Questions 1 Flashcards
(30 cards)
Which of the following methods would be most effective in ensuring that only authorized personnel an access a secure facility? (select two)
a. fencing
b. video surveillance
c. badge access
d. access control vestibule
e. sign-in sheet
f. sensor
c. badge access
d. access control vestibule
Which agreement type defines the time frame within which a vendor must respond?
a. statement of work (SOW)
b. Service level agreement (SLA)
c. memorandum of agreement (MOA)
d. memorandum of understanding (MOU)
B. Service level agreement
A U.S. - based cloud-hosting provider plans to expand its data centers internationally. what should they prioritize first?
a. local data protection regulations
b. risks from hackers in other countries
c. impacts on existing contractual obligations
d. time zone differences for log correlation
a. local data protection regulations
A client requires at least 99.99% uptime from a service provider’s hosted security services. which document should include this info?
a. memorandum of agreement (MOA)
b. statement of work (SOW)
c. memorandum of understanding (MOU)
d. service level agreement (SLA)
d. service level agreement (SLA)
A small business uses kiosks on the sales floor that display product info, but they are running end-of-life operating systems. what is the most likely security implication?
a. patch availability
b. product software compatibility
c. ease of recovery
d. cost of replacement
a. patch availability
which security principle justifies the use of the least privilege for permissions on a Human Resources file share?
a. integrity
b. availability
c. confidentiality
d. non-repudiation
c. confidentiality
a company is planning a disaster recovery site and needs to ensure that a single natural disaster will not result in the total loss of regulated backup data. what should the company prioritize?
a. geographic dispersion
b. platform diversity
c. hot site
d. load balancing
a. geographic dispersion
which threat actor is most likely to be hired by a foreign government to attack critical systems in other countries?
a. hacktivist
b. whistleblower
c. organized crime
d. unskilled attacker
c. organized crime
a company located in a hurricane-prone area needs a disaster recovery site to ensure immediate operational continuity. which site type is best?
a. cold site
b. tertiary site
c. warm site
d. hot site
d. hot site
malware spread across a company’s network after an employee visited a compromised industry blog? what best describe this type of attack?
a. impersonation
b. disinformation
c. watering-hole
d. smishing
c. watering hole
An engineer needs to implement a solution that adds an extra layer of security to prevent unauthorized access to internal company systems. which of the following would be the most appropriate solution?
a. RDP server
b. Jump server
c. Proxy server
d. Hypervisor
b. jump server
which category of data is most vulnerable when lost or compromised?
a. confidential
b. public
c. private
d. critical
d. critical (restricted?)
a company is planning to implement a SIEM system and assign an analyst to review logs on a weekly basis. what type of control is being implemented by the company?
a. corrective
b. preventative
c. detective
d. deterrent
c. detective
A security analyst is reviewing an alert triggered by endpoint protection software. after investigation, the analyst determines the event was a false positive caused by an employee trying to download a file. what is the most likely cause for the download being blocked?
a. a misconfiguration in the endpoint protection software
b. a zero-day vulnerability in the file
c. a supply chain attack on the endpoint protection vendor
d. incorrect file permissions
a. a misconfiguration in the endpoint protection software
A systems administrator needs to apply a change to a production system. Which of the following documents must the administrator submit to prove that the system can be restored if a performance issues arises?
a. blackout plan
b. impact analysis
c. test procedure
d. approval procedure
a. blackout plan
what is the most common method by which data is lost in an air-gapped network?
a. bastion host
b. unsecured bluetooth
c. unpatched OS
d. removable devices
d. removable devices
An organization wants to hire a third-party vendor to perform a penetration test on a specific device. the organization has provided basic details about the device. what kind of penetration test is this?
a. partially known environment
b. unknown environment
c. integrated
d. known environment
a. partially known environment
A security analyst scans a company’s public-facing network and discovers that a host is running a Remote Desktop service that could allow access to the production network. which of the following actions should the analyst recommend?
a. changing the Remote Desktop port to a non-standard number
b. setting up a VPN and placing the jump server inside the firewall
c. using a proxy for web connections from the Remote Desktop server
d. connecting the remote server to the domain and increasing the password length
b. setting up a VPN and placing the jump server inside the firewall
Employees working in the research and development department receive in-depth training on how to protect company data. which type of data is most likely to be handled by these employees in their daily work?
a. encrypted
b. intellectual property
c. critical
d. data privacy
b. intellectual property
A system administrator is configuring a firewall to allow DNS requests. which port number should be allowed for this traffic?
a. 21
b. 25
c. 53
d. 80
c. 53
A company has been facing attacks targeting vulnerabilities in outdated browser versions, using well-known exploits. which security solution should be set up to effectively monitor and block these attacks based on recognized signatures?
a. ACL
b. DLP
c. IDS
d. IPS
D. IPS
Which security concept is implemented when a RADIUS server is installed?
a. CIA
b. AAA
c. ACL
d. PEM
b. AAA
During troubleshooting of a firewall configuration, a technician determines that adding a ‘deny any’ rule at the bottom of the ACL will be necessary. After updating the policy, several servers become inaccessible. Which of the following actions can prevent this issue from occurring?
a. documenting the new policy in a change request and submitting the request to change management
b. testing the policy in a non-production environment before enabling the policy in the production network
c. disabling any intrusion prevention signatures on the ‘deny any’ policy prior to enabling the new policy
d. including an ‘allow any’ policy above the ‘deny any’ policy
b. testing the policy in a non-production environment before enabling the policy in the production network
Which term refers to the max level of risk that an organization is willing to accept?
a. risk indicator
b. risk level
c. risk score
d. risk threshold
d. risk threshold
