Practice Exam 01 Questions Flashcards
(15 cards)
Susan, a security analyst at Kelly Innovations LLC, is reviewing alerts from the IPS. She recognizes a pattern of false positives from signature-based detections. Which of the following is the MOST likely cause for false positives in signature-based detection systems?
a. The IPS is scanning encrypted traffic only.
b. Signature databases are stored in volatile memory.
c. The signatures require tuning.
d. The system is only updated with old signatures.
c. The signatures require tuning.
OBJ: 4.5 - When signatures are overly broad or not precisely defined, they might incorrectly match legitimate network traffic, leading to false positives. Signature-based detection works by inspecting traffic patterns, whether encrypted or not. However, the encrypted nature of traffic isn’t the primary reason for false positives in signature-based detection. While outdated signatures might miss newer threats, they aren’t typically the cause of false positives. Instead, they might lead to false negatives. Where the signature database is stored does not influence the accuracy of the detection. It’s the quality and precision of the signatures that matter most.
Which of the following terms BEST describe the affirmation of the validation of the accuracy and thoroughness of compliance-related reports?
a. Internal assessment
b. Regulatory examination
c. Attestation
d. Independent third-party audit
c. Attestation
OBJ: 5.5 - Attestation is the term that refers to the process of affirming the accuracy and completeness of compliance reports. It involves providing formal statements or declarations about the organization’s compliance with specific regulations or standards. Attestation can be done internally by the organization’s management or externally by a third-party auditor.
Independent third-party audit involves an external and unbiased assessment conducted by an independent auditor or a third-party organization. The purpose of this audit is to provide an objective evaluation of the organization’s compliance status. Independent third-party audits are often used to validate and verify compliance claims made by the organization and can offer more credibility to compliance reports.
Internal assessment involves the organization’s internal evaluation of its adherence to established compliance requirements. This process may include self-assessments, internal audits, and reviews conducted by the organization’s compliance team to ensure that it meets the necessary regulatory and security standards.
Regulatory examination is an external evaluation conducted by a government agency or a regulatory body to ensure that an organization is complying with specific regulations or industry standards. During a regulatory examination, the organization’s compliance practices, controls, and processes are thoroughly reviewed to assess their alignment with the applicable rules and requirements.
Which of the following is an aspect of asset management that ensures that each IT asset is clearly associated with a specific individual or department, providing clarity on responsibilities and access rights?
a. Decommissioning
b. Ownership
c. Acquisition
d. Monitoring
b. Ownership
OBJ: 4.2 - Ownership helps in determining who is responsible for the asset, ensuring clear lines of accountability and often helping in deciding the access rights.
Monitoring involves keeping an eye on the performance and status of assets, rather than establishing responsibility.
Decommissioning pertains to the process of retiring assets and doesn’t directly associate assets with specific entities.
Acquisition refers to the process of obtaining assets, not the association of assets with individuals or departments.
Before disposing of old computers at Kelly Innovations LLC, Sasha receives a document that confirms all data has been securely removed. What is this document known as?
a. Data Retention Policy
b. Service Agreement
c. Certificate of Sanitization
d. Purchase Order
c. Certificate of Sanitization
OBJ: 2.4 - A Certificate of Sanitization serves as a formal assurance that a device has undergone a thorough data cleansing process, ensuring all information has been securely and permanently erased. It is essential for maintaining data privacy, especially when disposing of or repurposing equipment.
Service agreement is a formal contract that sets out terms and conditions between a service provider and a client. While it might specify various services, including data-related ones, it isn’t a confirmation of data removal from a device.
Data Retention Policy defines the duration for which data should be stored and when it should be disposed of. While it addresses data management, it doesn’t certify the secure erasure of data from a device.
Purchase order used to authorize the purchase of goods or services. While it’s an essential record in procurement processes, it doesn’t have any relevance to the secure erasure of data from devices.
Dion Training is considering a collaboration with a new IT service vendor. To ensure compliance and adherence to industry standards, Dion Training wishes to see verifiable evaluations of the vendor’s security controls and practices. Which of the following would provide Dion Training with insights into the vendor’s own internal evaluations of their security measures?
a. External penetration test reports
b. Regulatory compliance certificates
c. Customer testimonial
d. Evidence of internal audits
d. Evidence of internal audits
OBJ: 5.3 - Evidence of Internal Audits showcases a vendor’s proactive approach to maintaining and enhancing their security measures. Such audits are conducted internally and reflect a rigorous self-assessment of security practices, vulnerabilities, and control mechanisms. By reviewing these, a company can gain insights into the vendor’s commitment to security, how they address potential weaknesses, and their overall cybersecurity health. This evidence can be instrumental in gauging the reliability and trustworthiness of the vendor’s internal security framework.
Regulatory compliance certificates indicate compliance with specific regulations but don’t provide detailed insights into internal evaluations.
Customer testimonials may provide feedback on the vendor’s performance, they don’t offer insights into the vendor’s internal evaluations of their security measures.
External penetration test reports show the results of external entities testing the vendor’s defenses, not the vendor’s own evaluations.
Which of the following BEST describes an approach where the foundational systems are set up and overseen using scripts and automated instruments instead of hands-on methods?
a. Air-gapped network
b. IaC
c. Microservices architecture
d. Serverless architecture
b. IaC
OBJ: 3.1 - Infrastructure as code (IaC) allows infrastructure to be provisioned and managed using code, making it easier to manage, replicate, and scale.
Serverless architecture reduces the complexity of deploying code into production, it doesn’t involve defining the underlying infrastructure as code.
Air-gapped network is a security measure that involves physically isolating a computer or network and ensuring it doesn’t connect to unsecured networks, especially the public internet. It doesn’t deal with infrastructure management methodologies.
Microservices architecture is about designing software applications as suites of independently deployable services, but it doesn’t directly address infrastructure provisioning through code.
A drone manufacturer employs a real-time operating system (RTOS) to ensure timely task executions. While optimizing for real-time performance, which of the following security concerns might arise?
a. Inadequate buffer overflow protections.
b. Overhead from virtualization.
c. Lack of legacy protocol support.
d. Uncontrolled cloud access.
a. Inadequate buffer overflow protections.
OBJ: 3.1 - RTOS’s prioritize performance, sometimes at the expense of security features like buffer overflow protections, potentially leaving the system susceptible to certain attacks.
RTOSs aren’t primarily concerned with supporting legacy protocols, and this isn’t a direct security risk associated with them.
RTOSs are designed for efficiency and generally don’t involve the overheads from virtualization layers.
While cloud access can pose risks, it’s not an inherent security implication of using an RTOS.
Travid is evaluating an attack that has occurred on his organization’s system. He sees that the attacker entered a lot of data into the the area of memory in the API that temporarily stores user input. What type of attack did Travid discover?
a. Memory leak
b. Memory fragmentation
c. Buffer underflow
d. Buffer overflow
d. Buffer overflow
OBJ: 2.3 - Buffer overflow is a type of memory corruption that occurs when a program writes more data than the allocated buffer, the area of memory set aside to temporarily hold user input, can hold. This causes the application to overwrite adjacent memory locations. It can lead to crashes, code execution, or privilege escalation.
Buffer underflow is a type of memory corruption that occurs when a program reads more data than the allocated buffer can provide, causing it to read from invalid memory locations. It can lead to crashes, data leakage, or undefined behavior.
Memory fragmentation is a type of memory issue that occurs when a program allocates and frees memory in an irregular or inefficient manner, causing the available memory to be divided into small and non-contiguous blocks. It can lead to memory wastage, allocation failure, or reduced performance.
Memory leak is a type of memory issue that occurs when a program fails to release or free the memory that it has allocated, causing it to consume more and more memory over time. It can lead to performance degradation, resource exhaustion, or out-of-memory errors.
Dion Training Solutions needs a network appliance capable of filtering traffic based on URL, HTTP headers, and specific web application functionalities. At which layer of the OSI model would this appliance primarily operate?
a. Layer 7
b. Layer 6
c. Layer 5
d. Layer 3
a. Layer 7
OBJ: 3.2 - Layer 7, or the application layer, deals with end-user services, and appliances at this layer can make filtering decisions based on specifics like URLs, HTTP headers, and specific application functions.
Layer 6, the presentation layer, is responsible for translating data between the application and transport layers.
Layer 5, the session layer, manages connections between applications. It isn’t focused on the content-specific criteria like URLs and HTTP headers.
Layer 3 devices are concerned with IP addressing and routing.
Which of the following BEST describes the initial step to ensure a secure procurement process at Dion Training?
a. Collaborate with the IT department for installation.
b. Determine the software’s compatability with existing systems.
c. Check for discounts or bulk pricing.
d. Verify the legitimacy of the software vendor.
d. Verify the legitimacy of the software vendor.
OBJ: 4.1 - Before making any purchases, it’s essential to ensure the vendor is reputable to avoid acquiring counterfeit or malicious software.
Financial considerations, while valid, come after ensuring security.
Compatibility is important, but first, you need to ensure you’re buying from a reputable source.
While collaboration is crucial, the first step should be to ensure the vendor’s legitimacy.
Which of the following characteristics of a cloud architecture model describes a model that can quickly recover from failures due to adverse conditions?
a. Ease of deployment
b. Resilience
c. Availability
d. Scalability
b. Resilience
OBJ: 3.1 - Resilience in cloud architecture refers to the ability of the system to quickly recover from failures and maintain operational performance, crucial for ensuring availability during adverse conditions.
Availability refers to guaranteeing a system will continue to operate so that the system can be used regardless of conditions.
Resilience, like availability, refers to keeping a system functioning, but also directly addresses how quickly a system can recover after adverse conditions have led to a failure.
Scalability means that the system can expand when more resources are needed without creating lags or problems for users. This expansion isn’t considered an adverse condition. Increased business is seen as a positive attribute.
Ease of Deployment means that new instances and the entire cloud environment can be easily created.
At Kelly Innovations LLC, Susan has been entrusted with determining the purposes and means of processing personal data for the organization’s new marketing campaign. She decides what data to collect, how long it will be retained, and with whom it will be shared. Which of the following BEST describes the role Susan is playing?
a. Data processor
b. Data subject
c. Data custodian
d. Data controller
d. Data controller
OBJ: 5.4 - A Data Controller is an individual or entity that determines the purposes and means of processing personal data. They have primary responsibility for ensuring the data’s protection and compliance with privacy regulations.
Data Processor is an individual or entity that processes personal data on behalf of the data controller, without deciding the purposes or means of the processing.
Data Custodian typically responsible for ensuring the safety and maintenance of data assets through its various stages of storage, but doesn’t decide on processing methods.
When considering user interactions with a web service, which of the following are the security measures that involve the secure creation and transfer of identifiers as well as enforcing inactivity limits to prevent unauthorized access?
a. session cookies
b. session management
c. timeout policies
d. taken handling
b. session management
OBJ: 5.1 - These refer to the protocols that maintain the security of user interactions on the web, including the secure creation and transfer of unique identifiers or “cookies,” and setting inactivity limits to automatically terminate the session if the user is inactive for a certain period.
Timeout policies contribute to these practices by defining when an inactive session should end, but they do not include the secure transmission and generation of identifiers.
Token handling involves managing security tokens within a system, but on its own, it doesn’t cover all aspects of what is required to maintain the security of user interactions, including setting inactivity limits.
While session cookies are a part of what is managed, this term alone does not encompass the full scope of practices like setting inactivity limits.
Jamario, a security analyst at Dion Training, has just completed a vulnerability assessment on a company’s internal web application. One of the vulnerabilities detected has a high likelihood of being exploited and, if successful, could expose sensitive customer data. Based on severity and potential impact, how should this vulnerability be classified?
a. medium
b. informational
c. low
d. critical
d. critical
OBJ: 4.3 - A critical classification is assigned to vulnerabilities that, if exploited, would cause significant damage, have a high likelihood of being exploited, or expose sensitive data. These should be addressed immediately.
Medium vulnerabilities pose a moderate risk and usually have some mitigating factors that lessen their potential impact or likelihood of exploitation.
Informational vulnerabilities are typically findings that don’t pose any immediate risk but are documented to provide a complete view of the assessment.
Low vulnerabilities have minimal potential damage and are less likely to be exploited. They are of lesser priority compared to other classifications.
