Security X Practice Test 6

Question 1

Question 2:
You are investigating a potential misconfiguration in a critical database server that resulted in unauthorized access attempts. The SIEM logs show the following entries:

2024-02-01 - Unauthorized login attempt - user: root - IP: 10.0.15.2
2024-02-01 - Configuration Change Detected - /etc/db.conf modified
2024-02-01 - Unauthorized login attempt - user: admin - IP 10.0.15.2
2024-02-01 - Successful Login - user: admin - 10.0.15.2
2024-02-01 - Configuration rollback initiated - /etc/db.conf restores

What does this suggest about the security incident?

A. An attacker modified the database configuration file to escalate privileges
B. A legitimate administrator performed routine maintenance on the database
C. The system incorrectly flagged a normal login process as suspicious
D. An application update caused an unintended configuration change
E. The unauthorized attempts were caused by a brute force login script

Answer 1

A. An attacker modified the database configuration file to escalate privileges

Explanation:
A. The log shows a configuration modification followed by an unauthorized access, indicating privilege escalation attack

Incorrect:
D. An application update would not trigger unauthorized login attempts

Question 2

Question 4:
A federal agency is updating its risk prioritization strategy for classified data protection. The security leadership must decide how to allocate budget between proactive and reactive security measures. Given national security concerns and evolving cyber threats, what is the best approach to ensure optimal security investments?

A. Invest exclusively in proactive security technologies like endpoint detection and zero trust
B. Allocate resources equally between proactive and reactive measures
C. Prioritize only reactive security investments, such as IR and forensic analysis
D. Focus on compliance driven security controls rather than risk based prioritization
E. Rely on cyber insurance policies instead of direct security investments

Answer 2

B. Allocate resources equally between proactive and reactive measures

Explanation:
B. A balanced investment strategy ensures comprehensive risk mitigation, incident preparedness and long term resilience

Incorrect:
A. Proactive security alone does not ensure rapid incident response and recovery

Question 3

Question 14:
Match the following AI security risks with their corresponding mitigations

A. Overreliance on AI
B. AI Driven data leaks
C. Excessive AI autonomy
D. Model manipulation attacks
E. Unexplainable AI decisions

1. Implement human in the loop oversight
2. Restrict AI generated content input
3. Apply adversarial machine learning defenses
4. Enable transparency and explainability
5. Restrict AI permissions for critical decisions

Answer 3

A-1: Human in the loop oversight prevents blind reliance on AI
B-2 : Output restrictions mitigate AI data leaks
C-5: Limiting AI permissions ensures human verification
D-3 : Adversarial ML defenses prevent manipulation attacks
E-4: Explainability makes AI decision logic understandable

Question 4

Question 40:
NO

Question 5

Question 42:
Your organizations SIEM system detected anomalies in IAM policies affecting object based access. Below is a log snippet:

2025-02-03 - Unauthorized Access Attempt - User: employee123 - Object: HR_Data - Action: Denied
2025-02-03 - Policy Override - User: admin001 - Object: Finance_Reports - Action: Approved
2025-02-03 - Unexpected Access Granted - User: contractorx - Object: Confidential_Docs - Action: Allowed. What is the most likely explanation for the last security event?

A. The IAM system misclassified the user’s role, granting unintended access
B. The SIEM misinterpreted normal user behavior as suspicious
C. A policy override from an administrator caused the access grant
D. The user successfully elevated privileges through a Zero Day exploit
E. The object based access rule was explicitly defined to permit this action

Answer 5

A. The IAM system misclassified the user’s role, granting unintended access

Explanation:
A. IAM misclassifications can result in unintended permissions
B. SIEM misinterpretations do not grant unauthorized access
C. No override action was logged for contractorx
D. No Zero Day exploit evidence was recorded in logs
E. Explicit permissions would have been documented in policy logs

Question 6

Question 44:
Your company is deploying a token based authentication mechanism for API access. Below is the current API token configuration:

TokenType = Bearer, Expiration: 7 Days. Storage: Database, Encryption: AES-128

What are two modifications that should be made to enhance security?
A, Reduce token expiration time to 1 hour for better security
B. Implement rotating refresh tokens instead of long-lived tokens
C. Store tokens in plaintext to improve API performance
D. Increase encryption strength to AES-256
E. Remove encryption since token secrets are already stored securely

Answer 6

A, Reduce token expiration time to 1 hour for better security
B. Implement rotating refresh tokens instead of long-lived tokens

Explanation:
A. Shorter token expiration reduces attack windows
B. Rotating refresh tokens prevent long term exposure risks

Incorrect:
C. Plaintext storage exposes tokens to unauthorized access
D. AES-128 is sufficient for encryption, but rotation is a higher priority
E. Removing encryption increases exposure risks

Question 7

Question 45:
A financial institution is deploying remote attestation for enterprise endpoints to ensure device trustworthiness before granting access to critical systems. The security team wants to integrate TPM-based attestation with an identity provider (IdP) to validate device health. Below is the JSON policy snippet for attestation validation before access is granted.

AttestationRequired: true, TPM : MinPCRValidationLevel: High RequireSecureBoot: true

What is the correct modification to enforce attestation policy compliance in a Zero Trust Framework?

A. Enforce attestation on only admins
B. Remove the RequireSecureBoot parameter to allow older devices
C. Change MinPCRValidation to Low for backward compatibility
D. Apply attestation to all devices and deny access on failure
E. Exempt internal users from attestation to reduce friction

Answer 7

D. Apply attestation to all devices and deny access on failure

Explanation:
D. Enforcing attestation on all devices aligns with Zero Trust principles

Incorrect:
C. Reducing PCR validation weakens security enforcement

Question 8

Question 51:
A network administrator is investigating a misconfiguration issue affecting VPN tunnels between headquarters and remote sites. The VPN log analysis reveals the following configuration issues:
TunnelMode: Aggressive, EncryptionAlgorithms: DES, KeyExchangeMethod: DH Group1; Authentication: PSK

Which two settings should be modified to improve security?

A. Change EncryptionAlgorithm to AES-256
B. Switch TunnelMode to Main Mode
C. Keep KeyExchangeMethod at DH Group 1 for compatibility
D. Use a weaker pre shared key for easier management
E. Maintain Aggressive Mode for faster VPN negotiations

Question 9

Question 57:
A defense contractor is designing a tamper resistant system using self healing memory. Below is the systems current configuration:
TamperDetection: Enable, Recoverymode: Manual, MemorySelfHealing: False

What change is most critical to improving system resilience?

A. Enable MemorySelfHealing to True
B. Change RecoveryMode to automatic
C. Disable TamperDetection for performance optimization
D. Implement checksum verification without self healing
E. Extend recovery delays to reduce false positives