Download SECURITY CONTROL TYPES AND INCIDENT RESPONSE STRATEGIES EXAM WITH COMPLETE SOLUTIONS and more Exams Advanced Education in PDF only on Docsity!
SECURITY CONTROL TYPES AND INCIDENT RESPONSE STRATEGIES EXAM WITH
COMPLETE SOLUTIONS 100 % VERIFIED!!
Which of the following security control types does an acceptable use policy best represent?
PREVENTIVE
Which of the following can be used to identify potential attacker activities without affecting production servers?
Honeypot
Which of the following can best protect against an employee inadvertently installing malware on a company system?
Application Allow List
An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?
DEPLOY AN AUTHENTICATION FACTOR THAT REQUIRES LN-PERSON ACTION BEFORE PRINTING.
An organization is required to maintain financial data records for three years and customer data for five years. Which of the following data management policies should the organization implement?
RETENTION
A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?
Push Notifications
A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?
Private Key and Self-Signed Certificate
Which of the following tasks is typically included in the BIA process?
ESTIMATING THE RECOVERY TIME OF SYSTEMS
Which of the following would most likely mitigate the impact of an extended power outage on a company's environment?
UPS
A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?
Serverless Framework
A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain's URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?
A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).
KEY ESCROW.
TPM PRESENCE
A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two).
SCREEN LOCKS
REMOTE WIPE
A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?
SOW
A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.
Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.
Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following Is the
most likely reason for this compromise?
A MALICIOUS ACTOR COMPROMISED THE TIME-KEEPING WEBSITE WITH MALICIOUS CODE USING AN UNPATCHED VULNERABILITY ON THE SITE, STEALING THE CREDENTIALS.
An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?
SRTP
Which of the following exercises should an organization use to improve its incident response process?
TABLETOP
A company is developing a critical system for the government and storing project information on a fileshare.
Which of the following describes how this data will most likely be classified? (Select two).
CONFIDENTIAL. RESTRICTED
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?
RISK REGISTER
An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?
SMISHING.
Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?
PHYSICAL
A company that is located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to immediately continue operations. Which of the following is the best type of site for this company?
HOT
RISK REGISTERA bank set up a new server that contains customers' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?
FILE INTEGRITY MONITORING
During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?
PHYSICAL
A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?
PATCH AVAILABILITY
Which of the following enables the use of an input field to run commands that can view or manipulate data?
SQL INJECTION
Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?
SLA
A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?
FIM
Which of the following is an algorithm performed to verify that data has not been modified?
HASH
Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?
secured zones
A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?
IPSec
Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).
BADGE ACCESS.
ACCESS CONTROL VESTIBULE
Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?
TO TRACK THE STATUS OF PATCHING INSTALLATIONS
A company most likely is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will be classified? (Select two).
CONFIDENTIAL. RESTRICTED
A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?
VISUALIZATION AND ISOLATION OF RESOURCES
During a recent breach, employee credentials were compromised when a service desk employee issued an MFA bypass code to an attacker who called and posed as an employee. Which of the following should be used to prevent this type of incident in the future?
IDENTITY PROOFING
A software developer would like to ensure. The source code cannot be reverse engineered or debugged. Which of the following should the developer consider?
OBFUSCATION TOOLKIT
Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?
MASKING
A website user is locked out of an account after clicking an email link and visiting a different website Web server logs show the user's password was changed, even though the user did not change the password. Which of the following is the most likely cause?
CROSS-SUE REQUEST FORGERY
Skipped
Skipped
An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned. one of the batch jobs talked and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?
JOB ROTATION
A software developer released a new application and is distributing application files via the developer's website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?
HASHES
A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?
A MISCONFIGURATION IN THE ENDPOINT PROTECTION SOFTWARE
Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an IaaS model for a cloud environment?
CLIENT
During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?
ANALYSIS
An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?
PASS-THE-HASH
Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?
TABLETOP EXERCISE
An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user's activity?
INSIDER THREAT
A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis.
Which of the following types of controls is the company setting up?
DETECTIVE.
Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's PII?
A security engineer needs to configure an NGFW to minimize the impact of the increasing number of various traffic types during attacks. Which of the following types of rules is the engineer the most likely to configure?
BEHAVIORAL-BASED
A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message.
Which of the following should the analyst do?
UPDATE THE EDR POLICIES TO BLOCK AUTOMATIC EXECUTION OF DOWNLOADED PROGRAMS.
A vendor needs to remotely and securely transfer files from one server to another using the command line.
Which of the following protocols should be Implemented to allow for this type of access? (Select two).
SSH. SFTP
Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?
INFRASTRUCTURE AS CODE
A department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?
SHADOW IT
A company prevented direct access from the database administrators' workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?
JUMP SERVER
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
IPS
Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?
MITIGATE
After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?
RETAIN ANY COMMUNICATIONS RELATED TO THE SECURITY BREACH UNTIL FURTHER NOTICE.
A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?
A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)
IF A SECURITY INCIDENT OCCURS ON THE DEVICE, THE CORRECT EMPLOYEE CAN BE NOTIFIED. COMPANY DATA CAN BE ACCOUNTED FOR WHEN THE EMPLOYEE LEAVES THE ORGANIZATION.
Which of the following describes effective change management procedures?
HAVING A BACKOUT PLAN WHEN A PATCH FAILS
Which of the following is used to quantitatively measure the criticality of a vulnerability?
CVSS
A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?
WATERING HOLE.
Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).
THREAT VECTORS BASED ON THE INDUSTRY IN WHICH THE ORGANIZATION OPERATES. CADENCE AND DURATION OF TRAINING EVENTS
A security audit of an organization revealed that most of the IT staff members have
domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?
SECURING DOMAIN ADMINISTRATOR CREDENTIALS IN A PAM VAULT AND CONTROLLING ACCESS WITH ROLE-BASED ACCESS CONTROL
A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?
BUG BOUNTY
