Sec+ Objective 1 Test Questions Flashcards
What kind of security control is associated with a login banner?
❍ A. Preventive
❍ B. Deterrent
❍ C. Corrective
❍ D. Detective
❍ E. Compensating
❍ F. Directive
B. Deterrent
A deterrent control does not directly stop an attack, but it may discourage an action. (1.1)
An organization is installing a UPS for their new data center. Which of the following would BEST describe this control type?
❍ A. Compensating
❍ B. Directive
❍ C. Deterrent
❍ D. Detective
A. Compensating
A compensating security control doesn’t prevent an attack, but it does restore from an attack using other means. In this example, the UPS
(Uninterruptible Power Supply) does not stop a power outage, but it does provide alternative power if an outage occurs. (1.1)
A shipping company stores information in small regional warehouses around the country. The company maintains an IPS at each warehouse to watch for suspicious traffic patterns. Which of the following would BEST describe the security control used at the warehouse?
❍ A. Deterrent
❍ B. Compensating
❍ C. Directive
❍ D. Detective
D. Detective
An IPS can detect, alert, and log an intrusion attempt. The IPS could also be categorized as a preventive control, since it has the ability to actively block known attacks. (1.1)
A company is concerned their EDR solution will not be able to stop more advanced ransomware variants. Technicians have created a backup and restore utility to get most systems up and running less than an hour after an attack. What type of security control is associated with this restore process?
❍ A. Directive
❍ B. Compensating
❍ C. Preventive
❍ D. Detective
B. Compensating
Instead of preventing an attack, a compensating control is used to restore systems using other means. A streamlined backup and restore process compensates for the limited security features of the EDR (Endpoint Detection and Response) software. (1.1)
What is EDR?
Endpoint Detection and Response. A type of software that can detect threats based upon behavioral analysis, machine learning, and process monitoring. It’s a lightweight agent on the endpoint. Analyses the behavior of a threat and is able to detect it again.
What type of security control would be associated with corporate security policies?
❍ A. Technical
❍ B. Operational
❍ C. Managerial
❍ D. Physical
C. Managerial
A managerial control type is associated with security design and implementation. Security policies and standard operating procedures are
common examples of a managerial control type. (1.1)
A security technician observes that the data center’s server racks are accessible to all employees, posing a risk to critical infrastructure. What is the most appropriate physical control to mitigate this risk?
A) Implement a network intrusion detection system
B) Install locks on the server rack doors
C) Update the antivirus software on the servers
D) Conduct a risk assessment of the data center
B) Install locks on the server rack doors
Physical Controls: Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this. (1.1)
Which of the following answers can be used to describe technical security controls? (Select 3 answers)
A) Focused on protecting material assets
B) Sometimes called logical security controls
C) Executed by computer systems (instead of people)
D) Also known as administrative controls
E) Implemented with technology
F) Primarily implemented and executed by people (as opposed to computer systems)
B) Sometimes called logical security controls
C) Executed by computer systems (instead of people)
E) Implemented with technology
Technical Controls: Controls implemented using some type of technical system, for example, setting up policies and procedures in an OS that would allow or disallow different functions from occurring. Firewalls, anti-virus, and other similar software fall under this category. (1.1)
Which of the answers listed below refer to examples of technical security controls? (Select 3 answers)
A) Security Audits
B) Encryption
C) Organizational Security Policy
D) IDSs
E) Configuration Management
F) Firewalls
B) Encryption
D) IDSs
F) Firewalls
Technical Controls: Controls implemented using some type of technical system, for example, setting up policies and procedures in an OS that would allow or disallow different functions from occurring. Firewalls, anti-virus, and other similar software fall under this category. (1.1)
Which of the following answers refer to the characteristic features of managerial security controls? (Select 3 answers)
A) Also known as administrative controls
B) Sometimes referred to as logical security controls
C) Focused on reducing the risk of security incidents
D) Executed by computer systems (instead of people)
E) Documented in written policies
F) Focused on protecting material assets
A) Also known as administrative controls
C) Focused on reducing the risk of security incidents
E) Documented in written policies
Managerial Controls: A series of policies that explain to end users the best way to manage their computers, data, or other systems. A security policy document or manual is an example of this. (1.1)
Examples of managerial security controls include: (Select 3 answers)
A) Configuration management
B) Data backups
C) Organizational security policy
D) Risk assessments
E) Security awareness training
C) Organizational security policy
D) Risk assessments
E) Security awareness training
Managerial Controls: A series of policies that explain to end users the best way to manage their computers, data, or other systems. A security policy document or manual is an example of this. (1.1)
Which of the answers listed below can be used to describe operational security controls (Select 3 answers)
A) Also known as administrative controls
B) Focused on the day-to-day procedures of an organization
C) Executed by computer systems (instead of people)
D) Used to ensure that the equipment continues to work as specified
E) Focused on managing risk
F) Primarily implemented and executed by people (as opposed to computer systems)
B) Focused on the day-to-day procedures of an organization
D) Used to ensure that the equipment continues to work as specified
F) Primarily implemented and executed by people (as opposed to computer systems)
Operational Controls: Controls implemented by people instead of systems or documents. Security guards, awareness programs, and posters are all examples of this. (1.1)
Which of the following examples fall into the category of operational security controls? (Select 3 answers)
A) Risk assessments
B) Configuration management
C) System backups
D) Authentication protocols
E) Patch management
B) Configuration management
C) System backups
E) Patch management
Operational Controls: Controls implemented by people instead of systems or documents. Security guards, awareness programs, and posters are all examples of this. (1.1)
Which of the answers listed below refers to security controls designed to deter, detect, and prevent unauthorized access, theft, damage, or destruction of material assets?
A) Managerial security controls
B) Physical security controls
C) Technical security controls
D) Operational security controls
B) Physical security controls
Physical Controls: Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this. (1.1)
Which of the following examples do not fall into the category of physical security controls? (Select 3 answers)
A) Lighting
B) Access control vestibules
C) Data backups
D) Fencing/Bollards/Barricades
E) Firewalls
F) Security guards
G) Asset management
C) Data backups
E) Firewalls
G) Asset management
Physical Controls: Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this. (1.1)
What are the examples of preventive security controls? (Select 3 answers)
A) Encryption
B) IDS
C) Sensors
D) Firewalls
E) Warning signs
F) AV software
A) Encryption
D) Firewalls
F) AV software
Preventive Controls: Block access to a resource. (1.1)
Examples of deterrent security controls include: (Select 3 answers)
A) Warning signs
B) Sensors
C) Lighting
D) Video surveillance
E) Security audits
F) Fencing/Bollards
A) Warning signs
C) Lighting
F) Fencing/Bollards
Deterrent Controls: Discourages an intrusion, but does not directly prevent access. (1.1)
Which of the answers listed below refer(s) to detective security control(s)? (Select all that apply)
A) Lighting
B) Log monitoring
C) Sandboxing
D) Security audits
E) CCTV
F) IDS
G) Vulnerability scanning
B) Log monitoring
E) CCTV
F) IDS
G) Vulnerability scanning
Detective Controls: Identifies and logs an intrusion attempt (1.1)
Which of the following answers refer(s) to corrective security control(s)? (Select all that apply)
A) IRPs
B) Log monitoring
C) Backups and system recovery
D) DRPs
E) Forensic analysis
A) IRPs
C) Backups and system recovery
D) DRPs
E) Forensic analysis
Corrective Controls: Applies a control after an event has been detected. (1.1)
Which of the answers listed below refer(s) to compensating security control(s)? (Select all that apply)
A) Temporary service disablement
B) Video surveillance
C) MFA
D) Backup power systems
E) Sandboxing
F) Temporary port blocking
A) Temporary service disablement
C) MFA
D) Backup power systems
E) Sandboxing
F) Temporary port blocking
Compensating: A control method using other means instead (Plan B) (1.1)
True or False: The term “Directive security controls” refers to the category of security controls that are implemented through policies and procedures.
True.
Directive Controls: Directs a subject towards security compliance. (1.1)
Which of the following terms fall into the category of directive security controls? (Select 2 answers)
A) IRP
B) AUP
C) IDS
D) MFA
E) IPS
A) IRP
B) AUP
Directive Controls: Directs a subject towards security compliance. (1.1)
Which of the following would explain why a company would automatically add a digital signature to each outgoing email message?
❍ A. Confidentiality
❍ B. Integrity
❍ C. Authentication
❍ D. Availability
B. Integrity
Integrity refers to the trustworthiness of data. A digital signature allows the recipient to confirm that none of the data has been changed since the digital signature was created. (1.2)
A company would like to examine the credentials of each individual entering the data center building. Which of the following would BEST facilitate this requirement?
❍ A. Access control vestibule
❍ B. Video surveillance
❍ C. Pressure sensors
❍ D. Bollards
A. Access control vestibule
An access control vestibule is a room designed to restrict the flow of individuals through an area. These are commonly used in high security
areas where each person needs to be evaluated and approved before access can be provided. (1.2)
An organization is implementing a security model where all application requests must be validated at a policy enforcement point. Which of the following would BEST describe this model?
❍ A. Public key infrastructure
❍ B. Zero trust
❍ C. Discretionary access control
❍ D. Federation
B. Zero trust
Zero trust describes a model where nothing is inherently trusted and everything must be verified to gain access. A central policy enforcement point is commonly used to implement a zero trust architecture. (1.2)
A user has opened a helpdesk ticket complaining of poor system performance, excessive pop up messages, and the cursor moving without anyone touching the mouse. This issue began after they opened a spreadsheet from a vendor containing part numbers and pricing information. Which of the following is MOST likely the cause of this user’s issues?
❍ A. On-path
❍ B. Worm
❍ C. Trojan horse
❍ D. Logic bomb
C. Trojan horse
Since a Trojan horse is usually disguised as legitimate software, the victim often doesn’t realize they’re installing malware. Once the Trojan is installed, the attacker can install additional software to control the infected system. (1.2)
A security administrator has configured a virtual machine in a screened subnet with a guest login account and no password. Which of the following would be the MOST likely reason for this configuration?
❍ A. The server is a honeypot for attracting potential attackers
❍ B. The server is a cloud storage service for remote users
❍ C. The server will be used as a VPN concentrator
❍ D. The server is a development sandbox for third-party
programming projects
A. The server is a honeypot for attracting potential attackers.
A screened subnet is a good location to configure services that can be accessed from the Internet, and building a system that can be easily compromised is a common tactic for honeypot systems. (1.2)
A company is launching a new internal application that will not start until a username and password is entered and a smart card is plugged into the computer. Which of the following BEST describes this process?
❍ A. Federation
❍ B. Accounting
❍ C. Authentication
❍ D. Authorization
C. Authentication
The process of proving who you say you are is authentication. In this example, the password and smart card are two factors of authentication,
and both reasonably prove that the person with the login credentials is authentic. (1.2)
A company is concerned about security issues at their remote sites. Which of the following would provide the IT team with more information of potential shortcomings?
❍ A. Gap analysis
❍ B. Policy administrator
❍ C. Change management
❍ D. Dependency list
A. Gap analysis
A gap analysis is a formal process comparing the current security posture with where the company would like to be. This often examines many different aspects of the overall security environment. (1.2)
When a person enters a data center facility, they must check-in before they are allowed to move further into the building. People who are leaving must be formally checked-out before they are able to exit the building. Which of the following would BEST facilitate this process?
❍ A. Access control vestibule
❍ B. Air gap
❍ C. Pressure sensors
❍ D. Bollards
A. Access control vestibule
An access control vestibule is commonly used to control the flow of people through a particular area. Unlocking the one door of the vestibule
commonly restricts the other door from opening, thereby preventing someone from walking through without stopping. It’s common in large
data centers to have a single room as the access control vestibule where users are checked in and out of the facility. (1.2)
A company is updating components within the control plane of their zero-trust implementation. Which of the following would be part of this update?
❍ A. Policy engine
❍ B. Subjects
❍ C. Policy enforcement point
❍ D. Zone configurations
A. Policy engine
The policy engine is located in the control plane and evaluates each access decision based on security policy and other information sources. The policy engine determines if access should be granted, denied, or revoked. (1.2)
What is the control plane?
Also called the Control Layer. Manages the actions of the data plane. Has all of the routing, session, and NAT tables.
What is a policy engine?
Thing that looks at all of the requests that are coming through the network, examines each request, compares it to a set of predefined security policies, and then makes a decision on whether the request is granted, denied, or revoked.
A company would like to automatically monitor and report on any movement occurring in an open field at the data center. Which of the following would be the BEST choice for this task?
❍ A. Bollard
❍ B. Microwave sensor
❍ C. Access control vestibule
❍ D. Fencing
B. Microwave sensor
Microwave sensors can detect movement across large areas such as open fields. (1.2)
A system administrator would like to prove an email message was sent by a specific person. Which of the following describes the verification of this message source?
❍ A. Non-repudiation
❍ B. Key escrow
❍ C. Asymmetric encryption
❍ D. Steganography
A. Non-repudiation
Non-repudiation is used to verify the source of data or a message. Digital signatures are commonly used for non-repudiation. (1.2)
Visitors to a corporate data center must enter through the main doors of the building. Which of the following security controls would be the
BEST choice to successfully guide people to the front door? (Select TWO)
❍ A. Infrared sensors
❍ B. Bollards
❍ C. Biometrics
❍ D. Fencing
❍ E. Access badges
❍ F. Video surveillance
B. Bollards
and
D. Fencing
Both bollards and fencing provide physical security controls to direct people to an area by limiting their access to other areas. (1.2)
Which of the following would BEST describe a honeytoken?
A) A publicly accessible password.txt file
B) Intentionally incorrect API credentials
C) A virtual machine with a known vulnerability
D) A workstation without a locking screen saver
E) A random access code used during login
B) Intentionally incorrect API credentials
Honeytokens: A bit of traceable data added to your honeynet. If data is stolen and shared, you will be notified and can trace it to who stole it. (1.2)
Which technology would be utilized in this scenario?
Creating a document with invalid authentication information.
A) Honeyfile
B) OCSP
C) Federation
D) False negative
A) Honeyfile
Honeyfile: A fake file with fake information to attract a bad guy. An alert is sent once the file is accessed. (1.2)
The company has faced several instances of tailgating, where unauthorized individuals gain access by following employees into restricted areas. Which deterrent control would be most effective in reducing the occurrence of tailgating?
A) Install more surveillance cameras at all entry points
B) Implement stricter password policies
C) Conduct regular security audits of the access control systems
D) Set up a software based IPS
A) Install more surveillance cameras at all entry points
Video surveillance: Or CCTV. Security cameras that watch areas to see if unauthorized people are gaining access. Can have motion or object detection. (1.2)
A security professional is reviewing the security measures of a financial firm’s data storage system to ensure it aligns with the C and I of the CIA triad. Which of the following actions would BEST ensure adherence to the C and I?
A) Encrypting stored data
B) Implementing a firewall
C) Regularly updating software
D) Conducting background checks on employees
A) Encrypting stored data
CIA Triad: A combination of principles concerning the fundamentals of security; Confidentiality, Integrity, and Availability. (1.2)
A security professional is tasked with identifying the discrepancies between the current security posture and the desired state of security in their organization. Which process should the security professional undertake to identify these discrepancies?
A) Risk assessment
B) Gap analysis
C) Penetration testing
D) Compliance auditing
B) Gap analysis
Gap Analysis: A study of where we are versus where we would like to be. It requires research and consideration of many different IT and security factors in order to close that gap and make sure everything is completed without tripping over itself. (1.2)
A security professional is enhancing the physical security measures of a corporate building located in a busy downtown area, with a focus on mitigating vehicle-based threats. Which physical security measure is most suitable for protecting the building against potential vehicle ramming attacks while allowing pedestrian access?
A) Installing video surveillance cameras around the building perimeter
B) Implementing an access control vestibule at the main entrance
C) Erecting bollards along the building’s street facing side
D) Enhancing the lighting around the building’s entrance
C) Erecting bollards along the building’s street facing side
Barricades and bollards: Allow people access by channeling them to a specific point, but prevent vehicles. (1.2)
What are the best ways to ensure only authorized personnel can access a secure research facility (select two)?
A) Perimeter fencing
B) CCTV monitoring
C) Badge access system
D) Controlled access vestibule
E) Visitor sign-in log
F) Motion detectors
C) Badge access system
&
D) Controlled access vestibule
Physical Controls: Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this.
Access Control Vestibule: A place people have to go into first before accessing another part of the building. Opening one door causes another one to lock, or vice versa. (1.2)
An organization enforces mobile device encryption policies to ensure that data stored on employees’ smartphones and tablets is protected from unauthorized access in case of device loss or theft. What security measure is the organization primarily implementing by enforcing these mobile device encryption policies?
A) Data integrity
B) Data confidentiality
C) Data availability
D) Data authentication
Confidentiality: Ensures that information being exchanged is confidential or private. The concept includes the prevention of disclosure of information to unauthorized individuals or systems. This is achieved through encryption, two-factor authentication, and access controls. (1.2)
Which of the terms listed below can be used to describe the basic principles of information security?
A) PKI
B) AAA
C) GDPR
D) CIA
D) CIA
CIA Triad: A combination of principles concerning the fundamentals of security; Confidentiality, Integrity, and Availability. (1.2)
True or False: The term “Non-repudiation” describes the inability to deny responsibility for performing a specific action. In the context of data security, non-repudiation ensures data confidentiality, provides proof of data integrity, and proof of data origin.
False.
Non-repudiation: The ability to verify whether the information received is from the sender that the information says it’s from. A non-technological example would be like you signing a document. Only you have your own signature, so that adds non-repudiation to the document you’re signing. (1.2)
Which type of user account violates the concept of non-repudiation?
A) Standard user account
B) Shared account
C) Guest user account
D) Service account
B) Shared account
Non-repudiation: The ability to verify whether the information received is from the sender that the information says it’s from. A non-technological example would be like you signing a document. Only you have your own signature, so that adds non-repudiation to the document you’re signing. (1.2)
Which part of the AAA security architecture deals with the verification of the identity of a person or process?
A) Authentication
B) Authorization
C) Accounting
A) Authentication
The AAA Framework: Authentication, Authorization, and Accounting.
Authentication: The check between your username, your password, and any other authentication factors. It proves we are who we say we are. (1.2)
In the AAA security architecture, the process of granting or denying access to resources is known as:
A) Authentication
B) Authorization
C) Accounting
B) Authorization
The AAA Framework: Authentication, Authorization, and Accounting.
Authorization: What type of access one has after they’ve proven who they are through identification and authentication. (1.2)