment of a microservices architecture, which of the following factors is crucial to ensuring that the system can handle growth and increased demand efficiently? | Scalability |
| Which term describes the average duration needed to repair a system or component after a failure has occurred? | MTTR |
| . Which of these observations should Maria be MOST concerned with? | The sudden 2 hour gap in the logs |
| The organization wants to modify the firewall rules to enhance security and reduce potential attack surfaces. Which firewall rule modification would be the MOST appropriate for the organization to enhance security? | restricting incoming traffic to specific necessary ports and sources |
| Which mitigation technique focuses on deleting software components that are not essential so the attack surface or potential vulnerabilities of a system are reduced? | Removal of unnecessary software |
| Which legislation mandates the implementation of risk assessments, internal controls, and audit procedures for ensuring transparency and accountability in financial reporting in the US? | SOX |
| Which term BEST describes a systematic method used to detect weaknesses or potentially publicly identified compromises in a system or network, often utilizing automated tools to evaluate the security posture of the infrastructure? | Vulnerability Scanning |
| Which of the following statements BEST explains the importance of DLP in the context of vulnerability management? Which of the following statements BEST explains the importance of DLP in the context of vulnerability management? | DLPis a set of techniques and tools for preventing unauthorized transmission of data |
| Dion Training has encountered frequent advanced and sophisticated threats. They need an integrated firewall solution that surpasses traditional firewall capabilities. Which of the following would be BEST address the issue? | NGFW |
| Which of the following BEST enhances the security by exponentially increasing possible combinations? | Longer Key Length |
| Which monitoring technology would be the MOST suitable to gain a comprehensive overview of the health and security status of foundational IT components, including network traffic and interactions between servers? | Network Intrusion Detection (NIDS) |
| Cerys is investigating an incident. She found a hidden program that monitors the network traffic and captures sensitive information. Which of the following types of malware is MOST likely involved in this incident? | Spyware |
| Some behaviors have raised concerns about a possible insider threat. Which of the following is a sign of potential insider threat? | Frequent unauthorized access |
| You connect to a public Wi-Fi hotspot at a nearby coffee shop and use a VPN client to establish a secure connection. However, you notice that the VPN client is outdated. What type of vulnerability are you exposing yourself to? | vulnerable software |
| You decide to examine the Intrusion Prevention System/Intrusion Detection System (IPS/IDS) logs. Which of the following pieces of information would be MOST valuable in these logs to investigate the incident? | details of detected suspicious activities for the last two weeks |
| Which of the following activities BEST explains the eradication phase in the incident response process? | taking steps to prevent any recurrance of the problem |
| Which threat vector utilizes malicious attachments or hyperlinks within communications, requiring the attacker to convince the recipient to engage with the content for successful exploitation? | |
| In a scenario where the company wants to provide network administrators with a read-only copy of network traffic for analysis without disturbing the actual data flow, which device attribute would be MOST applicable? | Tap/monitor |
| Reed is getting a new computer from his employer, Kelly Innovations LLC. He wants to remove all his personal data from his old computer ensuring it's irretrievable. Which of the following methods should he use? | Secure Erase |
| She also observes that the responses from these requests are much larger than the requests themselves. Which of the following network attacks is MOST likely occurring on the DNS server? | Amplified |
| According to the most recent NIST guidelines on password policies, which of the following is NOT a recommended practice? | Enforcing specific password complexity rules |
| Which of the following BEST describes the term web reputation score? | Assessment of a websites trustworthiness |
| Which of the following refers to standardized guidelines that provide best practices for securing various technologies and platforms? | benchmarks by the center for internet security. |
| You see a file named “resume.docx” and double-click on it. The file then launches a hidden program that installs a keylogger on your computer. What kind of threat vector was used in this attack? | Removable Device |
| Which of the following BEST describes the proactive approach to ensure that an organization's IT infrastructure can meet future workload demands by analyzing current capabilities? | Capacity Planning |
| aware of the inherent vulnerabilities tied to SSL 3.0, he recognized the risk of attackers forcing weaker encryption standards.Which potential risk is associated with Jamario's observation at Dion Training? | cryptographic downgrade attack |
| Sasha at Kelly Innovations LLC is responsible for maintaining the financial records of several clients. Given the sensitivity and importance of this data, as well as compliance regulations, which backup strategy shouldshe use | continuous backups |
| Kelly, a disgruntled employee of Dion Innovations, threatens to release sensitive customer data unless the company agrees to pay her a hefty sum. What is Kelly's primary motivation for this act? | blackmail |
| In a large financial institution, like Kelly Financial Solutions, which of the following BEST describes an example of a task that an IT technician might be prohibited from doing without special authorization due to security concerns? | downloading and installing third party software from the internet |
| detecting and analyzing malicious activity on their network in real-time. They need a solution that can monitor traffic, identify suspicious patterns, and send alerts for immediate action. | network sensors |
| Which of the following BEST characterizes the method of bundling an application and its environment for consistent behavior across platforms? | containerization |
| Which of the following terms refers to a method that involves packaging an application and its dependencies into a lightweight and portable unit? | containerization |
| The company does business in Canada and is planning on conducting a survey of Canadian consumers. As she investigates plans for the survey, she discovers there are restrictions on how the data the survey collects is stored and used. | Data sovereignty |
| entify potential security threats that the company might face. Together, they outline policies on password management, insider threats, and the dangers of phishing. What phase of security awareness practices is David primarily involved in? | development |
| Which of the following statements is NOT true regarding the security implications in the procurement process? | there is no ongoing need to periodically revaluate their suitability |
| Dion Training is implementing a solution to secure communication between their internal servers and external clients. They require an encryption protocol that provides secure communication over the internet. | TLS |
| Which of the following methodologies divides the creation and maintenance of software into discrete phases, emphasizing the integration of security throughout its stages? | Software Development Life Cycle methodically divides the software creation and maintenance process into specific phases. |
| he pulls out the network diagram but realizes it hasn't been updated since two major software migrations and the introduction of new network equipment. Why is it crucial for Jessica to have an up-to-date network diagram? | to accurately asses and optimize the current network infrastructure |
| Schyler is a network administrator. She is setting up a new Wi-Fi network for a branch of a multinational corporation. She is currently in the establish phase of creating secure baselines. What will she do FIRST in this phase? | design a set of security configurations including encryption settings, firewalls, and access controls |
| Each user can set access rights and determine who has access to their resources based on their own judgment. Which type of access control mechanism is being used in this scenario? | Discretionary |
| They have also provided information about the operating systems and applications used in their offices. No other information has been given. What type of penetration testing is Montgomery County conducting? | partially known environment |
| In the context of privacy compliance, which of the following describes the role of a data controller? | the entity is resposible for determining why data is processed. |
| Which of the following techniques allows an attacker to eavesdrop on a wired network by connecting their device directly to the network cables? | wiretapping |
| Neville, a security engineer, suggests his company create a fake document that appears to contain sensitive information in order to attract attackers. Which of the following is Neville suggesting be created? | Honeyfile |
| An organization deploys numerous specialized devices with software hard-coded into their firmware. These devices cannot be easily updated or patched. Which security concern is MOST directly associated with this type of system? | embedded system |
| Which of the following BEST describes the consideration of staffing needs to align with future workload demands and project implementations? | Human Resource Capacity Planning |
| Mary was annoyed because she felt she didn't need any of these programs and they were just taking up valuable space and resources on her new device. Which of the following types of malicious software is Mary MOST likely dealing with on her new laptop? | Bloatware |
| As part of this plan, they need to determine the maximum amount of data loss the organization can tolerate in the event of a disruption. What measurement are they determining? | RPO |
| Which of the following is NOT a consequence of non-compliance with regulations? | Layoffs |
| Jamario, a sysadmin at Dion Training Solutions, wants to prevent unauthorized mail servers from sending emails on behalf of the company's domain. He needs a solution that allows him to specify which servers are allowed to send these emails. | SPF |
| hesuggests Initech provide a broader range of devices and purchase the software employees need. Initech will buy the devices for the employees. Which of the following deployment models is Gregory most likely suggesting? | CYOD - CHoose your own Device |
| Who is responsible for ensuring that the appropriate access controls are in place and being followed? | Data Owner |
| Which threat vector involves an attacker targeting high-ranking officials or departments within an organization, typically to fraudulently redirect financial transactions or obtain sensitive data? | Business emaiil compromise |
| Which of the following encryption standards is primarily used for securing data at rest and in transit through symmetric key cryptography? | AES |
| David, an IT manager at Dion Training, has been put in charge of labeling data. Which label would David use for sensitive client data to ensure the highest security? | Confidential |
| You click on the link and it takes you to a website that looks like website of the product. However, you notice that the URL is slightly different and has a spelling error. What type of attack is this an example of? | Typosquatting |
| equiring users or processes to have the appropriate level of access before allowing them to run the programs or scripts? | Permissions |
| For example, the system might check the user’s credentials as well as the device’s security posture before granting access. Which of the following components is responsible for making this decision? | Policy Engine |
| Dion Training Solutions is expanding its campus and setting up a new server room. Considering security principles for proper device placement, which of the following actions is MOST appropriate? | centrally locating server rooms with limited access points |
| Which of the following terms refers to computer systems that are integrated into larger devices? | Embedded systems |
| Further, these scripts were leveraging legitimate system scripting tools for scanning and configuration activities. Which type of malware is Lucas's computer MOST likely compromised with? | Fileless malware |
| You are a security analyst tasked with investigating a suspected security breach incident. You decide to examine the Firewall logs. Which of the following pieces of information would be MOST valuable in this firewall log to investigate the incident? | connection details including IPS and ports for the last week |
| In which symmetric encryption method is plaintext divided into equal-sized parts, potentially requiring padding to fit the designated size, and then subjected to complex operations based on a specific key value? | Bloack Cipher |
| Which of the following explains the concept of Alert Tuning? | alert tuning helps in reducing false positives |
| After implementing the rules, Jason, a manager, reports that he can't access an external FTP site. Which of the following firewall rules could be the cause of the issue? | block inbound TCP traffic on port 21 to all internal addys |
| You agree and install the extension. The extension then hijacks your browser and redirects you to malicious websites. What kind of threat vector was used for this attack? | IM |
| Sweet as Thyme, a flavoring supplier, uses a peer to peer network which relies on a public ledger to ensure the integrity of transactions and to provide a permanent record of all transactions. What is this technology they are using called? | Blockchain |
| When implementing changes in an IT system, which practice highlights the importance of attempting a trial run of most significant or major changes before full implementation? | Change management practices |
| Which of the following threat actors is MOST likely to be motivated by wanting to gain access to data to be used to gain a strategic advantage? | Nation- State Actors |
| Dion Training recently concluded a month-long vulnerability assessment on their network infrastructure. To ensure that the management team understands the potential risks and required actions, which document is crucial to prepare and present? | Comprehensive vulnerability assesment report |
| The caller mentions that they need to adjust some settings on Jamario's system remotely and asks for his password. Which of the following social engineering techniques MOST accurately describes this scenario? | Impersonation |
| In an IoT architecture, which of the following is a critical consideration to secure connected devices from vulnerabilities? | Patch Availability |
| Which of the following is the BEST example of a system that does not interact with the network traffic and primarily relies on detection? | IDS |
| Which of the following types of threat actors tend to know the most about how to hack a computer? | Nation State actors |
| Which of the following statements BEST explains the importance of APIs for security of an organization? | APIs enable the automation and integration of diverse security tools and systems |
| Susan is working on establishing a secure baseline for the company's servers. Part of her strategy is to ensure the servers aren't vulnerable to unnecessary exposure. Which action is MOST appropriate for her to take initially? | Disable TCP/UDP ports like 23 and 135 |
Created by:
Studyingsux