CS4451 Module 14, CS4451 Module 13, CS4451 Module 12, CS4451 Module 11, CS4451 Module 10, CS4451 Module 9
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/179
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
180 Terms
Which of the following statements best describes governance?
It is the structures, systems, and practices put in place to assign, oversee, and report.
Publilius is the chief information security officer at an organization. He needs to fill a position relating to governance. When advertising the position, which of the following words is he most likely to include in the job posting? Select three.
Integrity
Accountability
Transparency
Idalia works at a government agency responsible for issuing certain security directives. In addition, there are other members of the office responsible for enforcing those directives. Which of the following best describes the type of entity where Idalia works?
Regulatory
A technician is adding a computer to the network. The technician issues the ping command to verify the newly installed system has connectivity with the printer. Which of the following statements is NOT true regarding the object, subject, and operation in the context of the actions just described?
The printer is the subject
Which of the following governance roles, in relation to system and data resources, determines the level of security needed for the data and delegates security duties as needed?
Owner
A senior official at an organization is part of a team writing a set of documents that defines the organization's philosophy of how to safeguard its information. Which set of documents are they producing?
Policies
Galina is implementing a series of changes that were ratified by the governance board in the organization where she works. Included in the changes is updating the password policy for all users. Which document is Galina most likely to use when implementing the change?
Procedures
A recent college graduate was hired. Part of the onboarding process includes reading a series of documents. One of the documents states that vulnerability scans conducted after network changes may be performed by internal staff. Which of the following types of documents is the college graduate most likely to be reading?
Standards
Which of the following is likely to have the least severe of consequences if not complied with?
Guidleines
A clinic's network is breached, and patient data is stolen. Upon investigation, the authorities determined they had very poor security practices and levied a fine against them. Which of the following best describes how the clinic was in violation?
They did not meet the compliance standards.
Which of the following statements is true regarding internal compliance monitoring?
Automation compliance tools can generate an internal compliance report for auditors.
You are hired by a company to examine the protections they have adopted. Upon completion, you write a report verifying their performance. The report also includes a statement indicating the company recognizes their responsibility in maintaining effective controls. Which of the following best describes the activity in which you are involved?
External compliance monitoring.
Two cousins connect through a "get to know your friend" app that asks both cousins a series of questions about the other person. Person A answers the question about Person B and vice versa. They then indicate whether the question was answered correctly. The app also has multiple trackers as noted in the End User License Agreement. What type of data collection is the app most likely to be performing?
Questionable
Which of the following statements is true regarding current data protections when securing data privacy through compliance?
Different states have different privacy laws so that they are local/regional data protections.
Omar works as a security defender at a security operations center. Which of the following best describes or represents tasks Omar may need to perform? Select three.
Coordination
Proactive monitoring
Compliance
Parisa is responsible for researching and deploying security automation software to help reduce the likelihood of false positives. Which of the following best describes how automation will help?
It will be able to find correlations from external and internal data sources.
Quisha, an IT security manager, is a strong proponent of security automation. However, Quisha wants to temper reliance on automation by implementing certain controls. Which of the following best describes what Quisha is trying to prevent?
A single point of failure
A software developer implements an enhancement to one of the features for which they are responsible. The changes are merged into the main branch, a build is created, and automated tests are executed to validate the changes. This activity represents what element of the automated software development process?
Continuous integration
An investment firm is planning on writing an app to offer an interface that is more user friendly and intuitive. However, instead of rewriting their entire code base they want to access some of the capabilities of their legacy code base as well as the data feeds available on a subscription basis. How should they proceed?
They should use API integration as it will allow them to develop the app more rapidly.
You are a software test engineer at a company that develops enterprise backup solutions. You need to write a few scripts to automate the iterative testing of the new features being introduced. Which of the following are you NOT likely to use? Select two.
C++
Java
Ukya is part of a team that develops automations to find deviations from desired baselines and automatically fix certain issues in a cloud environment. Which of the following best describes the type of system Ukya's team develops?
Guardrails
An employee at a manufacturing facility gets promoted from supervisor to manager. Once the change is made in the system, the employee is automatically assigned the proper credentials and given more privileges relative to the resources they can access. Which of the following best describes the mechanism that facilitates this capability?
User automation provisioning
Westin is a cloud engineer who needs to configure a cloud feature that controls inbound and outbound traffic at the network interface level. What should Westin configure?
Security group
A company is targeted in a distributed denial-of-service attack. However, they have systems in place that automatically detect, respond, and mitigate the negative effects of the attack. What type of platform has the company deployed?
SOAR
A security professional assumes the network is under siege and is searching for evidence to see if it has indeed been breached. What is the security professional doing?
Threat hunting
Zipporah develops a hypothesis and is threat hunting to see whether it is true. After testing the hypothesis, it is found to be false. If you were her manager, what would you tell her about the findings? Select two.
She should look for evidence of the threat elsewhere.
There is no indication of an infiltration based on the specifics of the hypothesis.
Which of the following statements are true when defining artificial intelligence (AI) in a broader scope versus in isolation? Select two.
ML is a subset of AI and can create refined algorithms rather than being explicitly programmed.
Data analytics relies on human interaction to query data, identify trends, and test assumptions.
A law firm encourages their paralegals to use AI to help improve the efficiency of their research. What type of AI system is the firm encouraging?
Assisted intelligence
A security firm is researching AI capabilities that can help address many of the challenges related to information security. What are some of the challenges they are seeking to mitigate, and/or how? Select two.
Shortage of trained security professionals
Amount of security-related data produced daily
What are some of the risks or challenges associated with AI in cybersecurity? Select two.
Attackers can use AI to develop mutating malware.
Malicious actor could try to alter the training data used by ML.
A company has been involved in a three-month project to ensure they do not suffer downtime due to threats that could hamper their operations. They are now ready to test some of the elements in the project. Which of the following most likely represents what the company is doing?
They are in the process of developing a BCP.
Three members of a larger task force at an enterprise are responsible for ensuring a variety of technologies, diverse vendors, and encryption capabilities are part of the company's networking infrastructure. Which of the following is most likely to be a true statement regarding their activities?
This is part of a plan to ensure their operations are not disrupted if a major disaster occurs.
Which of the following events could hamper a mission-essential function? Select two.
The reservation system for an airline is affected by ransomware.
A cyberattack on a SCADA system shuts down a water treatment plant
A data center suffered damage due to a natural disaster. The IT staff is in the process of restoring service, but they need to follow a specific series of steps due to critical dependencies. The content of which document are they most likely to follow?
DRP
In the process of responding to a security event, Fram identifies the cause of the event and temporarily disconnects the system that may be causing damage from the network. What action did Fram take in terms of response?
Eradication
An organization suffers what appears to be a security breach. However, upon further analysis, they quickly determine it is not a significant event and no further action is taken. Which of the following most likely allowed them to make this determination?
The definitions spelled out in the incident response plan.
Givon, a skilled technician with extensive knowledge of a company's network, is reviewing a recovery procedure in detail. What is the most likely reason why Givon is doing this? Select two.
He is walking through a testing exercise to confirm there are no omissions or gaps.
He is walking through a testing exercise to see if there are any errors or false assumptions.
A company has a central office and two satellite branches. The security team simultaneously renders the DNS servers at the three satellite sites inoperable. The goal is to test how effective the same incident response will be at the branch sites. Which term best describes this exercise?
Parallel processing
An organization is researching a series of documents that spell out the process that should be used to define policies and procedures that relate to security. What is the organization most likely trying to accomplish?
They want to adopt a security framework.
A series of security students are analyzing entries in a knowledge base of attacker techniques used against systems. They would like to replicate some of the attacks, but the database makes no reference to the tools used during the attacks. Which of the following statements is most likely to be true?
The database focuses on how attackers interact with systems and not on attack tools.
Which of the following are true statements regarding the MITRE ATT&CK and the Diamond Model of Intrusion Analysis frameworks? Select two.
Victims and capabilities are elements associated with the Diamond Model of Intrusion Analysis.
The Diamond Model of Intrusion Analysis uses a variety of interconnected elements
An attacker is trying to break into a network by following the typical process threat actors engage. Which of the following should be disrupted to help minimize the impact of the breach?
Weaponization
A software tester is using a system in a computer lab. The computer lab has internet access but is not connected to the corporate network. The tester clicks on a link in an email that renders the computer inoperable. The tester then sits idle for 30 minutes waiting for the IT staff to replace the computer. What preventive measure should have been put in place?
None, computers can be quickly replaced.
A company is in the process of transitioning from having physical on-premises servers to the cloud.A particular database server is clustered and has both a public cluster connection and a private cluster connection. Which of the following best explains these connections?
The private connection allows the servers in a cluster to communicate with each other.
A storage company sells large data storage systems each containing thousands of SSDs. They calculated the MTBF rating of the SSDs to be about 2 million hours. What does this mean?
It means 10,000 SSDs running for 1000 hours can expect to see about 5 failures.
A company uses a RAID configuration such that only 50 percent of the raw capacity can be used for storage. They want to transition to a different type of RAID level to increase the percentage of usable storage to be greater than 50 percent. What is the current RAID level and what is the desired RAID level?
From RAID 1 to RAID 5
An organization analyzes flight data collected for a small commercial airline. They want to ensure the data is available in at least two locations simultaneously for reasons that include backup availability. Which of the following best describes what they should use?
SAN
Which of the following network hardware components cannot be duplicated to provide redundancy?
NIC
Switch
Router
Correct Answer (None of these)
A company decides to use an online UPS instead of an offline UPS for a particular set of systems. Although they both essentially perform the same fundamental function, why would they opt to use an online UPS?
The online UPS protects from spikes.
An organization stores all their data with a cloud provider that uses zones to help protect against disasters. What type of redundancy does the cloud provider most closely mimic as far as the company's data is concerned?
Hot site
A small business has decided to use the services of a small and recently established cloud provider. Unfortunately, the cloud provider suffers a severe breach that corrupts their data. If you had been hired as a consultant beforehand, which of the following recommendations would you have made?
Spread cloud computing across multiple cloud providers
An agency has an RPO of two hours and an RTO of 30 minutes. The agency suffers a disaster and starts restoring data at noon. By what time can the agency expect to be up and running?
12:30 p.m.
Which of the following are true statements regarding backups and replication? Select two.
Backups require fewer financial resources than replication.
Restoring data from a backup takes longer than restoring data when using replication.
An individual stores all passwords in cleartext format in the notes area of a free online email system and in a piece of paper in their wallet. They also use a weak password to access their email. The individual loses their wallet at a theme park, and a system at work ends up being compromised as a result. An RCA is likely to yield which of the following at the top of the list?
The individual stored passwords on a piece of paper.
A team of security analysts are reviewing log files. In their investigation, they identify incoming and outgoing connections, as well as traffic that was allowed and traffic that was blocked. What type of log was most likely being analyzed?
Firewall logs
Zabrina is the team leader for the group responsible for managing logs when a security incident occurs. They have a relatively small budget so a significant portion of their activity lacks automation. Which of the following is most likely to represent the most significant challenge?
Combining logs generated using different formats.
A security team is looking for a solution capable of consolidating real-time security monitoring along with analysis of security events. Which of the following is most likely to meet their requirements?
SIEM
A judge sternly warns a prosecutor and a defense attorney, both of whom are suspected of being a bit deviant, to not violate the e-discovery protocols that have been established. What message is the judge most likely trying to convey to the attorneys?
To ensure incriminating or exonerating electronic documents are not intentionally suppressed.
A tech-savvy banker is suspected of money laundering using an unauthorized app. When the banker is called into the branch manager's office, the banker is immediately locked out of the office. A digital forensics incident response team goes into the office, documents the surroundings, and takes custody of the computer as well as other devices. What is the response team doing?
They are securing the scene.
A digital forensics incident response team seizes a series of computers. Which of the following, albeit not necessarily a complete list, represents the order in which the specified artifact should be preserved? Select two.
CPU, RAM, temporary files, hard drive, network topology, archival media
Registers, ARP cache, temporary files, hard drive, remote logging data, physical configuration
A company wants to implement a mechanism that will serve as a security audit on devices as well as on the processes used to protect those devices. Which of the following is most likely to be true? Select three.
They need to understand application package monitoring.
They need to determine the sources of data needed.
They will need to analyze reports.
Bogy, the chief security officer at a company, is adamant about running vulnerability scans that examine cloud-native apps the company develops and uses. Which of the following can be used to justify Bogy's position? Select two.
The apps are a gateway to networks.
The apps used open-source libraries.
An organization wants to start running periodic vulnerability scans. However, they are experiencing a reduction in force across all departments due to the cyclical nature of their business. Which of the following could be a valid concern the company has relative to the vulnerability scans?
The scan could potentially produce more data than they could analyze.
Delancy is setting up to run a vulnerability scan. Which of the following best describes what Delancy needs to make well-informed security decisions that are data-driven?
Threat intelligence
Using threat intelligence requires what type of approach as it relates to monitoring?
Signature based
A high-tech company collects data gathered from their bug bounty initiative. The company then uses the data as input into a vulnerability scanner. Why would they do this? Select two.
To search for weaknesses in the company's defenses.
Because the company has a responsible disclosure program.
Gretel works at a company that is about to implement a vulnerability scanning rotation program. They would like to run the scans themselves, but they do not have the expertise to research threats and produce rules to detect those threats. How are they most likely to proceed?
Use proprietary third-party sources.
A security research team is in the business of collecting a great deal of network data. Their plan is to analyze the data and map out different types of attacks, suspicious behaviors, exploits, and vulnerabilities. Which of the following most likely describes their goal?
To generate threat intelligence
A large company has collected threat intelligence information from monitoring their network and performed some level of analysis. They would like to confirm some of their observations with other organizations and possibly analyze the data at a deeper level. How can they accomplish this?
Become a member of the CISCP so they can have access to their resources.
A company recently joined an information-sharing center, but they are concerned about the possibility of sharing private information with other member organizations. Which of the following best represents protections to help mitigate the risk? Select two.
CISA
FOIA
Karlos uses AIS to share cyber threat indicators based on the scans they perform on the network at his company. Which of the following best defines a benefit AIS offers?
Speed
You are responsible for sharing threat intelligence information using a mechanism that employs HTTPS. Which of the following are you most likely to use?
TAXII
A group of students submits an initial outline of their security project for approval. The project indicates they will use information garnered from cybersecurity threat maps. What initial feedback is the professor most likely to offer?
Information displayed on threat maps offers limited context.
Mathina is responsible for identifying data that needs to be scanned more frequently, so she sets off to assign a value to the various kinds of data. Which of the following statements regarding how data should be classified are true? Select two.
Data classifications include confidential, private, and public.
Data types include regulated, intellectual property, and trade secrets.
A company is considering running a full vulnerability scan of all devices on the entire network. If they follow through on this decision, what possible conclusions can you arrive at? Select three.
It can take a significant amount of time.
They do not have an up-to-date asset inventory.
They have not prioritized what should be scanned.
Which of the following statements accurately describes characteristics of active and passive scanning?
Active scanning may increase the risk of endpoint malfunction.
A gaming company is doing very well, and growth projections continue to rise. However, they have made the decision, at least for the time being, to run vulnerability scans on a periodic basis instead of continually. Which of the following most likely represents the reason why?
Limitations on network bandwidth prevent them from scanning continuously.
Ginni works for a company that hosts many online stores for a large variety of clients. She has been tasked with researching vulnerability scanning tools to monitor the applications that make their business model possible. Which of the following tools is Ginni most likely to recommend?
Invicti
You are responsible for overseeing the plug-ins process for the vulnerability scan software your company uses. Which of the following is NOT a reason why you would apply a given update upon its release?
To patch the vulnerability scan software itself
An organization recently applied some updates to patch a known vulnerability. Toshi needs to configure a scan to look for that specific vulnerability. Which parameter is Toshi most likely to configure to ensure a specific vulnerability is targeted?
Sensitivity level
Veronica is analyzing data from a recently completed vulnerability scan. Based on experience she suspects one of the systems is not reporting data accurately. What are possible reasons why this could be true?
The agent-based system scanned is compromised and does not accurately report its status.
In the process of validating a scan that was completed two days ago, Vashon discovers a particular true positive of interest was logged. He investigates the system from where the vulnerability was reported but does not find any problems. What is Vashon most likely to do next?
Examine the logs on the system where the vulnerability was reported
A rogue information technology (IT) employee works at a company as a spy for a foreign country. Unfortunately, the spy is responsible for running vulnerability scans. What type of scan is the spy most likely to run?
Credentialed because the spy has access to the information needed.
After running a vulnerability scan, a company is sorting out the results and in the process of determining the order in which vulnerabilities will be addressed. How is the company most likely to make this determination?
Address vulnerabilities with the highest numeric CVSS scores and work down the list.
Yogita is the manager of the IT team responsible for addressing the issues found by a vulnerability scan. Which of the following steps will her team most likely implement to address the vulnerabilities discovered? Select two.
If it is impractical to address a difficult vulnerability, remove the offending device from the network.
Patch vulnerable systems and procure new hardware and software as needed.
A company recently completed a vulnerability scan as well as other tasks directly associated with the scan. They would now like an examination of the results to verify the accuracy of their findings. What type of activity will help them realize this plan?
An audit
A company is growing and starting to get serious about securing their digital assets. They hire a recent IT security college graduate as their security manager. The company wants to see if they have any deep vulnerabilities, so the newly hired security manager suggests running a vulnerability scan. Which of the following statements are most likely to be true? Select two.
They will not achieve their goal because a vulnerability scan may only find surface problems.
It would be more beneficial to run a penetration test first followed by a vulnerability scan.
A company in financial duress needs to perform a penetration test. The chief information officer wants to hire an outside entity, but internal forces do not want to spend the money. Thus, they agree to have the security team perform the penetration test. What will be the most probable outcome of this decision?
The full depth of results may not be revealed to help protect fellow members of the team.
A company hires a security firm to perform a penetration test, but no information is given to the security firm about the network. What type of preliminary research are the penetration testers most likely to perform while maintaining a low profile?
Search online for publicly accessible information that can reveal valuable insight.
Which of the following are true statements regarding vulnerability scans and penetration testing?
Pen tests can be of the physical and integrated variety and not just of the IT variety.
Which of the following statements most accurately describes characteristics of cloud computing? Select two.
Computing resources can be increased or decreased quickly to meet changing demands.
They reduce the cost of CapEx by shifting them to OpEx.
A potential client wants to migrate some of their services to the cloud but is concerned about failover capabilities. What will the sales engineer from the cloud provider most likely say to help ease the client's concern?
If there is a server failure, services will be moved to other servers at no additional cost.
You are a cloud sales engineer working with an institution that needs to comply with strict federal regulations to avoid being levied very hefty fines. What type of cloud offering are you most likely to recommend?
A community cloud
Diana is not very tech savvy but is a marketing genius. She signs a deal with a cloud contractor who will help her set up an online retail store selling rare items. On what type of cloud will her website most likely be hosted?
A public cloud because the cloud services are available to everyone.
Your company asks you to be the project lead in establishing a private cloud. Which of the following are most likely to be true? Select two.
You will create a private network and isolate it from all the available cloud service providers.
You expect your company to purchase and maintain all the required hardware and software.
An industrial plant has a series of Internet of Things devices that connect to a nearby wireless system. The system will process the collected data, store it, and send it off to the cloud. From a computing location perspective, what type of model is assumed in this scenario?
Edge
A programming hobbyist uses a cloud provider to create an online app to back up his CD collection. As soon as he launches the app, it creates an online backup in the form of an ISO image, creates separate MP3 files for each song, and downloads them to a specific folder. What type of computing does this most likely resemble?
Cloud
A company is using resources on a server to host an application in a Software as a Service (SaaS) environment. Which of the following best describes the type of architecture being employed?
Serverless infrastructure
Various departments in a large organization have been using computing and storage resources from AWS in an uncoordinated fashion. To manage their cloud resources more efficiently, they would like to adopt an approach that is more consolidated and streamlined. Which of the following would you recommend?
Transit gateway
A university is locally managing the learning management system they use for students on a few clustered servers. They are exploring cloud solutions to relieve some of the burden related to managing the servers. Which of the following implementations would help them satisfy their requirement?
SaaS