Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CASP+ > Chapter 1 Security Architecture (Sybex) > Flashcards

Chapter 1 Security Architecture (Sybex) Flashcards

1
Q

Your organization experienced a security event that led to the loss and disruption of services. You were chosen to investigate the disruption to prevent the risk of it happening again. What is this process called?

A. Incident management
B. Forensic tasks
C. Mandatory vacation
D. Job rotation

A

A. Incident management

Explanation:
An incident is an event that could lead to loss of, or disruption, an organizations operation, services or functions. Incident management is a term describing the activities of an organization to identify, correct and analyze to prevent a future occurrence. Forensics are performed to find artifacts in an environment. Mandatory vacations and Job Rotations are administrative controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Brett is a new CISO, and he is evaluating different controls for availability. Which set of controls should he choose?

A. RAID 1, Classification of data and load balancing
B. Digital signatures, encryption and hashes
C. Steganography, ACLs and vulnerability management
D. Checksums, DOS attacks and RAID 0

A

A. RAID 1, Classification of data and load balancing

Explanation:
RAID 1 is for redundancy, the data’s level of sensitivity is classified based on importance, which is correlated to security measures and who has access, and load balancers determine which server in a pool is available and route requests to that server. The other answers do not pertain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Charles has received final documentation from a compliance audit. The report suggested his organization should implement a complementary security tool to work with the firewall to detect any attempt at scanning. Which device does Charles choose?

A. RAS
B. PBX
C. IDS
D. DDT

A

C. IDS

Explanation:
An IDS is used to detect against intrusion from the outside untrusted network into an internal trusted network. It can be deployed to watch behind the firewall for traffic that was successful in circumventing the firewall, as well as for activity originating from inside the trusted network. A RAS (remote access service) is a combination of hardware and software to enable remote access tools connecting a client to a host computer. A private branch exchange (PBX) is a private telephone network used in a company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Nicole is the security administrator for a large governmental agency. She has implemented port security, restricted network traffic and installed NIDS, firewalls and spam filters. She thinks the network is secure. Now she wants to focus on endpoint security. What is the most comprehensive plan for her to follow?

A. Antimalware/virus/spyware, host based firewall and MFA
B. Antivirus/spam, host based IDS and TFA
C. Antimalware/virus, host based IDS and biometrics
D. Antivirus/spam, host based IDS and SSO

A

A. Antimalware/virus/spyware, host based firewall and MFA

Explanation:
You want to protect your endpoints from malware, viruses and spyware. A host based firewall will prevent malicious traffic, where the IDS will only report there is an intrusion. All two factor authentication (TFA) is a MFA but not all MFA is TFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Sally’s CISO asked her to recommend an intrusion system to recognize intrusions traversing the network and send email alerts to the IT staff when one is detected. What type of intrusion system does the CISO want?

A. HIDS
B. NIDS
C. HIPS
D. NIPS

A

B. NIDS

Explanation:
A network based intrusion detection system (NIDS) monitors traffic traversing the network and can alert based on observing attacks and intrusions. The alerts can come in various forms, including email and text messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Kenneth is the CISO of an engineering organization. He asked the security department to recommend a system to be placed on business critical servers to detect and stop intrusions. Which of the following will meet the CISOs requirements?

A. HIPS
B. NIDS
C. HIDS
D. NIPS

A

A. HIPS

Explanation:
A host based intrusion prevention system (HIPS) is an intrusion prevention system used to detect intrusions on a host system like a server and stop those intrusions from compromising a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Paul’s company has discovered that some of his organizations employees are using personal devices, including cell phones, within highly secure areas. The CISO wants to know which employees are violating this policy. Which of the following devices can inform the CISO who is violating this policy?

A. DLP
B. WIDS
C. NIPS
D. Firewall

A

B. WIDS

Explanation:
Wireless intrusion detection system (WIDS) solutions can locate and identify WiFi devices as well as Bluetooth, Bluetooth Lower Energy and devices emitting cellular signals. This means a WIDS can discover a cell phone even when the WiFi and Bluetooth are not active. Network IDSs and IPSs are looking for malicious network based activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Tom’s company discovered that some of her organizations employees are copying corporate documents to Microsoft blob cloud drives outside the control of the company. She has been instructed to stop this practice from occurring. Which of the following can stop this practice from happening?

A. DLP
B. NIDS
C. NIPS
D. Firewall

A

A. DLP

Explanation:
DLP systems are designed to examine data as it moves off the host system looking for unauthorized transfers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Troy must decide about his organizations file integrity monitoring (FIM). Standalone FIM generally means file analysis only. Another option is to integrate it with the host so that Troy can detect threats in other areas, such as memory or an I/O. For the integration, which of the following does Troy need to use?

A. HIDS
B. ADVFIM
C. NIDS
D. Change management

A

A. HIDS

Explanation:
Some more advanced FIM solutions are part of a host based intrusion detection system (HIDS). As a general rule, they can detect threats in other areas, not just files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Lisa is building a network intrusion detection system (NIDS). What can NIDS do with encrypted network traffic?

A. Look for viruses
B. Examine contents of email
C. Bypass VPN
D. Nothing

A

D. Nothing

Explanation:
Encrypted packets are not processed by most intrusion detection devices. Other potential issues with NIDSs are high speed network data overload, tuning difficulties and signature deployment lag time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What system is used to collect and analyze data logs from various network devices and to report detected security events?

A. Syslog server
B. NIPS
C. WIPS
D. SIEM Systems

A

D. SIEM Systems

Explanation:
A SIEM system is used to collect logs from various devices on a network and to analyze those logs, looking for security issues. Because a SIEM can review logs from various devices, it gets a holistic view of actions going on over the network, as opposed to a single appliance analyzing only traffic flowing through it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The IT department decided to implement a security appliance in front of their web servers to inspect HTTP/HTTPS/SOAP traffic for malicious activity. Which of the following is the best solution to use?

A. Screened host firewall
B. Packet filter firewall
C. DMZ
D. WAF

A

D. WAF

Explanation:
A WAF is used to inspect OSI Layer 7 data for malicious activity. HTTP/HTTPS/SOAP are all web application protocols that operate at OSI Layer 7.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security audit was conducted for your organization. It found that a computer plugged into any Ethernet port in its shipping facility was able to access network resources without authentication. You are directed to fix this security issue. Which standard, if implemented, could resolve this issue?

A. 802.1x
B. 802.3
C. 802.1q
D. 802.11

A

A. 802.1x

Explanation:
The 802.1x standard from IEEE provides for port-based network access control. It provides a means of authenticating devices that attempt to connect to the network. Based on authentication, the Ethernet port can be placed in the appropriate VLAN for that device. If a device does not authenticate, the port could be placed into a quarantined VLAN or configure for Internet access only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your CISO is concerned with unauthorized network access to the corporate wireless network. You want to set a mechanism in place that not only authenticates the wireless devices but also requires them to meet a predefined corporate policy before allowing them on the network. What technology best performs this function?

A. HIDS
B. NAC
C. Software agent
D. NIPS

A

B. NAC

Explanation:
Not only can NAC authenticate network devices, but it can also ensure the enforcement of corporate policies governing these devices. If a system is not in compliance with the corporate policy, the device can be quarantined until such time when the policy failures are remediated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

David’s security team is implementing NAC for authentication as well as corporate policy enforcement. The team wants to install software on the devices to perform these tasks. In the context of NAC, what is this software called?

A. Program
B. Process
C. Agent
D. Thread

A

C. Agent

Explanation:
The software installed on dev ices tha t will connect to the network using NAC is called an agent. A program is a set of instructions that allow for a certain kind of digital operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Grace is investigating the encryption of data at rest and data in transit and trying to determine which algorithm is best in each situation. Which of the following does not contain data at rest?

A. SAN
B. NAS
C. SSD
D. VPN

A

D. VPN

Explanation:
Data at rest is stored on a device. A VPN contains data moving, which means in transit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Your employees need internal access while traveling to remote locations. You need a service that enables them to securely connect back to a private corporate network from a public network to log into a centralized portal. You want the traffic to be encrypted. Which of the following is the best tool?

A. WiFi
B. VPN
C. RDP
D. NIC

A

B. VPN

Explanation:
A virtual private network (VPN) enables employees to access sensitive data and systems on mobile devices while away from the secure corporate network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Roberts employees complain that when they connect to the network through the VPN, they cannot view their social media posts and pictures. What most likely has been implemented?

A. Split tunnels
B. DNS tunneling
C. ARP cache
D. Full tunnels

A

D. Full tunnels

Explanation:
In a full tunnel, all network traffic is forced to go through the VPN. Depending on how its configured, you may only have access to the internal network while the VPN is active. Split VPN tunnels only partially encrypt traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Robin’s company is merging with another healthcare organization. The stakeholders are discussing the security aspects of combining digital communications. The main agreed upon criterion for compliance and security is protecting the sharing of the business’s domains. What is the best option for this organization?

A. DNSSEC
B. TLS
C. SSL 2.0
D. Keeping both entities separate

A

A. DNSSEC

Explanation:
DNSSEC strengthens authentication using digital signatures based on public/private key cryptography. With DNSSEC, you have data origin authentication as well as data integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You are a network security administrator for a SOHO. Your staff tends to work from coffee shops without understanding the need for a VPN. You must show them why this can be dangerous. What network traffic packets are commonly captured and used in a replay attack?

A. Packet headers
B. Authentication
C. FTP
D. DNS

A

B. Authentication

Explanation:
Authentication traffic is the most commonly captured and reused network traffic used in a replay attack. If an attacker is able to replay the stream of authentication packets correctly, they gain access to the same systems as the original user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Sally needs to implement a network security device at the border of her corporate network and the Internet. This device filters network traffic based on source and destination IP addresses, source and destination port numbers and protocols. Which network security device best suits her needs?

A. Packet filter firewall
B. Proxy server
C. HSM
D. DMZ

A

A. Packet filter firewall

Explanation:
A packet filter firewall inspects packets traversing the network and allows you to control the traffic based on source and destination IP, source and destination port and the protocol utilized for communication. A proxy server is a server application or appliance that acts as an intermediary for requests from client machines looking for resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The IT security department was tasked with recommending a single security device that can perform various security functions. The security functions include antivirus protection, antispyware, a firewall and an IDP. What device should the IT security department recommend?

A. Next generation firewall
B. Unified threat management system
C. Quantum proxy
D. Next generation IDP

A

B. Unified threat management system

Explanation:
A unified threat management (UTM) system is a single device that provides multiple security functions, including antivirus protection, antispyware, a firewall and an IDP. A concern with using a UTM is that it could become a single point of failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

One of your network administrators reports that they cannot connect to a device on the local network using its IP address. The device is up and running with an IP address of 10.0.0.5. Other hots can communicate with the device. The default gateway is 10.0.0.1 and your local IP address is 10.0.0.3. What is the best type of scan to run to find the MAC of the offending machine?

A. ARP
B. NAT Gateway
C. IPConfig
D. IFConfig

A

A. ARP

Explanation:
An Address Resolution Protocol (ARP) scan is performed to learn MAC addresses. You run an ARP request to query the MAC address of a device with a known IP Address. When the ARP reply is received, you populate the ARP table, which maps the IP to a MAC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Ronald has architected his network to hide the source of a network connection. What device has he most probably used?

A. Proxy firewall
B. Internet gateway
C. Layer 3 switch
D. Bastion host

A

A. Proxy firewall

Explanation:
A proxy firewall is also known as an application level gateway firewall. It is used primarily to hide the source off a network connection. This allows you to hide the true source of the traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
The IT group within your organization wants to filter requests between clients and their servers. They want to place a device in front of the servers' that act as a go between for the clients and the servers. This device receives the request from clients and forwards the request to the servers. The server will reply to the request by sending the reply to the device, then the device will forward the reply to the clients. What device best meets this description? A. Firewall B. NIDS C. Reverse proxy D. Proxy
C. Reverse proxy Explanation: A reverse proxy performs the function mentioned in the question. As traffic intended for the servers goes through the reverse proxy, it can provide filtering of malicious traffic destined for the servers. A proxy sits in front of clients, receiving their requests and forwarding them on to the destination.
26
Many users within your organization clicked on emails that, while looking legitimate, are malicious. Malicious code executes once the email is opened, infecting the users system with malware. What could be implementing on the email server to help prevent such emails from reaching the end user? A. Firewall B. Spam filters C. WAF D. Forward proxy
B. Spam filters Explanation: Spam filters inspect and filter malicious emails before they reach the end user. A basic firewall does not examine emails for malicious content.
27
Your network administrator, George, reaches out to you to investigate why your ecommerce site went down twice in the past three days. Everything looks good on your network, so you reach out to your ISP. You suspect an attacker set up botnets that flood your DNS server with invalid requests. You find this out by examining your external logging service. What is this type of attack called? A. DDoS B. Spamming C. IP Spoofing D. Containerization
A. DDoS Explanation: A DoS attack is a single source computer system initiating the attack. A DDoS attack is much more orchestrated enlisting the help of hundreds/thousands of other source computers to completely overload the system
28
Aarons end users are having difficulty signing into the network. The investigation of the situation leads him to believe it is which type of attack? A. Port scanning B. DDoS C. Pass the hash D. Trojan
B. DDoS Explanation: DoS and DDoS are attacks that do not give unauthorized access but rather block legitimate users from access. Typically attackers generate large volumes of packets or requests, overwhelming a target system
29
A network engineer must configure a router on the network remotely. What protocol should be used to ensure a secure connection? A. Telnet B. FTP C. HTTP D. SSH
D. SSH Explanation: SSH encrypts the data being to and from the router, ensuring that if an attacker captures the traffic, the attacker cannot read it. The other protocols send traffic in clear text that can be read, if captured
30
Ian has joined a company that licenses a third party's software and email service that is delivered to end users through a browser. What type of organization does Ian work for? A. IaaS B. SaaS C. PaaS D. BaaS
B. SaaS Explanation: SaaS providers use an Internet enabled streaming service or web application to give end users access to software that would have to be installed locally or on a server.
31
You are a security analyst with an enterprise global financial organization. The company just experienced an advanced persistent threat (APT) type of attack that was traced to ransomware delivered to end users via a phishing campaign. One of your IT analysts forwarded the email to the phishing@mycompany.com address. You want to rip open the ransomware to see what it does and what asset it touches. What do you build? A. Cloud sandbox B. A container C. SLA D. A hypervisor
A. Cloud sandbox Explanation: A sandbox is an environment that is used for opening files or running programs without interfering with production environments. It is used to test software as safe or unsafe. A cloud sandbox adds another layer of security than an on premises sandbox as it is completely separate from your corporate network
32
Cody configured the application programming interface (API) connection between your web application that manages retail transactions and your bank. This connection must be as secure as possible. Because the API connection will handle financial transactions, what is the best choice for securing the API if it is well designed? A. SOAP B. HTTPS C. REST D. XML
A. SOAP Explanation: There are two web service formats: SOAP and RREST. Simple Object Access protocol (SOAP) is used for interchanging data in a distributed environment. Representational State Transfer (REST) is an architectural style for hypermedia systems. Of the two, SOAP has extensions for specific security concerns, where as REST focuses on how to deliver and consume.
33
Aniket is looking for a web server to process requests sent by XML. What is the best technology to use for this? A. REST B. SOAP C. Ajax D. XSS
C. Ajax Explanation: Asynchronous JavaScript and XML is a pattern where web pages use web services using JavaScript and XML. It is used to create fast dynamic web pages, enabling parts of a web page to update, rather than reloading the entire page
34
The Cisco switch port you are using for traffic analysis and troubleshooting has a dedicated SPAN port that is an error disabled state; what is the procedure to re enable it after you enter priv exec mode? A. Issue the no shutdown command on the error disabled interface B. Issue the shutdown and then the no shutdown command on the error-disabled interface C. Issue the no error command on the error disabled interface D. Issue the no error disable command on the error-disabled interface
B. Issue the shutdown and then the no shutdown command on the error-disabled interface Explanation: A switched port analyzer (SPAN) port is a dedicated port on a switch that takes a mirrored copy of a network from within the switch to be sent to a destination. That destination is typically a monitoring device. The proper way to bring a switch port out of the error disabled state is to go to the interface and issue the shutdown and then the no shutdown commands.
35
You were asked to recommend a solution to intercept and mirror network traffic and analyze its content for malicious activity while not interacting with the host computer. Of the following, which is the best solution? A. System scanner B. Application scanner C. Active vulnerability scanner D. Passive vulnerability scanner
D. Passive vulnerability scanner Explanation: A passive vulnerability scanner can intercept network traffic and analyze its content for malicious activity while not interfering with the host computer. A system scanner and application scanner are both active that do interact with a host computer and because they do so, could cause a host computer to crash
36
One of Robert's objectives and key results (OKRs) for the upcoming year is to modernize the IT strategy by adopting a virtual cloud and taking advantage of new features and storage. He understands that once intellectual property is in the cloud, he could have less visibility and control as a consumer. What else is a major security concern for important data stored in the public cloud versus a private cloud? A. Cost effectiveness B. Elastic use C. Being on demand D. Data remnants
D. Data remnants Explanation: Not only do you have the business issue of lost data by attacks or by accident, you also must consider whether the vendor van verify that your data was securely deleted on demand and that remnants of the data are not still in the cloud for others to see. The public cloud is more cost effective and utilizes elasticity to scale machines. Both public and private can deploy assets on demand, so the biggest security concern would be public data remnants.
37
Your news organization is dealing with a recent defacement of your website and secure web server. The server was compromised around a three day holiday weekend while most of the IT staff was not at work. The network diagram, in the order from the outside in, consists of the Internet, IDS, SSL accelerator, web server farm, internal firewall and internal network. You attempt a forensic analysis, but all the web server logs have been deleted and the internal firewall logs shows no activity. As the security administrator, what do you do? A. Review sensor placement and examine the external firewall logs to find the attack B. Review the IDS logs to determine the source of the attack C. Correlate all the logs from all the devices to find where the organization was compromised D. Reconfigure the network and put the IDs between the SSL accelerator and server farm to better determine the cause of future attacks
A. Review sensor placement and examine the external firewall logs to find the attack Explanation: If you place an IDS sensor somewhere in your network for intrusion detection, your end goal is important. If you want to see what threats are being aimed at your organization from the Internet, you place the IDS outside the firewall. If you want to see potentially malicious internal traffic that you have inside tthe perimeter of your network, you place the monitor between the firewall and internal LAN.
38
After merging with a newly acquired company, Gavin comes to work Monday morning to find a metamorphic worm from the newly acquired network spreading through the parent organization. The security administrator isolated the worm using a network traffic access point (TAP) mirroring all the new network traffic and found it spreading on TCP port 445. What does Gavin advise the administrator do to immediately minimize the attack? A.
39
Jonathan is a senior architect who has submitted the budget requests to the CISO to upgrade their security landscape. One item to purchase in the new year is a SIEM. What is the primary function of a SIEM tool? A. Blocking malicious users and traffic B. Monitoring the network C. Automating DNS servers D. Monitoring servers
D. Monitoring servers Explanation: A SIEM monitors servers on your network, ideally providing a real time analysis of security incidents and events
40
Janet has critical files and intellectual property on several filesystems and needs to be alerted if these files are altered by either trusted insiders abusing their privilege or malware. What should she implement? A. FIM B. PCI C. DNS D. TCP
A. FIM Explanation: File integrity monitoring is a security technique used to secure IT infrastructure and business data. If an attacker or malicious insider generates changes to application files, operating system files and log files, FIM can detect these changes.
41
You are configuring SNMP on a Windows server. You have found that you are currently running SNMPv2c. Why would you want to upgrade to SNMPv3? A. Cryptographic security system B. Party based security system C. Easier to set up D. Support UDP
A. Cryptographic security system Explanation: SNMP v3 adds encryption and authentication, which can be used together or separately
42
Victor is employed in a high risk geographically diverse environment heavily using Cisco IOS. Which of these are not key service advantages of NetFlow? A. Peer to peer tunneling encryption B. Network traffic accounting and usage based billing C. Network planning and security D. DoS monitoring capabilities
43
Eddie is looking for an antivirus detection tool that uses a rule or weight based system to determine how much danger a program function could be. What type of antivirus does he need? A. Behavioral B. Signature based C. Heuristic D. Automated
C. Heuristic Explanation: A heuristic antivirus application examines the code and searches for specific commands or instructions that would not normally be found in an application. A behavioral detection antivirus program watches the operating system looking for anything suspicious or out of the normal range of behavior
44
Simon's organization has endpoints that are considered low priority systems. Even though they are considered low priority, they still must be protected from malicious code capable of destroying data and corrupting systems. Malicious code is capable of infecting files but generally needs help moving from one system to another. What type of security product protects systems from this type of malicious code? A. Antimalware B. Antispyware C. Antivirus D. Anti-adware
C. Antivirus Explanation: A virus is malicious code capable of destroying data and corrupting systems. It generally needs help moving from one system to another. Antivirus products are designed to recognize and remove viruses from a system. Antimalware products are able to detect various types of malware, including viruses. Anti adware products detect and remove programs designed to display advertisements on an infected users screen
45
An employee downloads a video of someone stealing a package off their porch from their smart doorbell. How do you mitigate the risk of storing that type of data on your business network? A. Implement a security policy and awareness B. Performing audits C. Monitoring networks for certain file types D. Using third party threat intelligence reports
A. Implement a security policy and awareness Explanation: Updating the corporate security policy for IoT and conducting a security awareness campaign are effective mitigation tools. After you perform the proper technical risk analysis, compensating controls, segmentation, and stringent network access controls can be put into place
46
Your CISO asked you to implement a solution on the jump servers in your DMZ that can detect and stop malicious activity. Which solution accomplishes this task? A. HIDS B. NIDS C. HIPS D. NIPS
C. HIPS Explanation: HIPS is an intrusion prevention system is used to stop intrusion on a host and stop the activity. Jump servers, sometimes called jump boxes are typically placed between a secure zone and a DMZ to provide management of devices on the DMZ once a management session has been established. The jump server acts as a single audit point for traffic.
47
Peyton is an IT administrator needing visibility into his staging network. He believes he has all the tools and controls in place, but has no way to look for attackers who are currently exploiting the network. What tool can Peyton choose to help with seeing the dark spots in his environment? A. Fuzzer B. HTTP interceptor C. Port scanner D. SIEM
D. SIEM Explanation: SIEM collects data from various assets, servers, domain controllers, hosts and more. The SIEM will normalize the data, which is analyzed to discover and detect threats
48
You want to replace an access points removable antenna with a better one based on the results gathered by a wireless site survey. You want to be able to focus more energy in one direction and less in another to better distinguish between networks. What type of antenna should you purchase? A. Directional B. Omnidirectional C. Parabolic dish D. Radio
A. Directional Explanation: A directional WiFi antenna is not going to boost any signal - directs the energy from the transmitter. You can adjust a directional antennas signal gain and angle to provide the specific range you need.
49
Bobby is a security risk manager with a global organization. The organization recently evaluated the risk of flash floods on its operations in several regions and determine that the cost of responding is expensive. The organization chooses to take no action currently. What was the risk management strategy deployed? A. Risk mitigation B. Risk acceptance C. Risk avoidance D. Risk transference
B. Risk acceptance Explanation: When the cost of controls is more than the benefits gained by implementing a response, then the best course of action is risk acceptance for a certain period, then the risk is reevaluated
50
Randolf is a newly hired CISO and he is evaluating controls for the confidentiality portion of the CIA triad. Which set of controls should he choose to concentrate on for confidentiality? A. RAID 1, classification of data, and load balancing B. Digital signatures, encryption and hashes C. Steganography, ACL and vulnerability management D. Checksums, DOS attacks and RAID 0
C. Steganography, ACL and vulnerability management Explanation: Implementing controls for confidentiality ensures that data remains private. Steganography can hide messages in pictures, music or videos. Access control lists (ACLs) are tables that tell who has permission to see an object or directory and vulnerability management refers to finding weaknesses in software to deal with any associated confidentiality risks
51
A hospital database is hosting PHI data with high volatility. Data changes constantly and is used by doctors, nurses and surgeons, as well as the finance department for billing. The database is located in a secure air gapped network where there is limited access. What is the most likely threat? A. Internal user fraud B. Manipulated key value pairs C. Compliance D. Inappropriate admin access
D. Inappropriate admin access Explanation: The database is in a secure air gapped network with limited access. It is probably compliant and inaccessible to most attackers. A key value pair is a set of two linked data items; a key, which is a unique identifier for some item of data, and the value, which is either the data that is identified or a pointed to the location of that data. Key value pairs are frequently used in lookup tables, hash tables and configuration files. The best answer is inappropriate administrator access
52
Jeremiah works for a global construction company and has found cloud computing meets 90% of his IT needs. Which of these is of least importance when considering cloud computing? A. Data classification B. Encryption methodology C. Incident response and disaster recovery D. Physical location of data center
D. Physical location of data center Explanation: When using the cloud, it is difficult to know where your data is stored. The company you are using may be incorporated in the United States with server farms in Brazil. Many companies outsource to reduce costs. The other three are of more importance when considering cloud computing
53
Your CEO purchased the latest and greatest mobile device (BYOD) and now wants you to connect it to the company's intranet. You have been told to research this process according to change management and security policy. What best security recommendation do you recommend making the biggest impact on risk? A. Making this a new corporate policy available for everyone B. Adding a PIN to access the device C. Encrypting nonvolatile memory D. Auditing requirements
C. Encrypting nonvolatile memory Explanation: The act of encrypting nonvolatile memory will make the biggest impact and increase the work factor of anyone who attempts to break into the phone. A PIN would not be a strong enough deterrent, not when this phone has apps that connect to the corporate intranet. A complex password is better than a PIN
54
For security reasons, Ted is moving from LDAP to LDAPS for standards based specification for interacting with directory data. LDAPS provides security by using which of the following? A. SSL B. SSH C. PGP D. AES
A. SSL Explanation: By default, LDAP communication between client and server is not encrypted. This means it would be possible to capture traffic and view the information between client and server, which can be dangerous when transmitting usernames and passwords. LDAPS adds SSL encryption
55
Your CISO watched the news about the latest supply chain breach and is genuinely concerned about this type of attacks affecting major organizations. He asks you, as a security analyst, to gather information about controls to put into place on your SDN network to stop these attacks from affecting your organization. How do you begin this process? A. Get the latest IOCs from OSINT sources B. Research best practices C. Use AI and SIEM D. Perform a sweep of your network using threat modeling
A. Get the latest IOCs from OSINT sources Explanation: A vast amount of OSINT can help organizations stay safer. Overlay networking (aka SDN) is a method of using software to create layers of network abstraction that can be used to run multiple, separate, discrete virtualized network layers on top of the physical network, often providing new applications or security benefits. Using IOCs to aid information security processes on your specific network design helps detect data breaches and malware/ransomware infection. With this information, you can sweep your network to identify matches, sandbox anything suspicious and contact the authorities
56
While performing unit testing on software requested by your department, you found that privilege escalation is possible. Privilege escalation means that an attacker can elevate their privilege on a system from a lower level to an administrator level. What two performance unit testing techniques do you need to use? A. Vertical and horizontal B. Left and right C. North to south D. Ring 1 to 3
A. Vertical and horizontal Explanation: Most attackers are going after vertical privilege escalation where a lower privilege user or application accesses functions reserved for a higher privileged one. Some attackers also use horizontal privilege escalation where you have a normal user who accesses certain functions from another normal user
57
Phillips financial company experienced a natural disaster, used for a hot site for three months and is now returning to the primary site. What processes should be restored first at the primary site? A. Finance department B. External communication C. Mission critical D. Least business critical
D. Least business critical Explanation: You need to test for resilience and reliability of the rebuilt site before you restore any mission critical function. The financial department and communication would be restored only after you know the foundation is good
58
You work in law enforcement supporting a network with HA. High availability is mandatory as you also support 911 services. Which of the following would hinder your HA ecosystem? A. Clustered servers B. Primary firewall C. Switched networks D. Redundant communication links
B. Primary firewall Explanation: If you have only a single primary firewall, you have a single point of failure, which could be catastrophic to
59
Mark has been tasked with building a computer system that can scale well and that includes built in logic for interfacing with many types of devices, including SATA, PCI and USB as well as GPU, network processes and AV encoders/decoders. What type of system should he build? A. Matrix B. Heterogenous C. LLC D. Meshed networks
B. Heterogenous Explanation: Heterogenous computing refers to systems that use more than one kind of processor or core. These types of systems gain performance and/or efficiency by adding different coprocessors, usually incorporating specialized processing capabilities to handle specific tasks. A system of this type has also been referred to as a diverse chipset
60
Not having complete control over networks and servers is a real concern in your organization, and upper management asks you if the company's data is secure now that you have migrated to the cloud. They have asked you to present industry research at the next board of directors meeting to answer questions regarding cloud security and your company's cyber resilience. What research would be of the most interest to the board of directors? A. Processor power consumption B. Encryption models C. COCOA D. CACAO
D. CACAO Explanation: You may not have heard of Collaborative Automated Course of Action Operations (CACAO), but you are probably familiar with a playbook. Research from the Ponemom Institute in summer 2020 states that the volume and severity of cyberattacks continues to rise and to create resilience and that the adoption of a companywide incident response playbook will help guide a business through its response to an attack
61
Greg is a security researcher for a cybersecurity company. He is currently examining a third party vendor and finds a way to use SQLi to deface their web server due to a missing patch in the company's web application. What is the threat of doing business with this organization? A. Web defacement B. Unpatched applications C. Attackers D. Education awareness
C. Attackers Explanation: The threat in this scenario is the hacker or nation state who wants to use this third party vendor as a gateway into your organization
62
Your CISO decided to implement an overarching enterprise mobility management (EMM) strategy. She wants to ensure that sensitive corporate data is not compromised by the employees apps on their mobile devices. Which of these will implement that best? A. App config through IDC B. App wrapping through SDK C. Open source through API D. Platform DevOps
B. App wrapping through SDK Explanation: App wrapping is performed through the use of a software development kit (SDK) that enables a developer to administer management policies. This includes controlling who can download a mobile app whether data accessed by that app can be copied and pasted
63
You are a web dev who needs to secure API keys in a client side JavaScript application created for your hospital. What is the best way to accomplish this task quickly ansd efficiently? A. Disable API access and use a hash of the key B. Set API access and a secret key pair C. Curl a request with an -H -o option D. Set a RESTful request with access pairs
B. Set API access and a secret key pair Explanation: Setting API access and a secret key pair is the most commonly used option. Key pairs provide access to the API and give each individual a secret token. If the access and secret key pairs do not match, you will not have access.
64
Trent is a security analyst for a financial organization and conducting a review of data management policies. After a complete review, he found settings disabling permitting developers to download supporting but trusted software. You submitted the recommendation that developers have a separate process to manually download software that should be vetted before its use. What process will support this recommendation? A. NIPS B. Digitally signed applications C. Sandboxing D. PCI compliance A. NIPS B.
C. Sandboxing Explanation: A sandbox enables developers to download, install and manipulate software in a quarantined location to test before putting it into production. Sandboxes are incredibly important to patch management and upgrading software
65
123 In the last 5 years, your manufacturing group merged twice with competitors and acquired three startups, which led to more than 60 unique customer web applications. To reduce cost and improve workflows, you are put in charge of a project to implement centralized security. You need to ensure a model to enable integration and accurate identity information and authentication as well as repeatability. Which is the best solution? A. Implementation of web access control and relay proxies B. Automated provisioning of identity management C. Self service single sign on using Kerberos D. Building an organizational wide granular access control model in a centralized location
D. Building an organizational wide granular access control model in a centralized location Explanation: You will want to build a centralized organization wide access control system, bringing together multiple organizations for standardization, identity management and authentication with the ability to repeat this with the next iteration of mergers and acquisitions
66
You are tasked with creating a single sign on solution for your security organization. Which of these would you not deploy in an enterprise environment? A. Directory services B. Kerberos C. SAML 2.0 D. Workgroup
D. Workgroup Explanation: Kerberos, directory services and SAML 2.0 are all examples of single sign on solutions. You provide your logon credentials and do not have to provide them again while in a specific environment. A work group is not a form of single sign on. You have to authenticate each time to access a system
67
DNS maintains an index of every domain name and corresponding IP address. Before someone visits a website on your corporate network, DNS will resolve your domain name to its IP address. Which of the following is a weakness of DNS? A. Spoofing B. Latency C. Authentication D. Inconsistency
C. Authentication Explanation: DNS suffers from lack of authentication of servers and therefore an authenticity of records. During DNS hijacking, the clients configuration is changed so that DNS traffic is redirected to a rogue server that sends the client wherever the attacker wants them to go
68
A large enterprise social media organization underwent several mergers, divestitures, and acquisitions over the past three years. Because of this, the internal networks and software have extremely complex dependencies. Better integration is mandatory. Which of the following integration platforms is best for security and standards based software architecture? A. IDE B. DNS C. SOA D. ESB
D. ESB Explanation: Enterprise service bus (ESB) is a communication system for software inside service oriented architecture (SOA). it is a special type of client server model focused on agility and flexibility. ESBs are built into the SOA middleware to overcome integration problems between incompatible systems. One of the systems may be a slow receiver; another may need messages in binary format
69
You are selected to manage a software development and implementation project. Your manager suggests that you follow the phases in the SDLC. In which of these phases do you determine the controls needed to ensure that the system compiles with standards? A. Testing B. Initiation C. Accreditation D. Acceptance
A. Testing Explanation: The need for usability and productivity sometimes get prioritized over security. Problems with many organizations are the silos of people, the processes and a lack of communication. This is an instance where risk management and strategies must communicate with those users and decision makers and influence their behaviors. Not many outside of IT will know what the SDLC is.
70
Simon is a security engineer. While testing an application during a regular assessment to make sure it is configured securely, he sees a REQUEST containing method, resources, and headers, and a RESPONSE containing status code and headers. What technique did he most likely use to generate that type of output? A. Fingerprinting B. Fuzzing C. Vulnerability scanning D. HTTP intercepting
D. HTTP intercepting Explanation: An HTTP interceptor is used to inspect requests before they are handed to a server and responses before they are handed over to an application. HTTP interceptors are used for error handling and authentication for requests and responses. Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid or random input.
71
You are working on a high risk software development project that is large, the released are to be frequent and the requirements are complex. The waterfall and agile models are too simple. What software development model would you opt for? A. Functional B. Cost estimation C. Continuous delivery D. Spiral
D. Spiral Explanation: Spiral software development process is beneficial because of risk management; development is fast, and there is always room for feedback. It is not advisable if it is a small project because it is known to be expensive. There is more documentation with the spiral model because it has intermediate phases that require it. To be effective, the model has to be followed precisely.
71
The SDLC phases are part of a bigger process known as the system life cycle (SLC). The SLC has two phases after the implementation phase of the SDLC that addresses postinstallation and future changes. What are they called? A. Operations, maintenance, revisions and replacement B. Replacement, crepitation, evaluation and versioning C. Validation, verification, authentication and monitoring D. Revisions, discovery, compliance and functionality
A. Operations, maintenance, revisions and replacement Explanation: Once a system is in production, the postinstallation phase in which the system is used in production is called operations and maintenance support. The system is monitored for weaknesses and vulnerabilities that did not appear during development. The systems data backup and restore procedures are also tested. If changes need to be made, it enters the phase of revision and system replacement
72
Your organization is pressured by both the company board and employees to allow personal devices on the network. They asked for email and calendar items to be synced between the company ecosystem and their BYOD. Which of the following best balances security and usability? A. Allowing access for the management team only because they have a need for convenient access B. Not allowing any access between a BYOD device and the corporate network, only cloud applications C. Only allowing certain types of devices that can be centrally managed D. Reviewing security policy and performing a risk evaluation focuses on central management, including the remote wipe and encryption of sensitive data and training users on privacy
D. Reviewing security policy and performing a risk evaluation focuses on central management, including the remote wipe and encryption of sensitive data and training users on privacy Explanation: Organizations have evolved, and people are doping more work remotely while traveling. The need for constant access and connection is real in a fast moving organization. Security policies must evolve to enable usability, risk evaluations must be done and all mobile devices must be encrypted. One such risk evaluation must be clipboard privacy on mobile devices. The collection of clipboard data is not a practice that the average user reasonably expects. The data we copy and paste on our phones using the clipboard feature can reveal sensitive information about us; our passwords, credit card numbers, notes, conversations, website URLs, as well as any corporate data. The average end user believes that the data is secure and shared with apps only when we post the data into them and sometimes that is not the case
73
Nathan is tasked with writing the security viewpoint of a new program that his organization is starting. Which of the following techniques makes this a repeatable process and can be used for creating the best security architecture? A. Data classification, CIA triad, minimum security required, and risk analysis B. Historical documentation, continuous monitoring and mitigation of high risks C. Implementation of proper controls, performance of qualitative analysis and continuous monitoring D. Risk analysis; avoidance of critical risks, threats and vulnerabilities; and the transference of medium risks.
A. Data classification, CIA triad, minimum security required, and risk analysis Explanation: The process of data classification is extremely important to making processes repeatable. Once you have a document classified as Secret or Classified, you know exactly how to treat it according to the CIA triad. Each organization is unique, so you must develop the right security controls based on risk analysis and decide which security controls to implement. The purpose of data classification is to ensure that we know exactly what data we have, where it is located, and how sensitive the data is. Yet, despite how crucial it is to have this knowledge, it is an area of data security that is often overlooked
74
As a security analyst, Ben is searching for a method that can examine network traffic and filter its payload based on rules. What is this method called? A. Network flow B. DLP C. Data flow enforcement D. Deep packet inspection
D. Deep packet inspection Explanation: Deep packet inspection is the process of inspecting the payload of a packet for malicious content. Other packet inspection technique only check the header information for signs of malicious activity. The main techniques used for deep packet inspection include either pattern or signature matching. The data evaluated by the deep packet inspection provides a more robust mechanism for enforcing network packet filtering, as DPI can be used to identify and block a range of complex threats hiding in network data streams, including malware or data exfiltration, more accurately
75
Your CTO believes in the adage "Security through obscurity". Which of the following types of obfuscation makes a program obscure to other computers? A. Prevention B. Saturation C. Control Flow D. Data
A. Prevention Explanation: Prevention obfuscation makes it difficult for computer to de-compile code to reverse engineer or copy the code. An example includes remaining metadata to gibberish. Data obfuscation is aimed at obscuring data and data structures. Control flow of obfuscation uses false conditional statements to configure de-compilers while keeping code intact
76
Lynn uses a process that substitutes a sensitive data element with something that is not sensitive. She uses this process to map back to the sensitive data. What is this called? A. Masking B. Encryption C. Tokenization D. Authorization
C. Tokenization Explanation: Security is increased, and risk is reduced when using tokens. The mapping from the original data to the token should be irreversible in the absence of the system that created it
77
After meeting with the board of directors, your CEO is looking for a way to boost profits. He identified a need to implement cost savings on non core related business activities, and the suggestion was made to move the corporate email system to the cloud. You are the compliance officer tasked with making sure security and data issues are handled properly. What best describes your process? A. End to end encryption, creation and the destruction of mail accounts B. Vendor selection and RFP/RFQ C. Securing all virtual environments that handle email D. Data provisioning and processing while in transit and at rest
D. Data provisioning and processing while in transit and at rest Explanation: Data provisioning and processing and encrypting data in transit and at rest is the best description of the data life cycle and to end. The data lifecycle begins with data creation, then storage, usage, archival and eventually destruction. Having a clearly defined and documented data life cycle management process is key to ensuring data governance can be carried out effectively within your organization
78
Evans company is tasked with creating a pre disaster preparation plan that will sustain the business should a disaster, natural or human made occurs
79
A server holding sensitive financial records is running out of room. You are the information security manager and data storage falls under your purview. What is the best option? A. First in, first out (FIFO) B. Compress and archive the oldest data C. Move the data to the cloud D. Add disk space in a RAID configuration
D. Add disk space in a RAID configuration Explanation: The best thing to do is add more disk space and employ some type of RAID configuration for speed and redundancy. With certain compliance, you need to know how long to keep the data and if the cost is high, you must consider what type of backup medium is best for your organization
80
During what phase of eDiscovery will you determine what digital data and document should be collected for possible analysis and review? A. Processing B. Identification C. Collection D. Curation
B. Identification Explanation: The identification phase identifies data custodians, as well as potential data, information, documents or records that could be relevant. To ensure that there is a complete identification of all resources, use data mapping to reduce complexity
81
Jennie and her team are developing security policies, and they are currently working on a policy regarding password management. Which of these is not important? A. Account lockout B. Training users to create complex easy to remember passwords and not user the same password over again C. Preventing users from using personal information in a password, such as their birthday or spouses name D. Storing passwords securely in a password manager application
A. Account lockout Explanation: Account lockout is not password management as this is actually access management
82
What is a major security concern associated with IoT? A. Lack of encryption B. Use of hard coded passwords C. Lack of firmware support D. All of the above
D. All of the above Explanation: The majority of IoT devices are not developed with security in mind. Many of these devices send data over the network in clear text, use hard coded passwords that are easily found, and have firmware that is not updated to address known vulnerabilities
83
Which of the following access control principles should you implement to create a system of checks and balances on employees with heightened privilege access? A. Rotation of duties B. Need to known C. Mandatory Access Control D. Separation of duties
D. Separation of duties Explanation: Separation of duties is an access control mechanism that creates a system of checks and balances on employees with privileged access. Separation of duties requires more than one user to participate in a critical task. One person writes the check and other person signs the check
84
You have an application that performs authentication, which makes checking for session management, brute forcing and password complexity appropriate. What else might you check for? A. SQLi B. Ransomware C. Privilege Escalation D. Static Analysis
C. Privilege Escalation Explanation: The application performs authentication, so you would be checking for the appropriate vulnerability for this process. Privilege escalation is the only vulnerability that has anything to do with authentication
85
You just accepted a CISO position for a small customer service business, and your first priority is to increase security and accessibility for current SaaS applications. The applications are configured to use passwords. What do you implement first? A. Deploy password managers for all employees B. Deploy password managers for only the employees who use the SaaS tool C. Create a VPN between your organization and the SaaS provider D. Implement a system for time based, one time passwords
C. Create a VPN between your organization and the SaaS provider Explanation: If 2FA is not an option, then creating a VPN between your organization and the SaaS provider would be best.
86
The collaboration tool that your company uses follows a username and password login model. If one of your employees credentials are compromised, it could give attackers access to financial information, intellectual property, or client information. How would you mitigate this type of risk with a collaboration tool? A. Strict password guidelines B. Only use HTTPS C. Restrict usage to VPN D. Disable SSO
A. Strict password guidelines Explanation: The best answer here is to use strict password guidelines
87
You visit a website that requires credentials to log in. Besides providing the option of a username and password, you are also given the option to log in using your Facebook credentials. What type of authentication scheme is used? A. SAML B. OAuth C. ClosedID D. OpenID
D. OpenID Explanation: OpenID is a means of propagating identity information to different web services. For OpenID to work, the web services must have an existing trust relationship either among the web services or via a common third party
88
You need to find a web based language that is used to exchange security information with single sign on (SSO). Which of the following is the best language to use? A. SOAP B. Kerberos C. SAML/Shibboleth D. API
C. SAML/Shibboleth Explanation: Security Assertion Markup Language (SAML) is the best one to use for a web based SSO environment. SAML is XML based, which is an open standard used for authentication and authorization. Shibboleth is an open source software product that implements SAML. It consists of three functional parts; the identity provider, the service provider and the browser. The client is usually a web browser, although SAML can support enhanced clients and proxies
89
Your IT manager wants to move from a centralized access control methodology to a decentralized access control methodology. You need a router that authenticates users from a locally stored database. This requires subjects to be added individually to the local database for access, which creates a security domain, or sphere of trust. What best describes this type of administration? A. Decentralized access control requires more administrative work B. Decentralized access control creates a bottleneck C. Decentralized access control requires a single authorization servicer D. Decentralized access control stores all the users in the same administrative location using RADIUS
A. Decentralized access control requires more administrative work Explanation: Decentralized access control requires more administrative work. Centralized access control administration does not require as much, because all the accounts are centrally located.
90
Your data owner must assign classifications to information assets and ensure regulation compliance. Which of these other criteria is determined by the data owner? A. Authorization B. Authentication C. Verification D. Validation
A. Authorization Explanation: The data owner is responsible for determining who has authorized access to information about certain assets in their area of control. A data owner could take this on a case by case basis, or they could define a set of rules called rule based access control. Access is granted on the security principle of separation of duties, least privilege and need to know
91
Your credit card company identified that customers top transaction on the web portal is resetting passwords. Many users forget their security questions, so customers are calling to talk to tech support. You want to develop single factor authentication to cut down on the overhead of the current solution. What do you suggest? A. Push notification B. In band certificate or token C. Login with third party social media accounts D. SMS message to a customers mobile number with an expiring OTP
D. SMS message to a customers mobile number with an expiring OTP Explanation: The best solution is to have identification and authentication carried out with a message to the customers mobile number, which generates a one time password to be entered into the corporate web portal to reset passwords
92
You are setting up a new virtual machine. What type of virtualization should you use to coordinate instructions directly to the CPU? A. Type B B. Type 1 C. Type 2 D. No VM directly sends instructions to the CPU
B. Type 1 Explanation: The main difference between Type 1 and Type 2 hypervisors is that Type 1 runs on bare metal and type 2 runs in an OS
93
You are exploring the best option for your team to read data that was written onto storage material by a device you do not have access to, and the backup device has been broken. Which of the following is the best option for this? A. Type 1 hypervisor B. Type 2 hypervisor C. Emulation D. PaaS
C. Emulation Explanation: Emulation is important in fighting obsolescence and keeping data available. Emulation lets you model older hardware and software and re create them using current technology. With emulation, you can use a current platform to access an older application, operating system or data while the older software still thinks it is running in its original environment
94
GPS is built into cell phones and cameras, enabling coordinated longitude and latitude to be embedded in a machine readable format as part of a picture or in apps and games. Besides physical coordinates of longitude and latitude, which of these will not be embedded in the metadata of a photo taken with a cell phone? A. Name of businesses that are near your location B. Elevation C. Bearing D. Phone number
D. Phone number Explanation: While seemingly harmless, with every photo shared, a vast amount of information is attached to each one, including location with an accuracy of within 15 feet. While you are sharing posts on social media, you are also at risk from the criminal element because that photo you took can divulge where you physically are
95
Your CISO asked you to help review data protection, system configurations and hardening guides that were developed for cloud deployments. He would like you to make a list of goals for security improvements based on your current deployment. What is the best source of information to help you build this list? A. Pentesting reports B. CVE database C. Implementation guides D. Security assessment reports
B. CVE database Explanation: Common vulnerabilities and exposures (CVE) list includes a number for identification, a description and a public reference for all known vulnerabilities. The CVE system provides a reference method for officially known information security vulnerabilities and exposure and would be best for this goal setting activity
96
Management of your hosted application environment required end to end visibility and a high end performance connection while monitoring for security issues. What should you consider for the most control and visibility? A. You should consider a provider with connections from your location directly into the applications cloud resources B. You should have a private T1 line installed for this access C. You should secure a VPN concentrator for this task D. You should use HTTPS
A. You should consider a provider with connections from your location directly into the applications cloud resources Explanation: the management of your application requires end to end monitoring, so a connection from your location to the cloud environment is the best way to have great control over and visibility into attacks that threaten your environment
97
Your objectives and key results (OKRs) being measured for this quarter include realizing the benefits of a single tenancy cloud architecture. Which one of the results is a benefit of a single tenancy cloud service? A. Security and costs B. Reliability and scaling C. Ease of restoration D. Maintenance
D. Maintenance Explanation: While single tenancy is more secure due to isolation and you control access and backups and cost with scaling, it requires more maintenance because single tenant environments need more updates and upgrades that are managed by the customer
98
With 80 percent of your enterprise in a VPC model, which of the following is not a key enabling technology? A. Fast WAN and automatic IP addressing B. High performance hardware C. Inexpensive servers D. Complete control over process
D. Complete control over process Explanation: A virtual private cloud (VPC) customer has exclusive access to a segment of a public cloud. This deployment is a compromise between public and private model in terms of price and features. Access can also be restricted by the users physical location by employing firewalls and IP address whitelisting. Using the cloud is a trade - you gain speed, performance and cost, but you will lose some control over the security processes
99
You have a new security policy that requires backing up critical data offsite. This data must be backed up hourly. Cost is important. What methods are you likely to deploy? A. File storage B. Electronic vaulting C. Block storage D. Object storage
B. Electronic vaulting Explanation: Electronic vaulting will enable you to transmit bulk data to an offsite backup storage facility. You can choose to backup weekly, hourly and daily. If a server fails, you can restore data quickly, but because the information is sent over the Internet, it should be encrypted. File storage organizes and represents data as a hierarchy of files in folders; block storage chunks into arbitrarily organized, evenly sized volumes; and object storage manages data and links it to associated metadata
100
Your current data storage solution has too many vulnerabilities that are proprietary to the manufacturer who created your storage devices. This, combined with a lack of encryption, is leading you to choose cloud storage for your database over on premise storage. By choosing cloud storage, you will gain encryption of the data, but you will also bring in which attribute to your architecture? A. Identity B. Infrastructure C. Complexity D. Confidentiality
C. Complexity Explanation: A growing number of organizations are choosing to store some or all of their data in the cloud. Some people argue that cloud storage is more secure than on premises storage, but it adds complexity to storage environments and requires old dogs to learn new tricks. Often with movement to the cloud, IT personnel needs to learn how to implement cloud securely.
101
You own a small training business with two classrooms. Your network consists of a firewall, an enterprise class router, a 48 port switch, 1 printer and 18 laptops in each classroom. The laptops are reimaged once a month with a golden patched image with up to date antivirus and antimalware. User authentication is two factor with passwords and smart cards. The network is configured to use IPv4. You also have a wireless hotspot for student to connect their personal mobile devices. What could you improve on for a more resilient technical security posture? A. Enhanced TLS controls B. Strong user authentication C. Sufficient physical controls D. IPv6
A. Enhanced TLS controls Explanation: TLS is an encryption protocol intended to keep data secure when being transferred over a network. It encrypts data to ensure that eavesdroppers or other students are unable to see what you transmit, which is useful when using passwords or credit cards.
102

CASP+ (36 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions