Play It Safe: Manage Security Risks

Question 1

Domain one: Security and risk management

Answer 1

Security goals and objectives, risk mitigation, compliance, business continuity, and the law

All organizations must develop their security posture. Security posture is an organization’s ability to manage its defense of critical assets and data and react to change. Elements of the security and risk management domain that impact an organization’s security posture include:

Security goals and objectives

Risk mitigation processes

Compliance

Business continuity plans

Legal regulations

Professional and organizational ethics

Information security, or InfoSec, is also related to this domain and refers to a set of processes established to secure information. An organization may use playbooks and implement training as a part of their security and risk management program, based on their needs and perceived risk. There are many InfoSec design processes, such as:

Incident response

Vulnerability management

Application security

Cloud security

Infrastructure security

As an example, a security team may need to alter how personally identifiable information (PII) is treated in order to adhere to the European Union’s General Data Protection Regulation (GDPR).

Question 2

Domain two: Asset security

Answer 2

Securing assets; storage, maintenance, retention, and destruction of data

Asset security involves managing the cybersecurity processes of organizational assets, including the storage, maintenance, retention, and destruction of physical and virtual data. Because the loss or theft of assets can expose an organization and increase the level of risk, keeping track of assets and the data they hold is essential. Conducting a security impact analysis, establishing a recovery plan, and managing data exposure will depend on the level of risk associated with each asset. Security analysts may need to store, maintain, and retain data by creating backups to ensure they are able to restore the environment if a security incident places the organization’s data at risk.

Question 3

Domain three: Security architecture and engineering

Answer 3

Optimizing data security by using effective tools, systems, and processes

This domain focuses on managing data security. Ensuring effective tools, systems, and processes are in place helps protect an organization’s assets and data. Security architects and engineers create these processes.

One important aspect of this domain is the concept of shared responsibility. Shared responsibility means all individuals involved take an active role in lowering risk during the design of a security system. Additional design principles related to this domain, which are discussed later in the program, include:

Threat modeling

Least privilege

Defense in depth

Fail securely

Separation of duties

Keep it simple

Zero trust

Trust but verify

An example of managing data is the use of a security information and event management (SIEM) tool to monitor for flags related to unusual login or user activity that could indicate a threat actor is attempting to access private data.

Question 4

Domain four: Communication and network security

Answer 4

Managing and securing physical networks and wireless communications

This domain focuses on managing and securing physical networks and wireless communications. This includes on-site, remote, and cloud communications.

Organizations with remote, hybrid, and on-site work environments must ensure data remains secure, but managing external connections to make certain that remote workers are securely accessing an organization’s networks is a challenge. Designing network security controls—such as restricted network access—can help protect users and ensure an organization’s network remains secure when employees travel or work outside of the main office.

Question 5

Domain five: Identity and access management

Answer 5

Using access, authorization, and established policies to secure data and manage assets

The identity and access management (IAM) domain focuses on keeping data secure. It does this by ensuring user identities are trusted and authenticated and that access to physical and logical assets is authorized. This helps prevent unauthorized users, while allowing authorized users to perform their tasks.

Question 6

Domain six: Security assessment and testing

Answer 6

Conducting security control testing and audits, collecting and analyzing data

The security assessment and testing domain focuses on identifying and mitigating risks, threats, and vulnerabilities. Security assessments help organizations determine whether their internal systems are secure or at risk. Organizations might employ penetration testers, often referred to as “pen testers,” to find vulnerabilities that could be exploited by a threat actor.

This domain suggests that organizations conduct security control testing, as well as collect and analyze data. Additionally, it emphasizes the importance of conducting security audits to monitor for and reduce the probability of a data breach. To contribute to these types of tasks, cybersecurity professionals may be tasked with auditing user permissions to validate that users have the correct levels of access to internal systems.

Question 7

Domain seven: Security operations

Answer 7

Conducting investigations and implementing preventative measures

The security operations domain focuses on the investigation of a potential data breach and the implementation of preventative measures after a security incident has occurred. This includes using strategies, processes, and tools such as:

Training and awareness

Reporting and documentation

Intrusion detection and prevention

SIEM tools

Log management

Incident management

Playbooks

Post-breach forensics

Reflecting on lessons learned

The cybersecurity professionals involved in this domain work as a team to manage, prevent, and investigate threats, risks, and vulnerabilities. These individuals are trained to handle active attacks, such as large amounts of data being accessed from an organization’s internal network, outside of normal working hours. Once a threat is identified, the team works diligently to keep private data and information safe from threat actors.

Question 8

Domain eight: Software development security

Answer 8

Using secure coding practices to create secure applications and services

The software development security domain is focused on using secure programming practices and guidelines to create secure applications. Having secure applications helps deliver secure and reliable services, which helps protect organizations and their users.

Security must be incorporated into each element of the software development life cycle, from design and development to testing and release. To achieve security, the software development process must have security in mind at each step. Security cannot be an afterthought.

Performing application security tests can help ensure vulnerabilities are identified and mitigated accordingly. Having a system in place to test the programming conventions, software executables, and security measures embedded in the software is necessary. Having quality assurance and pen tester professionals ensure the software has met security and performance standards is also an essential part of the software development process. For example, an entry-level analyst working for a pharmaceutical company might be asked to make sure encryption is properly configured for a new medical device that will store private patient data.

Question 9

Acceptance

Answer 9

Accepting a risk to avoid disrupting business continuity

Question 10

Avoidance

Answer 10

Creating a plan to avoid the risk altogether

Question 11

Transference

Answer 11

Transferring risk to a third party to manage

Question 12

Mitigation

Answer 12

Lessening the impact of a known risk

Question 13

Multiparty risk

Answer 13

Outsourcing work to third-party vendors can give them access to intellectual property, such as trade secrets, software designs, and inventions.

Question 14

ProxyLogon

Answer 14

A pre-authenticated vulnerability that affects the Microsoft Exchange server. This means a threat actor can complete a user authentication process to deploy malicious code from a remote location.

Question 15

ZeroLogon

Answer 15

A vulnerability in Microsoft’s Netlogon authentication protocol. An authentication protocol is a way to verify a person’s identity. Netlogon is a service that ensures a user’s identity before allowing access to a website’s location.

Question 16

Log4Shell

Answer 16

Allows attackers to run Java code on someone else’s computer or leak sensitive information. It does this by enabling a remote attacker to take control of devices connected to the internet and run malicious code.

Question 17

PetitPotam

Answer 17

Affects Windows New Technology Local Area Network (LAN) Manager (NTLM). It is a theft technique that allows a LAN-based attacker to initiate an authentication request.

Question 18

Security logging and monitoring failures:

Answer 18

Insufficient logging and monitoring capabilities that result in attackers exploiting vulnerabilities without the organization knowing it

Question 19

Fill in the blank: Security _____ refers to an organization’s ability to manage its defense of critical assets and data, as well as its ability to react to change.

governance

architecture

posture

hardening

Answer 19

posture

Question 20

Which of the following examples are key focus areas of the security and risk management domain? Select three answers.

Maintain business continuity

Define security goals

Follow legal regulations

Conduct Control Testing

Answer 20

Maintain business continuity

Define security goals

Follow legal regulations

Question 21

What term describes an organization’s ability to maintain its everyday productivity by establishing risk disaster recovery plans?

Business continuity

Mitigation

Daily defense

Recovery

Answer 21

Business continuity

Question 22

Question 4
Fill in the blank: According to the concept of shared responsibility, employees can help lower risk to physical and virtual security by _____. Select two answers.

taking an active role

recognizing and reporting security concerns

meeting productivity goals

limiting their communication with team members

Answer 22

taking an active role

recognizing and reporting security concerns

Question 23

A security analyst ensures that employees are able to review only the data they need to do their jobs. Which security domain does this scenario relate to?

Communication and network security

Software development security

Identity and access management

Security assessment and testing

Answer 23

Identity and access management

Question 24

Which of the following statements accurately describe risk? Select all that apply.

A high-risk asset is any information protected by regulations or laws.

If compromised, a low-risk asset would have a severe negative impact on an organization’s ongoing reputation.

Another way to think of risk is the likelihood of a threat occurring.

If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.

You didn’t select all the correct answers

Answer 24

Another way to think of risk is the likelihood of a threat occurring.

If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.

Question 25

physical controls

Answer 25

Gates, fences, and locks Security guards Closed-circuit television (CCTV), surveillance cameras, and motion detectors Access cards or badges to enter office spaces

Question 26

technical controls

Answer 26

Firewalls MFA Antivirus software

Question 27

administrative controls:

Answer 27

Separation of duties Authorization Asset classification

Question 28

Proprietary tools

Answer 28

Proprietary tools are developed and owned by a person or company, and users typically pay a fee for usage and training. The owners of proprietary tools are the only ones who can access and modify the source code. This means that users generally need to wait for updates to be made to the software, and at times they might need to pay a fee for those updates. Proprietary software generally allows users to modify a limited number of features to meet individual and organizational needs. Examples of proprietary tools include Splunk® and Google SecOps (Chronicle) SIEM tools.

Question 29

Security posture dashboard

Answer 29

The security posture dashboard is designed for security operations centers (SOCs). It displays the last 24 hours of an organization’s notable security-related events and trends and allows security professionals to determine if security infrastructure and policies are performing as designed. Security analysts can use this dashboard to monitor and investigate potential threats in real time, such as suspicious network activity originating from a specific IP address.

Question 30

Executive summary dashboard

Answer 30

The executive summary dashboard analyzes and monitors the overall health of the organization over time. This helps security teams improve security measures that reduce risk. Security analysts might use this dashboard to provide high-level insights to stakeholders, such as generating a summary of security incidents and trends over a specific period of time.

Question 31

Incident review dashboard

Answer 31

The incident review dashboard allows analysts to identify suspicious patterns that can occur in the event of an incident. It assists by highlighting higher risk items that need immediate review by an analyst. This dashboard can be very helpful because it provides a visual timeline of the events leading up to an incident.

Question 32

Risk analysis dashboard

Answer 32

The risk analysis dashboard helps analysts identify risk for each risk object (e.g., a specific user, a computer, or an IP address). It shows changes in risk-related activity or behavior, such as a user logging in outside of normal working hours or unusually high network traffic from a specific computer. A security analyst might use this dashboard to analyze the potential impact of vulnerabilities in critical assets, which helps analysts prioritize their risk mitigation efforts.

Question 33

Which of the following statements correctly describe logs? Select three answers. Events related to websites, emails, or file shares are recorded in a server log. Actions such as using a username or password are recorded in a firewall log. A log is a record of events that occur within an organization’s systems and networks. A network log is a record of all computers and devices that enter and leave a network.

Answer 33

A log is a record of events that occur within an organization’s systems and networks. A network log is a record of all computers and devices that enter and leave a network. Events related to websites, emails, or file shares are recorded in a server log.

Question 34

What are some of the key benefits of SIEM tools? Select three answers. Collect log data from different sources Eliminate the need for manual review of logs Save time Provide event monitoring and analysis

Answer 34

Collect log data from different sources Save time Provide event monitoring and analysis

Question 35

Fill in the blank: A security professional creates a dashboard that displays technical attributes about business operations called ______, such as incoming and outgoing network traffic.

Answer 35

Metrics

Question 36

Fill in the blank: The wide exposure and immediate access to the source code of open-source tools makes it _____ likely that issues will occur.

Answer 36

very?