Ultimate Security+ Exam Guide: Crucial Review Questions for Certification Success

Answer: Centralized governance. Alex has the final say over all decisions, indicating a centralized decision-making process.

Explanation: Centralized governance involves decision-making authority concentrated in a single authority or department within an organization. In this structure, key decisions are made at the top level and are then disseminated throughout the organization.

Domain: Security Program Management and Oversight

Answer:

Session management. This involves the secure creation and transfer of session identifiers or cookies and enforcing inactivity limits.

Explanation:

These refer to the protocols that maintain the security of user interactions on the web, including the secure creation and transfer of unique identifiers or "cookies," and setting inactivity limits to automatically terminate the session if the user is inactive for a certain period. While session cookies are a part of what is managed, the term alone does not encompass the full scope of practices like setting inactivity limits.

Domain:

Security Program Management and Oversight

Answer:

Ownership. This aspect of asset management ensures that each IT asset is clearly associated with a specific individual or department.

Explanation:

Ownership helps in determining who is responsible for the asset, ensuring clear lines of accountability and often helping in deciding the access rights. Monitoring involves keeping an eye on the performance and status of assets, rather than establishing responsibility. Decommissioning pertains to the process of retiring assets and doesn't directly associate assets with specific entities. Acquisition refers to the process of obtaining assets, not the association of assets with individuals or departments.

Domain:

Security Operations

Answer:

A. It emphasizes the integration of security in software creation and maintenance.

Explanation:

An SDLC ensures that security is a focal point in all stages of software development, from design to maintenance. While certain SDLC models, like Agile, prioritize quick deliveries, they don't overlook security. SDLC integrates security throughout its phases, not just during testing. Even with a robust SDLC, software may still require updates and patches post-deployment.

Domain:

Security Program Management and Oversight

Answer:

B. Attempting to access files outside of intended directories. This activity is indicative of a directory traversal attempt.

Explanation:

This scenario is a classic example of directory traversal. The described activities are consistent with an attacker trying to move up the directory structure and access files or directories they shouldn't. This often involves navigating directories in ways the system didn't intend. Buffer overflow attacks involve overloading a system's memory buffer to cause it to crash or to insert malicious code. The activities described in the scenario are more about navigating the file system than overwhelming it. Injection attacks usually involve inputting malicious data into a system with the intent that it will be executed. The scenario described does not suggest data is being executed or run; rather, it's an attempt to navigate to unintended areas. Privilege escalation attacks aim to gain elevated access to resources that are normally protected from an application or user. While this might be an outcome or a motive, the method described here doesn't necessarily represent this type of attack.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

B. IaC (Infrastructure as Code). This approach uses scripts and automation to manage and provision infrastructure.

Explanation:

Infrastructure as code (IaC) allows infrastructure to be provisioned and managed using code, making it easier to manage, replicate, and scale. While serverless architecture reduces the complexity of deploying code into production, it doesn’t involve defining the underlying infrastructure as code. An air-gapped network is a security measure that involves physically isolating a computer or network and ensuring it doesn't connect to unsecured networks, especially the public internet. It doesn’t deal with infrastructure management methodologies. Microservices architecture is about designing software applications as suites of independently deployable services, but it doesn’t directly address infrastructure provisioning through code.

Domain:

Security Architecture

Answer:

D. Limited security update capabilities. SCADA systems, which are often used in such environments, can have this vulnerability.

Explanation:

SCADA systems are often engineered for specific tasks and might not receive regular security updates, making them susceptible to vulnerabilities over time. While important for real-time systems, runtime efficiency is not a primary security concern for SCADA systems. Memory constraints are more pertinent to embedded or real-time systems, not inherently a SCADA security concern. SCADA systems are not typically deployed in containers; thus, this isn't a relevant security implication.

Domain:

Security Architecture

Answer:

C. Log aggregation increases the complexity of managing and interpreting security logs. This statement is NOT true as log aggregation actually aims to reduce complexity.

Explanation:

The primary purpose of log aggregation is to simplify the management and interpretation of security logs. It doesn't increase the complexity, rather it reduces it by consolidating logs from various sources, making them easier to analyze and interpret. Log aggregation can help in maintaining regulatory compliance by keeping a record of all system events, which might be a requirement for some regulations or standards. It enhances security by bringing together logs from different sources into a centralized location for easier analysis and monitoring. Detecting unusual activity that could indicate a security breach is one of the primary purposes of log aggregation.

Domain:

Security Operations

Answer:

D. Verify the legitimacy of the software vendor. Ensuring the vendor's credibility is the first and foremost step in a secure procurement process.

Explanation:

Before making any purchases, it's essential to ensure the vendor is reputable to avoid acquiring counterfeit or malicious software. Financial considerations, while valid, come after ensuring security. Compatibility is important, but first, you need to ensure you're buying from a reputable source. While collaboration is crucial, the first step should be to ensure the vendor's legitimacy.

Domain:

Security Operations

Answer:

A. Application allow list. This technique helps enforce compliance by designating allowed applications and blocking others.

Explanation:

Application allow list is a technique that can help enforce compliance with security standards and policies on a system or network by using a list of approved applications that are allowed to run and blocking all other applications that may violate the standards or policies. It involves using a list of applications that have been verified and authorized by the system or network administrator, and blocking all other applications that may not meet the security requirements or expectations of the system or network. Patching is a technique that can help prevent exploitation of known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements. Configuration enforcement is a mitigation technique that can prevent unauthorized or improper changes that increase a system or device’s vulnerability to attack. Least privilege is a configuration setting that limits users to the level of access and privilege they need to do their work.

Domain:

Threats, Vulnerabilities, and Mitigation

Answer:

D. Web application firewall (WAF). This tool is specifically designed to protect web applications from such web-based threats.

Explanation:

A WAF specifically protects web applications by filtering and monitoring HTTP traffic, providing defenses against web-specific attacks such as SQL injection. While HIDS monitors the internals of a computing system, and antivirus software can detect malware and malicious files, they aren't particularly tailored to protect against web application-specific threats like SQL injection. NetFlow collects IP traffic information and monitors network flow data but doesn't specifically target web application vulnerabilities.

Domain:

Security Operations

Answer:

C. Script kiddie. Typically a novice in cyber-attacks, they rely on readily available tools without a deep understanding of how they work.

Explanation:

A script kiddie heavily relies on off-the-shelf tools without much understanding of how they work. A Bug bounty hunter is an individual who seeks software vulnerabilities in exchange for rewards or compensation but doesn't rely solely on basic, common tools. APTs are often state-sponsored groups with significant resources, known for long-term, targeted attacks using a variety of sophisticated tools and techniques. An ethical hacker is a cybersecurity professional who systematically attempts to penetrate systems on behalf of its owners to find vulnerabilities.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

D. Automates the provisioning of account credentials. Scripting can significantly streamline the onboarding process by automating the creation of user accounts and setting permissions.

Explanation:

Using scripting, IT can automatically create user accounts, set default passwords, and assign appropriate access rights based on the role of the new employee. While scripting can perform many tasks, producing physical manuals typically isn't within its domain of automation. Scripting aids in automation, but it doesn't replace or facilitate human-to-human interactions such as interviews.

Domain:

Security Operations

Answer:

C. National legal implications. This refers to the country-specific laws and regulations that govern the protection and privacy of personal data.

Explanation:

National legal implications are laws and regulations set at the country level that outline the requirements and boundaries for data protection and privacy. GDPR is a regulation enacted by the European Union to ensure data protection and privacy for all its citizens, but it is an example of such national legal implications, not the term that broadly describes all such regulations.

Domain:

Security Program Management and Oversight

Answer:

C. Partition encryption. This method is used to encrypt only a specific partition or section of a storage device.

Explanation:

Partition encryption matches the requirement as it affects a section of a storage device. Full-disk encryption encrypts all data on a physical or logical disk, not just a specific section of a storage device. File-level encryption encrypts individual files or folders on a storage device, not a specific partition. Database encryption encrypts data at the database level, not a specific partition.

Domain:

General Security Concepts

Answer:

C. Shadow IT. The employee added an unauthorized device for personal use without malicious intent towards the company.

Explanation:

Shadow IT refers to any unauthorized or unapproved IT systems or devices within an organization. While the device may introduce security risks and compliance issues for an organization, the employee wasn’t intending any harm to the company. Nation-state actors are sponsored by a government or a country’s military, insider threats abuse their authorized access, and unskilled actors often launch simple opportunistic attacks.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

D. To provide historical insights into security incidents for future investigations. Archiving serves as a way to maintain a long-term record of system logs and alerts for investigative and compliance purposes.

Explanation:

Archiving in the context of security is essential for maintaining a record of all system logs. This ensures that historical data is available for audits or investigations and provides valuable insights into past incidents, which aids in enhancing security measures.

Domain:

Security Operations

Answer:

D. Risk tolerance. This term refers to the level of risk that an organization is willing to accept.

Explanation:

Risk tolerance is the extent to which an organization is willing to tolerate potential risks. It differs from risk appetite, which is more about the amount of risk an organization is willing to take on to achieve its strategic objectives.

Domain:

Security Program Management and Oversight

Answer:

C. To ensure that the vendor’s practices align with the organization's requirements. Due diligence is about confirming that the vendor's security practices and standards meet the organization's requirements.

Explanation:

Due diligence in vendor selection involves evaluating the vendor's security practices to confirm that they align with the organization's security requirements and standards. It's about ensuring that the vendor can meet the organization's obligations for security and is capable of fulfilling their contractual duties while complying with the company’s own practices.

Domain:

Security Program Management and Oversight

Answer:

D. Key risk indicators. These are metrics used to forecast potential risks and gauge their potential impact.

Explanation:

Key risk indicators (KRIs) are metrics that provide early warnings of increasing risk exposures, enabling an organization's leadership to manage these risks proactively. They are different from risk metrics, which are quantitative measures of risk, and risk thresholds, which are the defined levels of risk an organization is willing to accept.

Domain:

Security Program Management and Oversight

Answer:

D. Risk threshold. This figure represents a risk threshold, a predetermined financial point at which the company must take action.

Explanation:

The $500,000 financial impact figure is an example of a risk threshold, as it is the specific point at which the company must act to mitigate risk. Risk limit is not a standard term; it could colloquially be used to describe a risk threshold, but in this context, the correct term is "risk threshold."

Domain:

Security Program Management and Oversight

Answer:

B. Digital signatures. This method is used to provide non-repudiation by using cryptographic techniques to verify the authenticity of a document.

Explanation:

Digital signatures are a method used to provide non-repudiation by using cryptographic techniques to verify the authenticity of a message or document. Encryption is used to protect the confidentiality of information by making it unreadable to unauthorized users, but it does not provide non-repudiation.

Domain:

General Security Concepts

Answer:

C. Layer 7. This is the application layer where filtering based on content like URLs and HTTP headers occurs.

Explanation:

Layer 7, or the application layer, deals with end-user services, and appliances at this layer can make filtering decisions based on specifics like URLs, HTTP headers, and specific application functions.

Domain:

Security Architecture

Answer:

A. Resilience. It refers to the system’s ability to quickly recover from failures and maintain operational performance.

Explanation:

Resilience in cloud architecture refers to the ability of the system to quickly recover from failures and maintain operational performance, crucial for ensuring availability during adverse conditions.

Domain:

Security Architecture

Answer:

A. Data exfiltration. It refers to the act of stealing sensitive or confidential data from a system or network.

Explanation:

Data exfiltration refers to the act of stealing sensitive or confidential data from a system or network. It can be done for various motivations including financial gain, espionage, or other malicious intentions.

Answer:

D. Inline. This type of device interacts with network traffic actively to take actions such as accepting, rejecting, or modifying packets.

Explanation:

Inline devices are designed to interact with network traffic actively and can take actions such as accepting, rejecting, or modifying packets, making them the optimal choice for this scenario.

Domain:

Security Architecture

Answer:

C. Reduces repetitive and mundane tasks. Automation allows employees to focus on more challenging and fulfilling aspects of their roles.

Explanation:

By automating routine tasks, employees can focus on more challenging and fulfilling aspects of their roles, enhancing satisfaction and retention.

Domain:

Security Operations

Answer:

D. Layer 7 Firewall. This type of firewall operates at the application layer and can make more granular decisions about the traffic based on the application-payload.

Explanation:

A Layer 7 firewall operates at the application layer and can make more granular decisions about the traffic based on the application-payload, which makes it the most effective choice in this scenario.

Domain:

Security Architecture

Answer:

C. Increased responsibility for physical security. On-premise infrastructure requires the organization to ensure the physical safety of servers and equipment.

Explanation:

With on-premise infrastructure, organizations must ensure the physical safety of servers and other equipment against theft, tampering, and disasters.

Domain:

Security Architecture

Answer:

B. Decentralized governance. This structure allows for decision-making at the department or sector level, promoting responsiveness and specialization.

Explanation:

In decentralized governance, decision-making is distributed among various departments or sectors, which can lead to increased autonomy and cater to specific departmental needs or expertise within the organization.

Domain:

Security Program Management and Oversight

Answer:

C. The physical location of the user accessing the application. Application logs typically do not capture the physical location of the user.

Explanation:

Application logs record the server IP, user IDs, and timestamps, but not the geographic location or physical address of the user, which would typically require additional data sources beyond standard application logs.

Domain:

Security Operations

Answer:

A. Patching is the process of identifying and fixing security vulnerabilities in software, firmware, and operating systems to prevent potential exploits.

Explanation:

Patching involves the identification and correction of security vulnerabilities, helping to secure systems against known threats and preventing exploitation by attackers.

Domain:

Security Operations

Answer:

D. Reputational damage. This type of consequence can have long-term effects on the company's credibility and customer trust.

Explanation:

Reputational damage can be especially detrimental to a company specializing in cybersecurity training, as trust is foundational to their service offering.

Domain:

Security Program Management and Oversight

Answer:

D. Uninterruptible power supply (UPS). This device provides emergency power and ensures continuous operation during power interruptions.

Explanation:

A UPS is essential for maintaining the availability and resilience of IT systems by providing backup power in the event of an outage.

Domain:

Security Architecture

Answer:

D. Attestation. It refers to the process of affirming the accuracy and completeness of compliance reports through formal statements or declarations.

Explanation:

Attestation involves providing formal statements or declarations about the organization's compliance with specific regulations or standards, often performed by an independent third-party auditor or by the organization's management.

Domain:

Security Program Management and Oversight

Answer:

D. DAC. Discretionary Access Control is an authorization model where the owner of the resource decides who is allowed to access it.

Explanation:

In DAC, the rights to access a file or resource are at the discretion of the owner, aligning with Reginald’s role as the decision-maker in this scenario.

Domain:

General Security Concepts

Answer:

A. Risk assessments. This is a managerial control for identifying and evaluating potential threats.

Explanation:

Risk assessments help organizations understand their risk landscape and inform their security strategies and decisions.

Domain:

General Security Concepts

Answer:

C. Implementing a central OAuth authorization server is the most effective way to manage user authentication and access delegation.

Explanation:

OAuth provides a secure and standardized method for users to authorize third-party applications without sharing credentials by using tokens.

Domain:

Security Operations

Answer:

C. Encryption algorithm. This refers to the mathematical structure designed for data encryption.

Explanation:

Encryption algorithms are the basis of cryptographic systems, enabling secure data encryption and decryption with keys.

Domain:

General Security Concepts

Answer:

D. Trapdoor function. This function is fundamental to the RSA algorithm for public key encryption and decryption.

Explanation:

The trapdoor function in RSA allows for public encryption and private decryption, a foundational concept in public key cryptography.

Domain:

General Security Concepts

Answer:

D. Critical. This classification is assigned to vulnerabilities that, if exploited, could cause significant damage, have a high likelihood of being exploited, or expose sensitive data.

Explanation:

A critical classification is given to vulnerabilities with a high likelihood of exploitation and the potential to cause significant damage or expose sensitive data. Immediate action is required to address such vulnerabilities.

Domain:

Security Operations

Answer:

A. End-of-life vulnerability. This pertains to hardware that is no longer supported or updated by the manufacturer.

Explanation:

End-of-life vulnerability refers to the risks associated with continuing to use hardware that has reached the end of its support lifecycle, making it susceptible to security breaches due to lack of updates.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

B. Turning off all unused services and closing unnecessary ports. This practice reduces potential entry points for attackers.

Explanation:

Minimizing the attack surface involves limiting the exposed components of a system. Deactivating unused services and closing unnecessary ports prevents attackers from exploiting them.

Domain:

Security Operations

Answer:

C. Risk owner. This person is accountable for the ongoing management and mitigation of risks for a particular area or system.

Explanation:

The risk owner is responsible for managing and mitigating risks, as well as for responding to any security breaches or vulnerabilities that may arise in the specified domain.

Domain:

Security Program Management and Oversight

Answer:

A. Public key. This key is part of the asymmetric encryption system and can be freely distributed for encrypting messages.

Explanation:

A public key is used in asymmetric encryption and can be shared openly to allow others to encrypt messages that only the corresponding private key can decrypt.

Domain:

General Security Concepts

Answer:

D. Reduced response time to security incidents. Automated systems provide instant detection and faster response.

Explanation:

Automation in security operations can offer quicker detection and mitigation of threats, improving the overall efficiency and responsiveness to incidents.

Domain:

Security Operations

Answer:

C. Data Controller. The role involves deciding the purposes and means of processing personal data.

Explanation:

A Data Controller has the primary responsibility for the decisions regarding the collection, retention, and sharing of personal data in accordance with privacy regulations.

Domain:

Security Program Management and Oversight

Answer:

A. Certificate of Sanitization. It is formal assurance that all data has been securely erased from a device.

Explanation:

The Certificate of Sanitization is an essential document that verifies the complete and secure deletion of data from equipment prior to its disposal or repurposing.

Domain:

Security Operations

Answer:

A. Shadow IT. It refers to unauthorized or unapproved IT systems or devices that can introduce security risks.

Explanation:

Shadow IT poses a risk due to the lack of oversight and control, which may lead to inadvertent security incidents within an organization.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

A. ECC (Elliptic Curve Cryptography). It allows for robust encryption with relatively short key lengths.

Explanation:

ECC is an efficient encryption method that can provide security equivalent to RSA but with shorter key lengths, making it suitable for systems where efficiency is a concern.

Domain:

General Security Concepts

Answer:

B. Supply chain. This involves a security compromise that originates from a component of the supply chain.

Explanation:

Supply chain attacks occur when a vulnerability is introduced by an external supplier or partner within the supply chain, allowing attackers to exploit it to gain unauthorized access or control.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

A. Compromised availability leading to operational disruptions. Single points of failure can halt essential processes and risk system uptime.

Explanation:

The risk associated with single points of failure is that they can bring entire systems or processes to a halt if they fail, compromising the availability and continuous operation of services.

Domain:

Security Operations

Answer:

D. They need to set boundaries and limitations during the penetration test. This is to ensure the test is conducted within specified parameters.

Explanation:

Rules of engagement define the scope and limitations of a penetration test to ensure it is conducted ethically, legally, and without causing unintended harm to the company's operations or reputation.

Domain:

Security Program Management and Oversight

Answer:

C. Port 1433. This is commonly used by Microsoft SQL Server and can be exploited if not properly secured.

Explanation:

Port 1433 is the default port for Microsoft SQL Server and represents a potential vulnerability if it is not monitored and secured, as it could be used for unauthorized database access.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

C. Sanitization involves erasing data so it cannot be recovered; destruction is total physical demolition of the asset. This ensures data privacy and compliance with regulations.

Explanation:

Sanitization is the process of securely erasing data to prevent its recovery, which is distinct from destruction, which involves the complete physical destruction of the hardware itself.

Domain:

Security Operations

Answer:

B. It might not detect zero-day exploits. Signature-based detection relies on a database of known threat patterns and may not recognize new threats that have yet to be cataloged.

Explanation:

Signature-based detection systems work by comparing network traffic against a database of known threat patterns. Because zero-day exploits do not have a known signature to match against, they may not be detected by this method of detection.

Domain:

Security Operations

Answer:

B. Public key. This ensures that only the holder of the corresponding private key, Company X in this case, can decrypt the message.

Explanation:

In public key cryptography, a public key is used to encrypt a message, and only the corresponding private key can be used to decrypt it. This ensures secure communication, where only the intended recipient can access the encrypted content.

Domain:

General Security Concepts

Answer:

A. Implementation of end-to-end encrypted email. This ensures that messages are secure and unreadable by anyone other than the intended recipient, including the service providers.

Explanation:

B is incorrect because while training is crucial for awareness, it doesn't encrypt or directly protect the content of communications. C is incorrect as backups are for data recovery, not securing active communication. D is incorrect because while VPNs encrypt traffic to and from the user's device, they don't secure the content of emails end-to-end.

Domain:

Security Architecture

Answer:

D. Installation of endpoint protection. This approach involves deploying security measures like antivirus and anti-malware directly on devices to proactively detect and block threats.

Explanation:

A is incorrect as it strengthens access control but doesn't protect against malware. B, while important for closing vulnerabilities, doesn't actively block attacks. C is a principle to minimize access rights, which doesn't equate to reporting and blocking attacks like endpoint protection does.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

C. Complexity. This refers to the degree of intricacy in a system or process, which can introduce challenges in understanding, maintaining, and enhancing the system.

Explanation:

A is incorrect because supportability pertains to maintenance and user support over time, not the intricate structure of the system itself. B is incorrect as it relates to the financial aspect of a system, not the intricacy of its design. D is incorrect because technical debt refers to the future cost of rework due to opting for quick-fix solutions, rather than the initial complexity of the system.

Domain:

Security Operations

Answer:

D. Criminal syndicate. They have the financial means to recruit and sustain a highly skilled team for sophisticated cyber operations.

Explanation:

A is incorrect because an independent hacker typically lacks the resources of larger organizations. B is incorrect as the open source community often consists of volunteers and collaborators without centralized funding. C is incorrect because while security researchers may have access to funds, they usually work within academic or corporate environments, not recruiting hackers for criminal activities.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

A. Disabling ports. This method directly addresses the closing off of specific pathways to prevent unauthorized access or exploitation.

Explanation:

B is incorrect as segmentation involves dividing a network into segments to control access but does not necessarily involve disabling ports. C is incorrect because encryption secures data but doesn't shut off access points. D is incorrect because monitoring involves observing and detecting potential security events, not preventing access by disabling ports.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

C. Using a passphrase to generate a pairwise master key (PMK). This is a fundamental part of the WPA2 Personal mode authentication process.

Explanation:

WPA2-PSK (Pre-Shared Key) leverages a passphrase to create a key, called the PMK, to encrypt communications, which is a distinguishing feature of WPA2's personal authentication. The other options are associated with different contexts or security protocols and are not used in the WPA2 Personal mode authentication process.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

C. To test employees' ability to recognize and report phishing attempts. This objective is central to enhancing employee awareness and preparedness for actual phishing attacks.

Explanation:

The primary objective of conducting phishing campaigns as part of security awareness training is to test and improve employees' ability to identify and report potential security threats like phishing attempts, not to spread malware, promote competitiveness, or trick employees.

Domain:

Security Program Management and Oversight

Answer:

D. Disabling unnecessary services and protocols. This strategy reduces potential vulnerabilities by minimizing the attack surface.

Explanation:

Disabling unnecessary services and protocols is a method of reducing the number of potential entry points for attackers, which in turn minimizes the attack surface. The other options could potentially increase security risks.

Domain:

Security Architecture

Answer:

A. Environmental variables refer to the unique characteristics of an organization's infrastructure that can affect vulnerability assessments and risk analysis. These variables are integral to customizing the vulnerability management process to the organization's specific context.

Explanation:

Environmental variables are considered when assessing vulnerabilities to provide a context-specific risk analysis, which includes aspects related to an organization’s infrastructure and business environment. They are not conditions that trigger automated responses or merely parameters in scanning tools, nor are they limited to impacting physical security.

Domain:

Security Operations

Answer:

B. Host-based Firewall. This technique uses predefined rules to control traffic to and from a device, helping to protect against unauthorized access.

Explanation:

A Host-based firewall specifically controls incoming and outgoing network traffic based on predefined rules and policies. Patching, while a security measure, is the process of updating software to address vulnerabilities. Encryption secures data but does not control traffic flow, and Host-based Intrusion Prevention systems actively monitor and analyze for signs of an intrusion rather than just controlling network traffic.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

C. An attacker gained access, created the unauthorized account, and removed logs. This scenario suggests a deliberate attempt to hide unauthorized activity.

Explanation:

The pattern of missing logs coupled with the creation of an unauthorized account strongly suggests a security breach where an attacker could have created the account and then attempted to cover their tracks by deleting the logs. It is unlikely that these signs would coincide with accidental or routine maintenance issues.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

C. Layer 4. This layer, known as the transport layer, is responsible for the end-to-end communication and data transfer management across a network, including the use of port numbers.

Explanation:

Layer 4 of the OSI model, the transport layer, deals with connection-oriented and connectionless communication, and this is where port numbers are used to direct traffic. It focuses on delivering messages without errors and following sequence and flow control.

Domain:

Security Architecture

Answer:

D. Agent-based NACs use additional software to authenticate users, while Agentless NACs use network level protocols to authenticate users. This distinction highlights the additional software requirement for agent-based solutions.

Explanation:

Agent-based Network Access Control (NAC) systems require software installed on each client device to enforce network security policies, while Agentless NAC systems do not require client-side software and instead rely on existing network protocols and infrastructure to enforce policies. This difference can impact the approach to deploying and managing NAC solutions.

Domain:

Security Operations

Answer:

C. Risk tolerance. This term refers to the acceptable level of variance in performance that an organization is willing to withstand in its operations or investment strategies.

Explanation:

Risk tolerance is the specific level of risk that an organization is prepared to accept before it takes action to mitigate the risk. It is a component of risk management, which is the overarching process that includes identifying, assessing, and responding to risks. A risk matrix is a tool used within risk management, and risk appetite is the overall amount of risk an organization is willing to pursue or retain.

Domain:

Security Program Management and Oversight

Answer:

B. It maintains the integrity of digital evidence over time. This is crucial for ensuring that the evidence remains reliable and admissible in legal proceedings.

Explanation:

Preservation of evidence in digital investigations involves keeping data secure and unaltered to maintain its authenticity and reliability for the duration of the investigation and any subsequent legal proceedings. This is distinct from case strategy development, prioritizing evidence collection, or allocating budgetary resources, which are separate aspects of the investigative process.

Domain:

Security Operations

Answer:

D. Buffer overflow. This occurs when more data is sent to a buffer, or temporary storage in memory, than it can hold, leading to potential overwrites of adjacent memory areas.

Explanation:

A buffer overflow is a classic security issue where excessive data floods a fixed-size buffer, and excess data may overwrite adjacent memory spaces, potentially leading to arbitrary code execution or other security breaches.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

B. Insecure Interfaces and APIs. This vulnerability is particular to cloud environments where interfaces and APIs are commonly used for interaction and management.

Explanation:

Insecure Interfaces and APIs can expose cloud services to various security risks, such as unauthorized access and data manipulation. They are specific to cloud computing because APIs are often the main method of interaction in these environments.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

B. Application rollback. Reverting the application to a stable previous version can remedy issues introduced by a problematic update.

Explanation:

An application rollback involves returning the application to a previous version before the issue occurred, which can resolve problems introduced by a recent update. This is more effective than a simple restart, which may not correct the error, or patch management, which addresses different types of software issues.

Domain:

General Security Concepts

Answer:

B. Enforcing baselines helps to standardize configurations across systems, enabling efficient automation and reducing the risk of security incidents.

Explanation:

Enforcing configuration baselines ensures that systems are consistently configured according to a known, secure standard, which aids in automation and helps mitigate security risks. It's a key step in maintaining security and operational consistency across IT environments.

Domain:

Security Operations

Answer:

D. Key exchange. This process allows two parties to establish a shared secret which can then be used for symmetric encryption.

Explanation:

Key exchange is a method used to securely exchange encryption keys between parties, allowing them to encrypt and decrypt messages. The Diffie-Hellman protocol is a well-known example of key exchange used to establish shared secrets for symmetric encryption.

Domain:

General Security Concepts

Answer:

A. 802.1X. This is a network access control protocol for port-based authentication.

Explanation:

802.1X is an IEEE standard for port-based Network Access Control (PNAC). It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

Domain:

Security Architecture

Answer:

C. Inadequate buffer overflow protections. Real-time operating systems prioritize performance, which may come at the expense of certain security measures.

Explanation:

RTOSs often prioritize speed and efficiency, which could mean less emphasis on security measures like buffer overflow protections, potentially leaving the system vulnerable to such attacks.

Domain:

Security Architecture

Answer:

A. The signatures require tuning. Proper configuration and regular updates are needed to minimize false positives in signature-based detection systems.

Explanation:

False positives in signature-based systems often occur because the signatures are not accurately tuned to differentiate between malicious and benign traffic patterns.

Domain:

Security Operations

Answer:

D. Simultaneous CEO logins from distant locations. This is indicative of potential unauthorized access or credential compromise.

Explanation:

The simultaneous logins from geographically distant locations is a strong indicator of compromised credentials, which is a serious security concern as it could suggest a breach involving a high-privileged account.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

A. $1,500. The ALE is calculated by multiplying the SLE by the ARO.

Explanation:

The ALE is determined by the formula ALE = SLE × ARO. With an SLE of $15,000 and an ARO of 0.1, the ALE is $15,000 * 0.1 = $1,500. This represents the expected annual loss from these operational failures.

Domain:

Security Program Management and Oversight

Answer:

C. Evidence of internal audits. This would provide Company X with insight into the vendor’s self-assessment and internal security measures.

Explanation:

Internal audits are thorough self-assessments that show how a vendor manages and protects its assets, which is vital for Company X to understand the vendor's commitment to security and the effectiveness of their practices.

Domain:

Security Program Management and Oversight

Answer:

A. Time-of-check (TOC). This refers to a scenario where data can be manipulated after verification but before use, often due to a time gap between the two events.

Explanation:

The TOC vulnerability, also known as time-of-check to time-of-use (TOCTOU), occurs when an attacker exploits the time gap between checking and using data, manipulating the data in between these two actions.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

D. Installing the cable in a conduit buried underground. This provides physical protection from environmental factors and unauthorized access.

Explanation:

Burying cables in a conduit offers the best protection against environmental damage, tampering, and unauthorized access. It is more secure than leaving cables exposed on the ground, on poles, or using unencrypted wireless connections.

Domain:

Security Architecture

Answer:

D. SD-WAN. Software-defined wide area network provides centralized network management and performance optimization and can be deployed both on-premises and in the cloud.

Explanation:

SD-WAN technology is specifically designed to optimize and manage WAN traffic, offering flexibility and efficiency, which matches Company X ' requirements for WAN optimization.

Domain:

Security Architecture

Answer:

A. Monitoring. This technique involves the continuous observation of system or network operations and often uses tools like Nagios or Splunk.

Explanation:

Monitoring refers to the continuous observation and verification of the activities and performance of a system or network. Tools like Nagios or Splunk are specifically designed for monitoring purposes, providing real-time visibility into system and network health, which is crucial for detecting and responding to incidents.

Domain:

Threats, Vulnerabilities, and Mitigations

Answer:

A. Reviewing event logs. This method involves looking at logs to confirm that the issue has been resolved.

Explanation:

Event logs provide detailed information about the events that have occurred within the system, which can help verify whether the steps taken to remedy a vulnerability have been effective and whether any further action is required.

Domain:

Security Operations

Answer:

D. Code Signing. This technique ensures that the software updates are from a verified source and have not been altered or tampered with.

Explanation:

Code signing involves using a cryptographic signature to verify that software updates are genuine and unaltered, which helps customers trust that the updates are legitimate and safe to install.

Domain:

Security Operations

Answer:

C. Frequency. This refers to the regular schedule at which backups are performed.

Explanation:

The frequency component of a backup strategy dictates how often backups are performed, which is crucial for ensuring that recent changes to data are preserved and that data loss is minimized in the event of a system failure.

Domain:

Security Architecture