Download D430 Scenario Based Question Practice with Accurate Answers and more Exams Computer Science in PDF only on Docsity!
D430 Scenario Based Question
Practice with Accurate Answers
A company is concerned about protecting sensitive data at rest and wants to ensure that it remains confidential. What security requirement should be implemented? correct answer Encryption A company is concerned about protecting sensitive data at rest and wants to ensure that it remains confidential. What security requirement should be implemented? correct answer Encryption A company is concerned about protecting sensitive data from eavesdropping during communication between two offices. What technology should be used for this purpose? correct answer Virtual Private Network (VPN) A company is concerned about protecting sensitive data from eavesdropping during communication between two offices. What technology should be used for this purpose? correct answer Virtual Private Network (VPN) A company is concerned about protecting sensitive information during communication between two offices. What security requirement should be considered? correct answer Encryption A company is concerned about protecting sensitive information during communication between two offices. What security requirement should be considered? correct answer Encryption
A company is concerned about protecting sensitive information from being altered during communication between two servers. What security requirement should be implemented? correct answer Digital Signature A company is concerned about protecting sensitive information from being altered during communication between two servers. What security requirement should be implemented? correct answer Digital Signature A company is concerned about protecting sensitive information from unauthorized access and wants to implement a method to verify the identity of users based on a unique physical characteristic. What security requirement is being described? correct answer Authentication A company is concerned about protecting sensitive information from unauthorized access and wants to implement a method to verify the identity of users based on a unique physical characteristic. What security requirement is being described? correct answer Authentication A company is concerned about unauthorized individuals gaining access to its premises by following an employee through a secure entrance. What security threat is this known as? correct answer Tailgating A company is concerned about unauthorized individuals gaining access to its premises by following an employee through a secure entrance. What security threat is this known as? correct answer Tailgating A company is implementing a new software application and wants to ensure that users have access only to the functionalities necessary for their roles. What security requirement should be considered? correct answer Least Privilege
A company is implementing a practice to regularly rotate and update user passwords to enhance security. What is this practice called? correct answer Password Policy A company is implementing a practice to regularly rotate and update user passwords to enhance security. What is this practice called? correct answer Password Policy A company is implementing a practice where individuals with administrative privileges have a separate set of credentials for administrative tasks. What is this practice called? correct answer Dual Control A company is implementing a practice where individuals with administrative privileges have a separate set of credentials for administrative tasks. What is this practice called? correct answer Dual Control A company wants to allow employees to work remotely while ensuring that data on their laptops is protected. What security measure should be implemented? correct answer VPN A company wants to allow employees to work remotely while ensuring that data on their laptops is protected. What security measure should be implemented? correct answer VPN A company wants to detect and prevent unauthorized access to its internal network in real-time. What technology is suitable for this purpose? correct answer IPS
A company wants to detect and prevent unauthorized access to its internal network in real-time. What technology is suitable for this purpose? correct answer IPS A company wants to ensure that data transmitted between two servers is encrypted to prevent eavesdropping. What technology should be implemented for this purpose? correct answer SSL/TLS encryption A company wants to ensure that data transmitted between two servers is encrypted to prevent eavesdropping. What technology should be implemented for this purpose? correct answer SSL/TLS encryption A company wants to ensure that only authorized devices can connect to its wireless network. What security measure should be implemented? correct answer Access Controls A company wants to ensure that only authorized devices can connect to its wireless network. What security measure should be implemented? correct answer Access Controls A company wants to implement a method where access permissions are automatically granted or revoked based on predefined rules and policies. What method is being described? correct answer Attribute-Based Access Control (ABAC) A company wants to implement a method where access permissions are automatically granted or revoked based on predefined rules and policies. What method is being described? correct answer Attribute-Based Access Control (ABAC)
A company wants to monitor and log all activities within its network to comply with regulatory requirements. What technology is most suitable for this purpose? correct answer Auditing A company wants to monitor and log all activities within its network, including user logins and file access. What technology is most suitable for this purpose? correct answer Auditing A company wants to monitor and log all activities within its network, including user logins and file access. What technology is most suitable for this purpose? correct answer Auditing A company wants to protect its network from unauthorized access by implementing a security measure that acts as a barrier between the internal network and external networks. What technology is being described? correct answer DMZ A company wants to protect its network from unauthorized access by implementing a security measure that acts as a barrier between the internal network and external networks. What technology is being described? correct answer DMZ A company wants to protect its web application from unauthorized access and tampering by users. What security measure should be implemented? correct answer Access Controls A company wants to protect its web application from unauthorized access and tampering by users. What security measure should be implemented? correct answer Access Controls
A hacker alters the contents of a sensitive document stored on a server, changing critical information. What type of attack is this? correct answer Modification A hacker alters the contents of a sensitive document stored on a server, changing critical information. What type of attack is this? correct answer Modification A hacker gains access to a network by exploiting a vulnerability in the wireless security protocols. What type of attack is this? correct answer Man-in-the-Middle (MitM) A hacker gains access to a network by exploiting a vulnerability in the wireless security protocols. What type of attack is this? correct answer Man-in-the-Middle (MitM) A hacker gains access to a system by manipulating user input to execute unintended commands. What type of attack is this? correct answer Injection A hacker gains access to a system by manipulating user input to execute unintended commands. What type of attack is this? correct answer Injection A hacker gains access to sensitive emails between two employees, extracting confidential information. What type of attack is this? correct answer Eavesdropping A hacker gains access to sensitive emails between two employees, extracting confidential information. What type of attack is this? correct answer Eavesdropping
A malicious actor floods a website with fake traffic, making it temporarily unavailable for legitimate users. What type of attack is this? correct answer DDoS A malicious actor floods a website with fake traffic, making it temporarily unavailable for legitimate users. What type of attack is this? correct answer DDoS A malicious actor gains unauthorized access to a server and deletes critical files, causing data loss. What type of attack is this? correct answer Deletion A malicious actor gains unauthorized access to a server and deletes critical files, causing data loss. What type of attack is this? correct answer Deletion A security administrator is concerned about protecting against unauthorized access to a network and wants to implement a method to verify the identity of users. What security requirement is being described? correct answer Authentication A security administrator is concerned about protecting against unauthorized access to a network and wants to implement a method to verify the identity of users. What security requirement is being described? correct answer Authentication A security administrator is concerned about protecting against unauthorized access to a system and wants to implement a method to ensure that users only have access to the information necessary for their job roles. What security requirement is being described? correct answer Least Privilege A security administrator is concerned about protecting against unauthorized access to a system and wants to implement a method to ensure that users only
have access to the information necessary for their job roles. What security requirement is being described? correct answer Least Privilege A security administrator is concerned about protecting sensitive data during communication between two servers and wants to ensure that it cannot be intercepted or altered. What security requirement is being described? correct answer Encryption A security administrator is concerned about protecting sensitive data during communication between two servers and wants to ensure that it cannot be intercepted or altered. What security requirement is being described? correct answer Encryption A security administrator is concerned about protecting sensitive information from unauthorized access and wants to implement a method to verify the identity of users based on something they know (e.g., a password). What security requirement is being described? correct answer Authentication A security administrator is concerned about protecting sensitive information from unauthorized access and wants to implement a method to verify the identity of users based on something they know (e.g., a password). What security requirement is being described? correct answer Authentication A security administrator is configuring rules on a firewall to allow or block traffic based on the application or service. What feature is being implemented? correct answer Deep Packet Inspection
A security administrator is implementing a method to identify individuals based on their physical characteristics, such as fingerprints or retina scans. What method is being implemented? correct answer Biometric Authentication A security administrator is implementing a method to identify individuals based on their physical characteristics, such as fingerprints or retina scans. What method is being implemented? correct answer Biometric Authentication A security administrator is implementing a method to verify the identity of individuals accessing a system by using a combination of username and a one- time code sent to their mobile device. What method is being implemented? correct answer Multi-Factor Authentication (MFA) A security administrator is implementing a method to verify the identity of individuals accessing a system by using a combination of username and a one- time code sent to their mobile device. What method is being implemented? correct answer Multi-Factor Authentication (MFA) A security administrator is implementing a practice to regularly audit and monitor user activities to detect and prevent unauthorized access. What is this practice called? correct answer Auditing A security administrator is implementing a practice to regularly audit and monitor user activities to detect and prevent unauthorized access. What is this practice called? correct answer Auditing A security administrator is implementing a practice to regularly review and update user roles and permissions. What is this practice called? correct answer Access Review
A security administrator is implementing a practice to regularly review and update user roles and permissions. What is this practice called? correct answer Access Review A security analyst is concerned about protecting sensitive data stored in a database and wants to ensure that only authorized individuals can access it. What security requirement should be implemented? correct answer Access Control A security analyst is concerned about protecting sensitive data stored in a database and wants to ensure that only authorized individuals can access it. What security requirement should be implemented? correct answer Access Control A security analyst is conducting a penetration test on a web application and wants to identify vulnerabilities related to input validation. What tool is commonly used for this purpose? correct answer Burp Suite A security analyst is conducting a penetration test on a web application and wants to identify vulnerabilities related to input validation. What tool is commonly used for this purpose? correct answer Burp Suite A security analyst is conducting a security assessment and wants to identify vulnerabilities in a network's configuration. What tool is commonly used for this purpose? correct answer Nessus A security analyst is conducting a security assessment and wants to identify vulnerabilities in a network's configuration. What tool is commonly used for this purpose? correct answer Nessus
A security professional is concerned about protecting against unauthorized access to a network and wants to implement a technology that acts as a decoy system. What technology is being described? correct answer Honeypots A system administrator is concerned about protecting against unauthorized access to a network and wants to use a technology that acts as a barrier between the internal network and external networks. What technology is being described? correct answer DMZ A system administrator is concerned about protecting against unauthorized access to a network and wants to use a technology that acts as a barrier between the internal network and external networks. What technology is being described? correct answer DMZ An attacker gains access to a database and alters records to manipulate financial transactions. What type of attack is this? correct answer Modification An attacker gains access to a database and alters records to manipulate financial transactions. What type of attack is this? correct answer Modification An attacker gains access to a network by exploiting a vulnerability in a software application's code. What type of attack is this? correct answer Injection An attacker gains access to a network by exploiting a vulnerability in a software application's code. What type of attack is this? correct answer Injection An attacker gains access to a network by posing as a legitimate user with the intent to perform unauthorized actions. What type of attack is this? correct answer Spoofing
An attacker gains access to a network by posing as a legitimate user with the intent to perform unauthorized actions. What type of attack is this? correct answer Spoofing An attacker gains access to a system by exploiting a vulnerability in the application's code, allowing them to execute arbitrary commands. What type of attack is this? correct answer Buffer Overflow An attacker gains access to a system by exploiting a vulnerability in the application's code, allowing them to execute arbitrary commands. What type of attack is this? correct answer Buffer Overflow An attacker gains access to a system by impersonating a delivery person and following an employee through a secured entrance. What type of attack is this? correct answer Tailgating An attacker gains access to a system by impersonating a delivery person and following an employee through a secured entrance. What type of attack is this? correct answer Tailgating An attacker gains access to a user's account by systematically trying all possible password combinations. What type of attack is this? correct answer Brute Force An attacker gains access to a user's account by systematically trying all possible password combinations. What type of attack is this? correct answer Brute Force
An organization is concerned about protecting against a variety of security threats, including malware and unauthorized access. What security measure should be implemented? correct answer Defense-in-Depth An organization is concerned about protecting against a variety of security threats, including malware and unauthorized access. What security measure should be implemented? correct answer Defense-in-Depth An organization is concerned about protecting data from being intercepted during communication between two servers. What technology should be used for this purpose? correct answer Symmetric Encryption An organization is concerned about protecting data from being intercepted during communication between two servers. What technology should be used for this purpose? correct answer Symmetric Encryption An organization is concerned about protecting sensitive information stored in databases and wants to ensure that only authorized individuals can access it. What security measure should be implemented? correct answer Access Controls An organization is concerned about protecting sensitive information stored in databases and wants to ensure that only authorized individuals can access it. What security measure should be implemented? correct answer Access Controls An organization is implementing a method where access permissions are assigned based on specific job responsibilities. What method is being described? correct answer Role-Based Access Control (RBAC)
An organization is implementing a method where access permissions are assigned based on specific job responsibilities. What method is being described? correct answer Role-Based Access Control (RBAC) An organization is implementing a method where access permissions are based on the specific tasks an individual performs within a job role. What method is being described? correct answer Separation of Duties An organization is implementing a method where access permissions are based on the specific tasks an individual performs within a job role. What method is being described? correct answer Separation of Duties An organization is implementing a method where individuals are granted access based on their job roles and specific attributes, such as location and time of day. What method is being described? correct answer Attribute-Based Access Control (ABAC) An organization is implementing a method where individuals are granted access based on their job roles and specific attributes, such as location and time of day. What method is being described? correct answer Attribute-Based Access Control (ABAC) An organization is implementing a method where individuals are granted access based on their need for specific information to perform their job functions. What method is being described? correct answer Need-to-Know An organization is implementing a method where individuals are granted access based on their need for specific information to perform their job functions. What method is being described? correct answer Need-to-Know
