Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Sec555 Final Exam with Correct Answers: Cybersecurity Concepts and Practices, Exams of Cybercrime, Cybersecurity and Data Privacy

A comprehensive set of multiple-choice questions covering various cybersecurity concepts and practices. It provides a valuable resource for students preparing for the sec555 final exam, offering insights into key areas such as authentication, network security, malware, social engineering, and vulnerability management. Correct answers, allowing students to assess their understanding and identify areas for further study.

Typology: Exams

2024/2025

Available from 11/01/2024

Lectjoshua
Lectjoshua šŸ‡ŗšŸ‡ø

5

(2)

3.4K documents

1 / 24

Toggle sidebar

Related documents


Partial preview of the text

Download Sec555 Final Exam with Correct Answers: Cybersecurity Concepts and Practices and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

sec555 final exam with correct answers

Examine the differences between authentication factors and authentication attributes and select the statement that most effectively summarizes the differences between authentication factors and authentication attributes. Authentication attributes are characteristics used to verify an account holder's credentials, while authentication factors use secondary or continuous authentication and access control. Authentication factors verify an account holder's credentials, while authentication attri - ANSWER- Authentication factors verify an account holder's credentials, while authentication attributes are either non-unique or cannot independently authenticate a user's credentials. Question After several users call to report dropped network connections on a local wireless network, a security analyst scans network logs and discovers that multiple unauthorized devices were connecting to the network and overwhelming it via a smartphone tethered to the network, which provided a backdoor for unauthorized access. How would this device be classified? A switched port analyzer (SPAN)/mirror port A spectrum analyzer A rogue access point (AP) A thin wireless access point (WAP) - ANSWER-A rogue access point (AP) Analyze the following scenarios and determine which attacker used piggy backing. On the way to a meeting in a restricted area of a government facility, a contractor holds open a gate for a person in a military uniform, who approaches the entry point at a jog, flashing a badge just outside of the readable range. A government employee is late for a meeting in a restricted area of a military installation. Preoccupied with making the meeting on time, the employee does not notice when the gate has no - ANSWER-On the way to a meeting in a restricted area of a government facility, a contractor holds open a gate for a person in a military uniform, who approaches the entry point at a jog, flashing a badge just outside of the readable range. Analyze and select the statements that accurately describe both worms and Trojans. (Select all that apply.) A worm is concealed within an application package while a Trojan is self-contained.

Both worms and Trojans can provide a backdoor. Both worms and Trojans are designed to replicate. A worm is self-contained while a Trojan is concealed within an application package. - ANSWER-Both worms and Trojans can provide a backdoor. A worm is self-contained while a Trojan is concealed within an application package. Question A dissatisfied employee has discreetly begun exfiltrating company secrets to sell to a competitor. The employee sets up a malware script that will run in the event of the employee's firing and account deletion. Analyze the attack and determine what type of attack the employee has emplaced. Rootkit Logic bomb Remote Access Trojan (RAT) Backdoor - ANSWER-Logic bomb A hacker gains access to a database of usernames for a target company and then begins combining common, weak passwords with each username to attempt authentication. The hacker conducts what type of attack? Password spraying Brute force attack Dictionary attack Rainbow table attack - ANSWER-Password spraying Question A retail establishment experiences an attack where whole number values have been exploited. As a result, some credit values are manipulated from positive values to negative values. Which type of attack is the establishment dealing with? Integer overflow Buffer overflow Stack overflow

Race condition - ANSWER-Integer overflow A user at a realtor's office contacts their IT department to report that they are not able to copy contract files to a USB flash drive to take home. Which explanation does the IT representative share with the user? Data loss prevention prevents file copying. Mobile device management restricts the use of a portable USB device. A compromised private key has created a trust issue. The file copy process has been allow-listed. - ANSWER-Data loss prevention prevents file copying. Question An unauthorized person gains access to a restricted area by blending in with a crowd of employees as they approach the security desk and show their badges to the guard. While walking down a long hallway, the group is stopped at a turnstile and the unauthorized person is discovered. What type of policy prevented this type of social engineering attack? CCTV policy Mantrap policy ID badge policy Skimming policy - ANSWER-Mantrap policy Question Identify the type of attack where malware forces a legitimate process to load a malicious link library. DLL injection Pass the hash (PtH) Null pointer dereferencing Overflow attack - ANSWER-DLL injection An attack at a company renders a network useless after a switch is impacted. Engineers review network traffic and determine that the switch is behaving like a hub. What do the engineers conclude is happening? (Select all that apply.) The switch's memory is exhausted.

The switch is flooding unicast traffic. The switch MAC table has invalid entries. The switch is using MAC-based forwarding. - ANSWER-The switch's memory is exhausted. The switch is flooding unicast traffic. Compare the types of Distributed Denial of Service (DDoS) attacks and select the best example of a synchronize (SYN) flood attack. A group of attackers work together to form an attack on a network. An attack consumes all of the network bandwidth resulting in denial to legitimate hosts. Client IP addresses are spoofed to misdirect the server's SYN/ACK packet increasing session queues. A client's IP address is spoofed and pings the broadcast address of a third-party network with many hosts. - ANSWER-Client IP addresses are spoofed to misdirect the server's SYN/ACK packet increasing session queues. Question IT staff reviews security alerts received for a monitoring system and discovers that uncommon firewall ports on several Windows workstations and a server have been opened and are being accessed by a malicious process. What does the staff determine the issue to be? Shellcode Persistence Credential dumping Lateral movement - ANSWER-Lateral movement Question An organization receives notification from an actor that vulnerabilities have been found in an onsite firewall. While the actor does not exploit the vulnerability, a bounty is requested for the work and discovery. What type of actor is the organization dealing with? Gray hat White hat Script Kiddie Black hat - ANSWER-Gray hat

Question Xander sends a malicious file via email attachment to employees at a target company, hoping at least one employee will open the malicious file that will propagate through the company's network and disrupt the company's operations. If Xander's goal is disruption of company operations, what does this describe? intent motivation risk threat - ANSWER-intent Question Analyze the following scenarios and determine which one involves an external threat actor carrying out a direct attack. Naomi practices poor password management, and through her negligence, an outsider gains access to her company's server. Raul, a security contractor, installs antivirus software for a small company. He uses his temporary access to gain the company's banking information. Abram uses a quiz on a popular social media platform to solicit answers to online banking consumers' - ANSWER-Abram uses a quiz on a popular social media platform to solicit answers to online banking consumers' login security questions. An engineer routinely provides data to a source that compiles threat intelligence information. The engineer focuses on behavioral threat research. Which information does the engineer provide? IP addresses associated with malicious behavior Descriptions of example attacks Correlation of events observed with known actor indicators Data available as a paid subscription - ANSWER-Descriptions of example attacks An individual contacts a company's IT department, threatening to exploit a vulnerability found in its security infrastructure if the company does not pay a bounty. Upon further investigation, the IT team discovered that the individual threatening the company easily managed to use crude scripts in the

hacking attempt. Which statement best describes the disparity between the hacker's claim and real capability? The hacker presents as a black hat, but the individual's capabilities indicate the h - ANSWER-The hacker presents as a black hat, but the individual's capabilities indicate the hacker is a script kiddie Question Evaluate which of the following solutions would most effectively mitigate vulnerabilities that might arise when outsourcing code development. Have one vendor develop the code, and a different vendor perform vulnerability and penetration testing. Outsource coding to multiple vendors at once, compare the results each vendor produces, and select the most secure implementations. Outsource all coding to a single vendor, limiting the number of vendors in the workflow. Trust system integration - ANSWER-Have one vendor develop the code, and a different vendor perform vulnerability and penetration testing. Question A security team uses passive scanning to gather information and data related to a suspected rogue system on a network. By using passive scanning, what type of information does the team gather? Credentialed Indirect evidence Embedded Report - ANSWER-Indirect evidence An organization hires a pen tester. The tester achieves a connection to a perimeter server. Which technique allows the tester to bypass a network boundary from this advantage? Persistence Privilege escalation Pivoting Lateral movement - ANSWER-Pivoting

An organization requires that a file transfer occurs on a nightly basis from an internal system to a third- party server. IT for both organizations agree on using FTPS. Which configurations does IT need to put in place for proper file transfers? (Select all that apply.) Configure the use of port 990 Configure the use of port 22 Negotiate a tunnel prior to any exchanged commands Using Secure Shell (SSH) between client and server - ANSWER-Configure the use of port 990 Negotiate a tunnel prior to any exchanged commands Question A cloud administrator receives reports that a physical server is having issues with its virtualized guest machines. There is a possibility that a threat actor has been successful with an attack. Which problem types does the administrator investigate? (Select all that apply.) VM sprawl VM escape VM template VM monitor - ANSWER-VM sprawl VM escape Select the correct simulation of a Virtual Desktop Infrastructure (VDI) deployment. A company installs a platform that uses a Type 1 hypervisor to manage access to the host hardware outside of the host operating system. A company deploys Citrix XenApp on a server for the client to access for local processing. A company replaces all desktop computers with thin clients the employees use to log into VMs stored on the company server. A company enforces resource separation at the operating system lev - ANSWER-A company replaces all desktop computers with thin clients the employees use to log into VMs stored on the company server. Question Compare the components found in a virtual platform and select the options that accurately differentiate between them. (Select all that apply.)

Hypervisors are Virtual Machine Monitors (VMM) and guest operating systems are Virtual Machines (VM). Hypervisors facilitate interactions with the computer hardware and computers are the platform that hosts the virtual environment. Computers are the operating systems that are installed under the virtual environment and guest operating systems are - ANSWER-Hypervisors are Virtual Machine Monitors (VMM) and guest operating systems are Virtual Machines (VM). Hypervisors facilitate interactions with the computer hardware and computers are the platform that hosts the virtual environment. Question After a company moves on-premise systems to the cloud, engineers devise a serverless approach in a future deployment. What type of architecture will engineers provision in this deployment? (Select all that apply.) Virtual machine Physical server Containers Microservices - ANSWER-Containers Microservices Question Examine the use of software diversity in infrastructure development and assess which statement describes the advantages of using a diverse range of development tools and application vendors over a monoculture environment. A diverse environment enables secure failover, as development diversity provides system redundancy over multiple vendor products. A diverse environment relies on security by obscurity, making a system's infrastructure more difficult for an attacker to interpret and a - ANSWER-A diverse environment can provide security by diversity, making attack strategies more difficult to research and implement. Which of the following authentication procedures effectively employs multifactor authentication? A password reset prompt requires the user to supply the answer to several recovery questions. A system login requires a user to insert a smart card and enter a PIN.

An entry control point employs a security guard and requires entrants to submit to a retinal scan. A system login requires a user to enter a password, pin, and passphrase. - ANSWER-system login requires a user to insert a smart card and enter a PIN. Question Several businesses operating on a federated network allow access to each other's resources through enterprise connections. When this type of federated network employs Security Assertion Markup Language (SAML), how are authorization tokens secured? SAML tokens are signed with an eXtensible Markup Language (XML) digital signature. SAML uses OpenID Connect (OIDC) to refer the service provider to the identity provider. SAML uses OpenID to allow the user to select their preferred identity - ANSWER-SAML tokens are signed with an eXtensible Markup Language (XML) digital signature. Question An administrator plans a backup and recovery implementation for a server. The goal is to have a full backup every Sunday followed by backups that only include changes every other day of the week. In the event of a catastrophe, the restore time needs to be as quick as possible. Which scheme does the administrator use? Full followed by incrementals Image followed by incrementals Full followed by differentials Snapshot followed by differentials - ANSWER-Full followed by differentials Question Two companies enter into an agreement that if one data center suffers a disaster-level event, it can failover to the other company's data center with minimal disruption in service. Which statement most accurately describes the companies' site resiliency postures? The companies have a reciprocal arrangement for mutual hot site support. The companies have a contractual agreement to provide mutual cold site support. The companies each have a reserved warm site for failover operations. - ANSWER-The companies have a reciprocal arrangement for mutual hot site support.

Question A company deploys an active defense strategy designed to detect insider malpractice. To record the malicious insider's actions, the security team creates a convincing, yet fake, data file with a tracker that records any data exfiltration attempts. Analyze the security tool and determine what method the security team employed. Honeypot Honeynet Subnet Honeyfile - ANSWER-Honeyfile Question A security specialist reviews an open closet with network cables and discovers highly exposable areas that are at high risk of physical intrusion. The specialist recommends creating a protected distribution system (PDS) to lower security risks. What would a PDS help solve? (Select all that apply.) Eavesdropping Speed Damage Length - ANSWER-Eavesdropping Damage A defense contractor must configure a new server in a site where several other companies maintain server equipment. The contractor's security requirements specify that other companies' personnel cannot gain access to the contractor's servers, and the area must be impervious to eavesdropping from electromagnetic leaks. What site security configuration will best meet the contractor's requirements? Locked Faraday cage Locked equipment cage Locked server racks Vault - ANSWER-Locked Faraday cage A server administrator configures symmetric encryption for client-server communications. The administrator configured it this way to utilize which mechanism? The same secret key is used to perform both encryption and decryption.

Any operations are performed by two different but related public and private keys. The keys are linked in such a way as to make it impossible to derive one from the other. A key pair is generated and the private key is kept secret. - ANSWER-The same secret key is used to perform both encryption and decryption. Question In a protocol, such as Transport Layer Security (TLS), the server and client negotiate mutually compatible cipher suites as part of the TLS handshake. Which of the following components is NOT part of the encryption cipher suite? Signature algorithm A key exchange/agreement algorithm Bulk encryption cipher Stream cipher - ANSWER-Stream cipher An engineer considers blockchain as a solution for record-keeping. During planning, which properties of blockchain does the engineer document for implementation? (Select all that apply.) Using a peer-to-peer network Obscuring the presence of a message Partially encrypting data Using cryptographic linking - ANSWER-Using a peer-to-peer network Using cryptographic linking Question An engineer implements a security solution to protect a domain. The engineer decides on DNS Security Extensions (DNSSEC) to prevent spoofing. Which features does the engineer rely on for protection? (Select all that apply.) Zone Signing Key RRset package Access Control List Key Signing Key - ANSWER-Zone Signing Key RRset package

Key Signing Key Which statements accurately describe the "telecommuter" model of remote access architecture? The VPN operates automatically. VPN gateways exchange security information. Clients connect to a VPN gateway on the edge of the private network. A site's routing infrastructure determines how to deliver traffic. - ANSWER-Clients connect to a VPN gateway on the edge of the private network. Which features distinguish a next-generation endpoint detection and response (EDR) product from traditional EDR solutions? (Select all that apply.) Next-generation endpoint agents use cloud management, rather than reporting to an on-premises server. Next-generation endpoint detection systems use artificial intelligence (AI) and machine learning to perform user and entity behavior analysis (UEBA). Next-generation endpoint agents report baseline configuration deviations, whereas legacy systems rep - ANSWER-Next-generation endpoint agents use cloud management, rather than reporting to an on- premises server. Next-generation endpoint detection systems use artificial intelligence (AI) and machine learning to perform user and entity behavior analysis (UEBA). Question An IT team looks into secure data access and file encryption solutions. During planning, the team researches the different states of data and decides on a way to handle data that is in memory but not used, such as a forgotten open file. Which data state is the team addressing? Data in use Data at rest Data in transit Data in motion - ANSWER-Data in use Question

A new systems administrator at an organization has a difficult time understanding some of the configurations from the previous IT staff. It appears many shortcuts were taken to keep systems running and users happy. Which weakness does the administrator report this configuration as? Complex dependencies Overdependence on perimeter security Availability over confidentiality and integrity Single points of failure - ANSWER-Availability over confidentiality and integrity Question A network administrator needs to implement a firewall between nodes on the same subnet, without reconfiguring subnets and reassigning IP addresses across the network. Considering firewall configurations, which implementation is the best choice? Routed firewall Router firewall Transparent firewall Virtual firewall - ANSWER-Transparent firewall Question A systems engineer looks to monitor a network for security purposes. The engineer places sensors throughout the building in appropriate places, but does not have enough to cover all areas that they want to monitor. Fortunately, the engineer thought ahead and purchased appropriate network switches. Which sensor type does the engineer use to monitor specific systems? (Select all that apply.) TAP (Active) SPAN TAP (passive) Mirror - ANSWER-TAP (Active) Mirror Analyze the following security information and event management (SIEM) functions and determine which event is NOT conducted during data aggregation. Normalize time zones to a single timeframe. Use plug-ins to parse data from different vendors and sensors.

Identify attributes and content that can be mapped to standard fields. Link observables into a meaningful indicator of risk, or Indicator of Compromise (IOC). - ANSWER-Link observables into a meaningful indicator of risk, or Indicator of Compromise (IOC). Compare and evaluate the main components in an Extensible Authentication Protocol (EAP). Which scenarios accurately differentiate between these components? (Select all that apply.) An authenticator performs the authentication and the authentication server establishes a channel. An authenticator establishes a channel for the supplicant and the authentication server to exchange credentials using EAP. A supplicant requests authentication and the authentication server performs the authentication. A - ANSWER-An authenticator establishes a channel for the supplicant and the authentication server to exchange credentials using EAP. A supplicant requests authentication and the authentication server performs the authentication. A technician is tasked with developing an implementation guide on embedded systems communications considerations after budgeting for new systems in the upcoming year. What are NOT true statements regarding these communication considerations?(Select all that apply.) A cellular network enables long-distance communication over the same system that supports mobile and smartphones. Z-Wave and Zigbee are wired communications protocols used primarily for home automation. Any LTE-based cellular radio us - ANSWER-Z-Wave and Zigbee are wired communications protocols used primarily for home automation. A cabled network for industrial applications is referred to as an organizational technology (OT) network. An engineering firm provisions microwave technology for a wide area communications project. When using point-to-multipoint (P2M) mode, which technologies does the firm put in place? (Select all that apply.) Directional antennas Sectoral antennas Multiple sites connected to a single hub High gain link between two sites - ANSWER-Sectoral antennas Multiple sites connected to a single hub

Question A mobile device program at an organization allows users to use a standard issue company owned device for personal and work use. Which program type does the organization provide? BYOD CYOD COBO COPE - ANSWER-COPE Question An IT Security Analyst is asked to implement a secure mobile solution that utilizes Near Field Communication (NFC) for mobile payments at a retail business. Which of the following would best help to secure mobile payment transactions against potential NFC-related attacks? Using a mobile wallet app that transmits a one-time token. Enabling NFC functionality only at the time of transaction. Incorporating an NFC-blocking wallet or card protector. Enforcing a policy of using only secure and - ANSWER-Using a mobile wallet app that transmits a one- time token. Question A company located in the western United States that uses cloud computing relies on redundant systems in adjacent availability zones for data backup and storage. Analyze the configuration and determine which level of high availability service the company utilizes. Local replication Regional replication Geo-redundant storage (GRS) Cloud service replication - ANSWER-Regional replication A company tells the IT department that user access needs to be changed so privileges are only granted when needed, then revoked as soon as the task is finished or the need has passed. Based on Account Management practices, what is the company asking the IT department to implement? Onboarding

Identity and Access Management (IAM) Offboarding Least privilege - ANSWER-Least privilege A systems administrator deletes a user account after an employee left the company. The employee returns a few weeks later and the account is recreated with the same username and password. The user no longer has immediate access to previously used assets such as files and folders. Which account property does the administrator realize is the cause? The username is different The user's security identifier is different The user's password is different The user's descriptive name is different - ANSWER-The user's security identifier is different Question Identify the options that are types of active directory group scopes. (Select all that apply.) Domain local Local group Global Universal - ANSWER-Domain local Global Universal Consider the Public Key Infrastructure (PKI) Trust Model. Which of the following best protects against compromise? Single CA Intermediate CA Self-signed CA Offline CA - ANSWER-Offline CA Question

Consider the process of obtaining a digital certificate and determine which of the following statements is NOT correct. A Certificate Authority (CA) ensures the validity of certificates and the identity of those applying for them. Registration is the process where end users create an account with the domain administrator. The registration function may be delegated by the CA to one or more RAs. When a subject wants to obtain a certificate, it completes a CSR. - ANSWER-Registration is the process where end users create an account with the domain administrator. Question A user enters the web address of a favorite site and the browser returns the following: "There is a problem with this website's security certificate." The user visits this website frequently and has never had a problem before. Applying knowledge of server certificates, select the circumstances that could cause this error message. (Select all that apply.) The system's time setting is incorrect. The certificate is pinned. The browser needs to be updated. The certificate expired. - ANSWER-The system's time setting is incorrect. The certificate expired. Which of the following key storage solutions exercises M-of-N control? Security administrators log and audit access to critical encryption keys. While four administrators have access to the system, it takes two administrators to access the system at any given time. A third party safely stores the encryption key. One administrator has access to the system, and that administrator can delegate access to two others. - ANSWER-While four administrators have access to the system, it takes two administrators to access the system at any given time. Question

A junior engineer investigates a systems breach. While documenting network information, the engineer uses the arp command. What useful information will this command provide? The configuration assigned to network interface(s) in Windows, including the media access control (MAC) address. The address of the DHCP server that provides the IP address lease. Probing of a host on a particular IP address. The MAC address of systems the host has communicated with. - ANSWER-The MAC address of systems the host has communicated with. Which command can help a security professional conducting an organizational security assessment identify a spoofing attack? arp ipconfig/ifconfig route pathping/mtr - ANSWER-arp Management looks to IT for a solution to identify successful and failed login attempts. Which solution will IT provide to management? Logs Network monitors Packet capture Sniffer - ANSWER-Logs Question An engineer configures hosts on a network to use IPSEC for secure communications. The engineer is deciding between Encapsulation Security Payload (ESP) or Authentication Header (AH). If the engineer chooses transport mode over tunnel mode, which specifics of operation should be expected? (Select all that apply.) With ESP the whole IP packet (header and payload) is encrypted With ESP the IP header for each packet is not encrypted AH has no real use in this mode AH can provide integrity f - ANSWER-With ESP the IP header for each packet is not encrypted

AH can provide integrity for the IP header There are a variety of methods for indicating a potential security breach during the identification and detection phase of incident response. Two examples are Intrusion Detection System (IDS) alerts and firewall alerts. Evaluate the following evidence and select the alternate methods that would be of most interest to the IT department during this phase. (Select all that apply.) A daily industry newsletter reports on a new vulnerability in the software version that runs on the company's server. A - ANSWER-A daily industry newsletter reports on a new vulnerability in the software version that runs on the company's server. An anonymous employee uses an "out of band" communication method to report a suspected insider threat. Question In the containment phase of incident response, the Cyber Incident Response Team (CIRT) faces complex issues that need to be addressed quickly. During this phase, a member of the CIRT would be concerned about all EXCEPT which of the following issues? What damage has already occurred? Which password policy will prevent this in the future? What actions could alert the attacker that the attack has been detected? What countermeasures are available? - ANSWER-Which password policy will prevent this in the future? Question The recovery phase of an incident response involves several steps. Which of the following is NOT a step in the recovery phase? Reaudit security controls. Reconstitute affected systems. Prepare a lessons learned report. Notify affected parties with instructions to remediate affected systems. - ANSWER-Prepare a lessons learned report.

A company hires a security consultant to train the IT team in incident response procedures. The consultant facilitates a question and answer session, and the IT team practices running scans. Determine which type of incident response exercise the consultant facilitates in this scenario. Tabletop exercise Walkthrough Simulation Forensics - ANSWER-Walkthrough During a cyber incident response exercise, a blue team takes steps to ensure the company and its affiliates can still use network systems while managing a simulated threat in real-time. Based on knowledge of incident response procedures, what stage of the incident response process is the blue team practicing? Containment Identification Eradication Recovery - ANSWER-Containment A security information and event management (SIEM) manager analyzes logs from a network RADIUS server. When the SIEM manager analyzes this data, what is the manager looking for as an indicator of possible malicious activity? Unauthorized network traffic Suspicious metadata entries Communication with suspect IP addresses Authentication attempt errors - ANSWER-Authentication attempt errors Examine each of the following attack scenarios to determine which vulnerabilities can be mitigated by changing firewall configurations. An authorized user unknowingly installed a malicious script sent via email. An attacker used a software vulnerability to install a malicious script. An attacker used a domain name server (DNS) lookup from a network host. An attacker exploited a network client that bypassed the secure web gateway (SWG). - ANSWER-An attacker used a domain name server (DNS) lookup from a network host.

Question A suspected malicious insider at a company conducted a network attack. A security manager, who personally knew the insider, conducts forensic analysis and looks for evidence of misconduct on the employee's workstation and in system logs. The manager packages the data for further review but modifies it by removing certain fields of data to make it easier to review. Examine the scenario and determine what argument a defense attorney might bring up concerning the forensic investigative p - ANSWER-The examiner conducted analysis with bias. he examination did not follow ethical procedures. An employee suspected of storing illicit content on a company computer discovers a plan to investigate, so the employee tries to hide evidence of wrongdoing. The employee deletes the illicit files and attempts to overwrite them. If a forensics investigation can discover the lost files, which statement best describes how? The forensics investigation will not be able to locate the lost files. The forensics investigator can retrieve fragments of deleted or overwritten files. The forensics investiga - ANSWER-The forensics investigator can retrieve fragments of deleted or overwritten files. The Human Resources department works with the IT department at an organization to develop employee security training. Which security control type and function describes the training program? (Select all that apply.) Operational Managerial Deterrent Compensating - ANSWER-Operational Deterrent Question The IT director at a financial institution grants account permissions using an access control list (ACL). This illustrates what type of security control? Preventative Deterrent

Corrective Detective - ANSWER-Preventative Question After a break-in at a government laboratory, some proprietary information was stolen and leaked. Which statement best summarizes how the laboratory can implement security controls to prevent future breaches? The laboratory needs to take detective action and should implement physical and deterrent controls in the future. The laboratory needs to take detective action and should implement corrective controls in the future. The laboratory needs to take compensatory action and should impleme - ANSWER-The laboratory needs to take corrective action and should implement both physical and preventative controls in the future. Question The Human Resources department issues a policy at an organization to govern the use of company owned computer equipment. Which behavior type does this policy address? Code of conduct Clean desk Bring your own device Acceptable use - ANSWER-Acceptable use Question A network administrator is preparing a strategy for backing up company data. Which of the following is NOT a main backup type? Full Incremental Discretionary Differential - ANSWER-Discretionary An organization prepares for an audit of all systems security. While doing so, staff perform a risk management exercise. Which phase does the staff consider first?

Identify vulnerabilities Identify essential functions Analyze business impact Identify risk response - ANSWER-Identify essential functions Question While preparing a disaster recovery plan, management at a company considers how far back it can allow for the loss of data. Which metric does management use to describe this business essential data in terms of recovery? Recovery point objective Work recovery time Maximum tolerable downtime Mean time to repair - ANSWER-Recovery point objective A new IT administrator accidently causes a fire in the IT closet at a small company. Consider the disaster types and conclude which types this event might classify as. (Select all that apply.) External Man-made Internal Environmental - ANSWER-Man-made Internal A company performing a risk assessment calculates how much return the company has saved by implementing a security measure. Which formula will they use to calculate this metric? Asset value x EF [(ALE-ALEm)-Cost of Solution]/Cost of Solution SLE x ARO (ALE-SLE)/Cost of Solution - ANSWER-[(ALE-ALEm)-Cost of Solution]/Cost of Solution Question

A company hires a security consultant to help them perform a business process analysis (BPA) and reduce dependencies. The consultant asks a manager at the company to walk through the typical process each salesperson makes when processing order requests. Examine the consultant's methods and determine which factor in the BPA the consultant is evaluating. Identify process inputs Identify process outputs Examine the process flow Identify staff and other resources performing the function - ANSWER-Examine the process flow Question A company without an internal IT team hires a service provider to monitor a computer network for security issues. Before the service provider is given access, which agreement is put in place to establish expectations? NDA SLA ISA PII - ANSWER-SLA A data analytics company compiles reports based on patient health information for a regional patient call center, which will later use the data to contact patients for follow-up appointments. All sensitive information is digitally modified to contain randomly generated letters that can be returned to its original value by using the correct tool. Based on this requirement, which de-identification method is the data analytics company using to protect patient data? Data masking Data minimization To - ANSWER-Tokenization