Finals Flashcards
(18 cards)
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?
Secured zones
Subject role
Adaptive identity
Threat scope reduction
Secured zones
After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?
Group Policy
Content filtering
Data loss prevention
Access control lists
Access control lists
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
Default credentials
Non-segmented network
Supply chain vendor
Vulnerable software
Vulnerable software
A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?
Geographic dispersion
Platform diversity
Hot site
Load balancing
Geographic dispersion
An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?
Tokenization
Hashing
Obfuscation
Segmentation
Hashing
An organization wants to improve the company’s security authentication method for remote employees. Given the following requirements:
*Must work across SaaS and internal network applications
*Must be device manufacturer agnostic
*Must have offline capabilities
Which of the following would be the most appropriate authentication method?
Username and password
Biometrics
SMS verification
Time-based tokens
Time-based tokens
Which of the following should an internal auditor check for first when conducting an audit of the organization’s risk management program?
Policies and procedures
Asset management
Vulnerability assessment
Business impact analysis
Policies and procedures
A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks. Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?
Audit each domain administrator account weekly for password compliance.
Implement a privileged access management solution.
Create IDS policies to monitor domain controller access.
Use Group Policy to enforce password expiration.
Implement a privileged access management solution
Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project?
Risk assessment
Risk identification
Risk treatment
Risk monitoring and review
Risk identification
Which of the following is an example of a treatment strategy for a continuous risk?
Email gateway to block phishing attempts
Background checks for new employees
Dual control requirements for wire transfers
Branch protection as part of the CI/CD pipeline
Branch protection as part of the CI/CD pipeline
While a school district is performing state testing, a security analyst notices all internet services are unavailable. The analyst discovers that ARP poisoning is occurring on the network and then terminates access for the host. Which of the following is most likely responsible for this malicious activity?
Unskilled attacker
Shadow IT
Insider threat
Nation-state
Insider threat
Which of the following analysis methods allows an organization to measure the exposure factor associated with organizational assets?
Heuristic
Quantitative
User-driven
Trend-based
Quantitative
A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?
Application
IPS/IDS
Network
Endpoint
Endpoint
A software development team asked a security administrator to recommend techniques that should be used to reduce the chances of the software being reverse engineered. Which of the following should the security administrator recommend?
Digitally signing the software
Performing code obfuscation
Limiting the use of third-party libraries
Using compile flags
Performing code obfuscation
Which of the following data roles is responsible for identifying risks and appropriate access to data?
Owner
Custodian
Steward
Controller
Controller
A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?
Internal audit
Penetration testing
Attestation
Due diligence
Due diligence
Which of the following is the best way to validate the integrity and availability of a disaster recovery site?
Lead a simulated failover.
Conduct a tabletop exercise.
Periodically test the generators.
Develop requirements for database encryption.
Conduct a tabletop exercise.
Which of the following options will provide the lowest RTO and RPO for a database?
Snapshots
On-site backups
Journaling
Hot site
Journaling
