Free Practice Exam 3

Correct Answer: C Explanation: The correct answer is (C) because restricting the device’s access to corporate resources minimizes the risk of further data exposure while ensuring the employee has an opportunity to bring the device into compliance. (A) is incorrect because merely notifying the employee does not mitigate the immediate risk posed by an unencrypted device. (B) is incorrect because locking the device remotely may disrupt legitimate use, and a forensic investigation should only occur if a breach is confirmed. (D) is incorrect because revoking BYOD privileges is a last resort and may not be necessary if the issue can be remediated. Restricting access provides a balanced and effective response.

Correct Answer: A. False positive; adjust the detection rules Explanation: Flagging legitimate encrypted communication as malicious is a false positive (A), where normal activity is incorrectly identified as a threat. Mitigating this issue involves adjusting detection rules to better differentiate between legitimate and malicious traffic. Option B, False negative, refers to failing to detect a threat, which is not the case here. Option C, System misconfiguration, incorrectly assumes the encryption protocols are at fault. Option D, Packet loss, refers to missing data during transmission and is unrelated to the described scenario.

Correct Answer: B Explanation: The correct answer is B because in symmetric encryption, the same key is used for both encryption and decryption. The recipient must possess the symmetric key to decrypt the file. Option A (A) is incorrect as private keys are used in asymmetric encryption, not symmetric encryption. Option C (C) is incorrect because passwords are not typically used as encryption keys but may be used to derive keys in some systems, which is not applicable here. Option D (D) is incorrect because public keys are part of asymmetric encryption schemes and are not used in symmetric encryption.

Correct Answer: C. Consent and transparency Explanation: The violation in this scenario is related to consent and transparency (C), as the company shares customer data with third-party vendors without obtaining explicit consent. Option A (Data minimization) ensures only necessary data is collected but is unrelated to unauthorized data sharing. Option B (Purpose limitation) dictates that data should be used only for specified purposes but does not specifically address consent. Option D (Data retention policy) involves retaining data only as long as necessary and is not relevant here. Consent and transparency are critical components of privacy, ensuring individuals have control over how their data is shared and used.

Correct Answer: B. Implement multi-factor authentication (MFA) for privileged accounts Explanation: Implementing multi-factor authentication (MFA) for privileged accounts (B) is the correct answer because it provides an additional layer of security to protect these high-value targets, reducing the risk of unauthorized access. Deploying intrusion detection systems (IDS) (A) enhances monitoring but does not directly address the vulnerability of privileged accounts. Increasing encryption strength for stored data (C) improves data security but does not mitigate account-related risks. Conducting regular security awareness training (D) is important but does not address the specific vulnerability in privileged account access. MFA adds a critical layer of protection for privileged accounts, aligning with the defense-in-depth strategy.

Correct Answer: B. Least privilege Explanation: The principle of least privilege (B) is being violated because employees in the IT department have been given access that exceeds what is necessary for their job roles. Least privilege ensures users only have the minimum access needed to perform their responsibilities, reducing the risk of unauthorized access to sensitive data. Option A (Need-to-know) is incorrect because while related, it specifically restricts access to information only when required to perform a specific task. Option C (Role-based access control) refers to assigning permissions based on roles, which could help enforce least privilege but is not the principle directly violated here. Option D (Segregation of duties) is unrelated to this situation as it ensures no single individual has the capability to execute critical tasks end-to-end, rather than focusing on access levels.

Correct Answer: C. To minimize revenue losses during a peak business period Explanation: Disaster recovery is crucial in this scenario because it helps restore operations quickly, minimizing revenue losses during a critical business period like the holiday season (C). While customer data protection (A) is important, this scenario focuses on operational downtime rather than data loss. Legal obligations (B) may be relevant, but the primary concern here is financial loss due to downtime. Enhancing cybersecurity resilience (D) is a long-term objective but is not the direct focus of immediate disaster recovery efforts. Therefore, C accurately reflects the importance of disaster recovery in this context.

Correct Answer: B Explanation: The correct answer is B because notifying the document owner ensures the label is corrected promptly, and reviewing the automated tool's configuration addresses the root cause of the mislabeling to prevent recurrence. Option A (A) is incorrect because deleting the document without addressing the underlying issue is not an effective or sustainable solution. Option C (C) is incorrect because sharing mislabeled documents risks improper handling of sensitive data and violates data labeling policies. Option D (D) is incorrect because automated tools, while helpful, are not infallible, and ignoring errors undermines the reliability of the data labeling process.

Correct Answer: A. Conduct additional training to reinforce adherence to the standard Explanation: The correct answer is (A) Conduct additional training to reinforce adherence to the standard because governance processes emphasize compliance with established standards through proper training and awareness. The team’s failure indicates a knowledge gap that can be addressed by reinforcing the importance of the documented response process. (B) is incorrect because modifying the standard to match incorrect practices undermines governance integrity. (C) is incorrect because ignoring the failure risks similar issues during real incidents. (D) is incorrect because while automation can improve efficiency, it does not address the root cause of non-compliance with the standard. Training ensures that the team understands and adheres to established governance processes.

Correct Answer: B. Enforce network monitoring and anomaly detection for the IoT VLAN Explanation: Enforcing network monitoring and anomaly detection for the IoT VLAN (B) is the correct answer because it provides visibility into traffic patterns, helping to detect and respond to potential security incidents in the segmented network. Implementing endpoint protection software (A) is impractical for many IoT devices due to their limited processing capabilities. Configuring static routes (C) allows connectivity but does not enhance security. Enabling split tunneling (D) increases exposure by allowing some traffic to bypass secure channels. Monitoring and anomaly detection strengthen segmentation by providing proactive threat detection and response capabilities.

Correct Answer: A Explanation: The correct answer is (A) because notifying users ensures transparency, and prioritizing the fix demonstrates compliance with the privacy policy and trustworthiness. (B) is incorrect because suspending services may cause unnecessary disruption and is not proportional to the issue. (C) is incorrect because continuing operations without resolving the problem violates the privacy policy and could lead to legal consequences. (D) is incorrect because limiting data collection based on past opt-outs does not address the broken functionality, which remains a compliance risk. Addressing the issue immediately ensures alignment with privacy principles and user trust.

Correct Answer: B. Ensuring uninterrupted operations in critical business areas Explanation: The correct answer is B because establishing contracts with alternative suppliers ensures continuity in critical operations, such as production, by mitigating supply chain disruptions. Option A is incorrect because long-term profitability, though potentially impacted, is not the direct purpose of the action. Option C is incorrect because the decision is not driven by cost reduction but by operational resilience. Option D is incorrect because stakeholder expectations around ethical sourcing are unrelated to the business continuity goal of uninterrupted operations.

Correct Answer: B Explanation: Using configuration templates aligned with security benchmarks (B) ensures systems are both remediated and maintained with hardened configurations over time, reducing vulnerabilities. Ad hoc fixes (A) do not address systemic issues or provide long-term consistency. Focusing solely on patching (C) addresses software vulnerabilities but neglects configuration weaknesses, which are equally critical. Alerts for misconfigurations (D) provide useful notifications but lack the proactive enforcement and consistency offered by standardized templates. Proper integration of configuration management ensures systematic hardening of systems and reduces recurring vulnerabilities.

Correct Answer: C. Adapt the procedure in real time to address the specific threat Explanation: The correct answer is (C) Adapt the procedure in real time to address the specific threat because governance processes require procedures to be practical but also adaptable to real-world scenarios. While the predefined procedure provides a structured approach, teams must exercise flexibility to handle unforeseen circumstances like unique malware. (A) is incorrect because abandoning the procedure entirely could lead to inconsistent and uncontrolled actions, violating governance principles. (B) is also incorrect because escalating without taking action delays the response, which could worsen the situation. (D) is incorrect because stopping to rewrite the procedure during an incident would be impractical and counterproductive. Procedures are meant to guide actions but allow for reasonable adjustments as necessary.

Correct Answer: C. Combine biometric access control with 24/7 video surveillance Explanation: Combining biometric access control with 24/7 video surveillance (C) is the correct answer because it delays and deters unauthorized access through secure biometric authentication while providing continuous monitoring through surveillance, ensuring real-time visibility and auditing capabilities. Heavy-duty locks and locked cages (A) are insufficient as they lack monitoring capabilities and can be bypassed with physical tools. Deploying security guards (B) can provide deterrence but is less effective without automated systems for monitoring and access restriction. A keypad entry system with rotating access codes (D) offers a layer of security but is less effective than biometrics due to the risk of code sharing or compromise. Biometrics combined with surveillance creates a robust, multi-layered approach to physical security.

Correct Answer: B Explanation: The correct answer is B because identifying and categorizing data based on its sensitivity and value is the foundational step in a data classification process. This ensures that the organization can assign appropriate security controls to different categories. Option A (A) is incorrect because assigning controls without first categorizing data may lead to inconsistent or inadequate security measures. Option C (C) is incorrect because training employees is important but should follow the establishment of a classification framework. Option D (D) is incorrect because encrypting all data without classification could be inefficient and does not address the need for differentiated handling requirements based on sensitivity.

Correct Answer: A. Quarantine non-compliant devices in a separate VLAN Explanation: Quarantining non-compliant devices in a separate VLAN (A) is the correct answer because it ensures that devices failing NAC checks are isolated from the main network, preventing them from accessing critical resources. MAC address filtering (B) is ineffective because MAC addresses can be spoofed. Role-based access control (C) restricts user permissions but does not isolate non-compliant devices. Multi-factor authentication (D) enhances user authentication but does not address device compliance. Quarantining ensures that only compliant devices gain full network access while isolating those that pose a potential risk..

Correct Answer: B) Prioritize mitigating this risk due to its high potential impact In risk assessment, even risks with a medium likelihood can be prioritized if their potential impact is high. This is because the consequences of a data breach could be severe, including damage to reputation, loss of customer trust, and potential regulatory fines. Option (A) underestimates the importance of the high impact, and option (C) wrongly suggests accepting a high-impact risk simply due to its medium likelihood. Option (D) focuses only on likelihood, which is not sufficient when the impact is so significant.

Correct Answer: B. Enable two-factor authentication (2FA) Explanation: Enabling two-factor authentication (2FA) (B) is the most effective measure because it combines something the user knows (password) with something they have (e.g., a mobile app token) or are (biometric). This significantly reduces the risk of unauthorized access compared to passwords alone. Option A (Implement CAPTCHA challenges) prevents bots but does not enhance authentication for human users. Option C (Monitor user login activity) aids in detection but does not prevent unauthorized access. Option D (Enforce password complexity requirements) improves password security but does not protect against stolen credentials. 2FA adds a critical additional layer of security.

Correct Answer: B. Horizontal scaling to add more instances of application components Explanation: Horizontal scaling to add more instances of application components (B) is the correct answer because it enables the application to handle increased traffic by distributing the load across multiple instances. Vertical scaling (A) increases the capacity of individual servers but has hardware limitations and may not be sufficient for large traffic spikes. Serverless architecture (C) is unrelated to scaling existing applications in a PaaS environment. Content delivery network (CDN) integration (D) improves content delivery but does not address application scaling. Horizontal scaling is a core feature of PaaS platforms, allowing applications to adapt dynamically to varying traffic levels.

Correct Answer: C) Guards may misinterpret valid credentials and deny authorized access Explanation: The primary risk of relying solely on guards to perform identity verification (C) is the potential for human error, such as misinterpreting valid credentials and inadvertently denying authorized individuals access. While stress (A) can affect performance, it’s not the most significant risk in this context. Guards providing access to unauthorized individuals in emergencies (B) is possible but typically addressed through emergency response protocols. Guards becoming a target for physical attacks (D) is a concern but does not directly relate to the accuracy of the identity verification process.

Correct Answer: A) Risk mitigation Risk mitigation involves implementing controls or strategies to reduce the likelihood or impact of a risk. In this case, the company is using a workaround as a temporary solution to reduce the likelihood of the vulnerability being exploited. Option (B) is incorrect because risk acceptance would imply no action is taken. Option (C) refers to transferring the risk to another party (e.g., through insurance or outsourcing), which is not the case here. Option (D) refers to eliminating the risk entirely, which is not feasible in this scenario as the company has only implemented a temporary measure.

Correct Answer: D. Require a certificate authority (CA) to validate signatures Explanation: Requiring a certificate authority (CA) to validate signatures (D) strengthens non-repudiation by ensuring that the digital signatures are verified against a trusted source. Option A (Implement stronger encryption for transaction data) protects confidentiality but does not enhance non-repudiation. Option B (Enforce multi-factor authentication before signing) improves authentication but does not directly address disputes over the validity of a signature. Option C (Record the IP address and geolocation of the signer) aids in context but does not irrefutably link the customer to the transaction. A CA adds a layer of trust by verifying the authenticity of digital signatures, making it harder to deny their validity.

Correct Answer: B) Enhanced security through two-factor authentication Explanation: The primary advantage of combining RFID badges with PIN codes (B) is the enhancement of security through two-factor authentication. This ensures that even if an unauthorized person obtains a valid badge, they cannot gain access without also knowing the correct PIN. While increased convenience (A) may be a secondary benefit, the focus of this system is on security. Badge distribution costs (C) are likely to be higher when both a badge and PIN system are used. Reduced gate malfunctions (D) are not a direct benefit of using this two-factor system.

Correct Answer: B. Man-in-the-Middle (MITM) attack Explanation: ARP spoofing allows an attacker to intercept network traffic by impersonating a legitimate server, a classic method of executing a Man-in-the-Middle (MITM) attack (B). This technique enables attackers to capture, manipulate, or redirect communications. Option A, Cross-site scripting (XSS), involves injecting malicious scripts into web pages and does not involve traffic interception. Option C, Trojan horse, disguises malicious software as legitimate but does not intercept traffic. Option D, Buffer overflow, exploits memory management flaws to execute arbitrary code but is unrelated to ARP spoofing or traffic interception.

Correct Answer: B. Use identity-based policies tied to specific workloads Explanation: Using identity-based policies tied to specific workloads (B) is the correct answer because micro-segmentation focuses on securing individual workloads by defining policies based on attributes such as application identity, role, or user context. VLANs (A) provide basic segmentation but lack the granularity needed for dynamic policy enforcement. Static routing tables (C) control traffic direction but do not enforce security policies or prevent lateral movement. Defining policies based on physical network topology (D) is outdated and does not align with the flexible, dynamic nature of micro-segmentation. Identity-based policies ensure precise control over inter-workload communication, reducing the risk of lateral movement.

Correct Answer: C) Set up motion-detection alerts to flag unusual movement patterns Explanation: Motion-detection alerts (C) enhance the utility of CCTV systems by automatically flagging suspicious movement patterns, allowing security personnel to react more quickly to potential threats. While real-time footage review (A) might seem effective, it can overwhelm staff and may not be as efficient as automated alerts. Storing footage for a limited time (B) might save on storage costs but reduces the ability to conduct thorough investigations if needed later. Allowing all employees to review footage (D) creates privacy concerns and undermines the integrity of the surveillance system.

Correct Answer: C. False positive; refine detection thresholds Explanation: Blocking legitimate traffic due to overly strict rules is a false positive (C). This issue should be addressed by refining detection thresholds or adjusting rules to reduce the likelihood of legitimate activities being flagged as malicious. Option A, False negative, occurs when malicious traffic is not detected, which is not described here. Option B, Misconfiguration, is a broader term and does not specifically address the issue of false positives. Option D, Latency issue, does not relate to blocking legitimate traffic due to detection thresholds.

Correct Answer: C. 1433 Explanation: The correct answer is (C) because port 1433 is the default port for Microsoft SQL Server, which is commonly used for database communication. If traffic on this port is blocked, the database server will be unreachable. (A) is incorrect because port 23 is used by Telnet, a protocol for remote communication. (B) is incorrect because port 80 is used by HTTP for web traffic, not database communication. (D) is incorrect because port 3389 is used by RDP for remote desktop access, which is unrelated to database functionality.

Correct Answer: D. Trojan horse Explanation: The scenario describes malware delivery through an email attachment, which is characteristic of a Trojan horse (D). Trojans disguise themselves as legitimate files or programs to trick users into execution. Option A, Ransomware attack, is incorrect because ransomware encrypts files and demands payment but does not describe the initial delivery mechanism in this case. Option B, Packet sniffing, refers to capturing data in transit over a network, which is not relevant here. Option C, Social engineering, involves manipulating individuals to disclose sensitive information or perform specific actions, but the focus here is on the malicious program delivered via email.

Correct Answer: B. Transport Layer Explanation: The correct answer is (B) because the Transport Layer handles fragmentation and reassembly of data packets to ensure reliable transmission, particularly when large files are transmitted over networks with varying maximum transmission units (MTUs). (A) Application Layer handles application-specific protocols and does not manage fragmentation. (C) Internet Layer provides routing and addressing services but does not reassemble fragmented packets. (D) Network Interface Layer concerns the physical transmission of packets and does not deal with fragmentation and reassembly logic.

Correct Answer: C. Network Layer Explanation: The correct answer is (C) because the Network Layer (Layer 3) is responsible for routing packets between devices and across networks, including external networks such as the internet. Troubleshooting at this layer may involve examining IP configurations, routing tables, or gateway settings. (A) Transport Layer deals with end-to-end communication, ensuring data integrity and sequencing, but it is not directly involved in routing issues. (B) Data Link Layer is responsible for local device-to-device communication and MAC addressing, so it does not handle routing. (D) Application Layer focuses on user interfaces and applications, and would not address the underlying routing problem.

Correct Answer: B. 30 Explanation: The correct answer is (B) because creating eight subnets requires borrowing three bits from the host portion, resulting in a subnet mask of 255.255.255.224 or /27. Each subnet has 25=32 IP addresses (as 32 is the remaining host bits). Two addresses are reserved: one for the network address and one for the broadcast address, leaving 32−2=30 usable host addresses per subnet. (A) 14 is incorrect, as it applies to /28 subnetting, which allows 16 total addresses with 14 usable. (C) 62 applies to /26 subnetting, which allows 64 total addresses with 62 usable. (D) 126 applies to /25 subnetting, which allows 128 total addresses with 126 usable.

Correct Answer: B) Installing lighting around the perimeter to eliminate dark areas at night Explanation: Installing perimeter lighting (B) is a key strategy in environmental design to deter unauthorized access, as it eliminates dark areas that could be used for concealment. While hedges and bushes (A) might obscure views, they can also provide cover for intruders. Reflective surfaces (C) reduce visibility for external observers but do not actively deter unauthorized access. Decorative water features (D) may enhance the appearance of the facility but do not contribute to its security.

Correct Answer: B. To establish step-by-step instructions for patch implementation Explanation: The correct answer is (B) To establish step-by-step instructions for patch implementation because procedures are detailed, specific instructions that explain "how" to perform a task or achieve compliance with a policy, such as the steps for patch management in this scenario. (A) is incorrect because policies define the overarching rules and objectives but do not provide step-by-step details. (C) is incorrect because technical standards define measurable specifications, such as system requirements for patches, not the process itself. (D) is incorrect because best practices are typically categorized as guidelines, which are not mandatory or detailed enough to replace procedures. This question emphasizes the critical role procedures play in operationalizing governance requirements.

Correct Answer: C) Risk mitigation Risk mitigation involves taking actions to reduce the likelihood or impact of a risk. In this case, the company is implementing stronger data encryption, improving access control, and providing employee training to reduce the likelihood of a data breach and mitigate its potential impact. Option (A) is incorrect because risk avoidance would involve eliminating the risk, which is not being done here; the company is managing the risk. Option (B) is incorrect because risk transference involves shifting the risk to another party (such as through insurance), which the company is not doing. Option (D) is incorrect because risk acceptance would involve tolerating the risk without taking any action, which is not the company’s approach.

Correct Answer: C. Remove the employee's access to approve payments and allow them to focus solely on entering invoices. Explanation: Segregation of duties minimizes the risk of fraud or errors by ensuring no single individual controls all critical aspects of a process. (A) is incorrect because consolidating all vendor processes under another employee replicates the issue rather than solving it. (B) is incorrect as a dual-approval system is a good control but does not address the root issue of conflicting roles. (C) is correct because removing the ability to approve payments from the same individual responsible for invoice entry eliminates the conflict. (D) is incorrect because relying on alerts is reactive and does not prevent improper actions.

Correct Answer: A. Use a write-once log storage system Explanation: Using a write-once log storage system (A) ensures that logs cannot be altered after being recorded, preserving their integrity. Option B (Implement role-based access control) limits access to logs but does not guarantee their immutability. Option C (Enable multi-factor authentication for log access) strengthens authentication but does not prevent tampering by authorized users. Option D (Conduct regular vulnerability scans) helps identify weaknesses but does not protect logs from modification. Write-once systems ensure that logs remain an unalterable source of truth, critical for investigating incidents.

Correct Answer: B) Set up an automated alert system for when unauthorized personnel gain access Explanation: Setting up an automated alert system (B) is crucial for identifying and responding to incidents when unauthorized personnel gain access. This allows security to take immediate action, even if the physical access control system malfunctions. Manual checks (A) are resource-intensive and might not be practical at all entry points. Automatically logging unauthorized personnel (C) is useful, but it doesn’t provide the same level of immediate response as real-time alerts. Reprogramming the system (D) might not address the root cause of the malfunction, which could recur without other safeguards like alerts.

Correct Answer: D. Ensuring the organization’s readiness to maintain critical functions Explanation: The correct answer is D because the exercise simulates a real-life scenario to test and ensure the organization's readiness to maintain critical functions during a disruption. Option A is incorrect because disaster recovery focuses on restoring IT systems after a disruption, whereas this exercise emphasizes operational continuity. Option B is partially true but incorrect because the focus is broader than just testing remote work solutions—it is about overall readiness. Option C is incorrect because while cybersecurity might be considered during remote work, it is not the primary focus of this continuity exercise.

Correct Answer: C. Automatic Transfer Switch (ATS) Explanation: The Automatic Transfer Switch (ATS) (C) is the correct answer because it ensures seamless and automatic switching between primary and backup power sources without manual intervention, minimizing downtime. A Power Distribution Unit (PDU) (A) is incorrect because it only distributes power and does not facilitate source switching. A backup generator (B) provides alternative power but requires an ATS to switch between power sources automatically. A surge protector (D) safeguards against electrical surges but does not contribute to power source switching. The ATS is specifically designed for automated power transfer, making it essential for ensuring uninterrupted operations.

Correct Answer: B Explanation: The primary focus of security awareness training in this scenario should be to teach employees to verify the identity of callers (B) before sharing sensitive information, such as login credentials. This directly addresses the issue of social engineering attacks like phishing and vishing. Mandating multi-factor authentication (A) is a technical control that does not educate employees on recognizing social engineering tactics. Requiring frequent password changes (C) may improve overall security hygiene but does not mitigate social engineering directly. Stronger password policies (D) similarly address password security, not the behavioral vulnerabilities exploited by social engineering.

Correct Answer: C. Conduct a gap analysis to identify areas where the policy does not meet GDPR requirements Explanation: The correct answer is (C) Conduct a gap analysis to identify areas where the policy does not meet GDPR requirements because understanding specific gaps is crucial for taking corrective action. A gap analysis enables the organization to pinpoint discrepancies and prioritize updates. (A) is incorrect because updating the policy and notifying customers without a proper assessment risks overlooking critical requirements. (B) is incorrect because ceasing data collection is reactive and does not address existing compliance issues. (D) is incorrect because deleting all data is an extreme measure and may not align with legal obligations to retain certain records. Conducting a gap analysis ensures a structured and informed approach to achieving compliance.

Correct Answer: B. Anomaly-based IDS Explanation: The IDS in this scenario detects deviations from normal network behavior, such as unusual traffic volumes or access patterns, which characterizes an anomaly-based IDS (B). This approach is effective for identifying previously unknown threats by flagging abnormal activities. Option A, Signature-based IDS, relies on predefined attack signatures and would not detect novel patterns. Option C, Host-based IDS (HIDS), monitors activity on specific devices rather than network-wide anomalies. Option D, Rule-based IDS, follows predefined rules to identify threats but does not involve baseline behavioral analysis.

Correct Answer: D Explanation: The correct answer is (D) because implementing a password manager helps users securely store and retrieve complex passwords, reducing reliance on memory and improving compliance with strong password policies. (A) is incorrect because reducing complexity weakens security and does not align with best practices. (B) is incorrect because while MFA adds a layer of security, allowing less complex passwords introduces vulnerabilities. (C) is incorrect because increasing the expiration period without addressing the root cause (users forgetting passwords) does not solve the issue and might still lead to weak password practices. A password manager is the best solution for balancing security and usability.

Correct Answer: C Explanation: The correct answer is C because a mismatch in hash values indicates that the file has been altered, either due to corruption during download or malicious tampering. Hashing is specifically used to detect such integrity issues. Option A (A) is incorrect because a matching hash would be required to verify the file successfully. Option B (B) is incorrect because hash algorithms are standardized, and using a different algorithm would not produce comparable results, making this a procedural error rather than a hash mismatch scenario. Option D (D) is incorrect because hashing is a reliable and widely used method for verifying file integrity, provided the hash algorithm and implementation are correctly applied.

Correct Answer: C Explanation: Establishing a patch management process (C) ensures updates are tested in a controlled environment before deployment, reducing the risk of instability or incompatibility issues. Automatic updates (A) may lead to unintended disruptions or failures in production environments if not tested. Scheduling updates for critical systems only (B) neglects other systems, leaving potential attack vectors open. Waiting for vendor alerts (D) is reactive and may result in delays in addressing vulnerabilities, exposing systems to exploitation. A structured patch management process balances security and operational stability effectively.

Correct Answer: B Explanation: The correct answer is B because using consistent and predefined labels ensures that all data is classified systematically, enabling easier compliance with data protection regulations and effective data handling. Option A (A) is incorrect because labeling only customer data neglects the importance of protecting sensitive internal data. Option C (C) is incorrect because arbitrary labeling leads to inconsistencies and makes compliance and enforcement difficult. Option D (D) is incorrect because labeling data only when shared externally fails to address internal data security requirements and may result in mismanagement of sensitive information.

Correct Answer: B Explanation: The correct answer is (B) because seeking explicit customer consent ensures compliance with the privacy policy and legal regulations like GDPR or CCPA, which require consent for using data beyond its original purpose. (A) is incorrect because while anonymization reduces the risk of identification, it does not comply with the explicit consent requirement. (C) is incorrect because internal use without consent still violates the policy if it deviates from the original purpose. (D) is incorrect because outright prohibition is unnecessary if consent can be obtained. Obtaining consent respects customer rights and ensures lawful data usage.

Correct Answer: B. Virus Explanation: The scenario describes a malicious program that attaches itself to a legitimate file, replicates, and spreads to other devices, which is characteristic of a virus (B). A virus requires user interaction, such as opening a file, to activate and propagate. Option A, Worm, spreads without user interaction and does not attach to other files. Option C, Trojan horse, disguises itself as legitimate software but does not self-replicate. Option D, Ransomware, encrypts files and demands payment but does not exhibit the self-replication and attachment behavior described.

Correct Answer: A Explanation: Passwords written down on paper are considered insecure (A) because they can be lost, stolen, or accessed by unauthorized individuals, even if stored in a desk. While encryption (B) enhances digital password storage security, it does not apply to physical notes. Writing down passwords (C) is not universally prohibited by compliance requirements, though it is discouraged. The act of writing down passwords (D) does not inherently affect their strength but compromises their confidentiality. Security awareness training should focus on educating employees about the risks of physical password exposure and promote alternatives like password managers.

Correct Answer: C) Investigate the alarm source by checking the area immediately and contacting other personnel Explanation: The most appropriate action (C) is for the guard to investigate the alarm source immediately and contact other personnel to assist with the response. This ensures that the situation is handled promptly and efficiently, while preventing the situation from escalating. Waiting for the system to reset (A) could delay a timely response, allowing the intrusion to continue unnoticed. Ignoring the alarm (B) would risk failing to address a potential security breach, while disabling the alarm (D) could compromise the system’s integrity and prevent real-time monitoring of a potential threat.

Correct Answer: B) Administrative control Explanation: Requiring employees to review and acknowledge security policies is an administrative control because it is a management-driven process aimed at ensuring employees understand and agree to follow security guidelines. (A) Physical controls relate to tangible measures such as locks or security cameras and do not involve employee policies. (C) Detective controls are designed to detect incidents after they occur, such as audit logs, but they do not proactively ensure employees are aware of security policies. (D) Corrective controls focus on responding to and correcting issues after a security incident, like restoring data from backups, but do not address ongoing policy compliance.

Correct Answer: C Explanation: The correct answer is (C) because denying the employee’s request to use their personal device ensures the organization maintains control over corporate data while providing an alternative with a corporate device. (A) is incorrect because allowing access to any corporate resources without the remote wipe agreement undermines security. (B) is incorrect because exempting an employee from the requirement creates inconsistencies and increases risk. (D) is incorrect because escalating to the legal team over a refusal to sign a standard agreement is unnecessary when a corporate-issued device is a viable alternative. Offering a corporate device ensures compliance with security policies while addressing the employee’s concerns.

Correct Answer: B) Firewalls Explanation: Firewalls are specifically designed to control the flow of network traffic based on predefined security rules. By inspecting incoming and outgoing traffic, they can block unauthorized access and allow legitimate communication. (A) Intrusion Detection Systems (IDS) detect potential threats but do not block or control traffic directly. (C) Anti-virus software protects against malicious files or malware, but it does not control network traffic. (D) Encryption is used to protect data confidentiality, not for controlling network access.

Correct Answer: A. Implement encrypted tunnels using IPsec for data transfers Explanation: Implementing encrypted tunnels using IPsec for data transfers (A) is the correct answer because IPsec provides secure encryption and integrity checks, ensuring that data remains confidential and tamper-proof during transfers between private and public clouds. Using public internet connections with firewalls (B) adds a layer of protection but lacks encryption, exposing data to potential interception. Enabling default logging features (C) enhances visibility but does not secure the data in transit. Configuring data transfers using FTP (D) is outdated and insecure, as FTP does not encrypt data. IPsec tunnels are critical for maintaining security in hybrid cloud data transfers.

Correct Answer: B Explanation: The correct answer is B because the primary concern in symmetric encryption is the security of the encryption key. If an attacker intercepts the messages and gains access to the key, all encrypted communications can be decrypted. Option A (A) is incorrect because no encryption algorithm is completely unbreakable, especially if the key is compromised. Option C (C) is incorrect as public keys are not involved in symmetric encryption. Option D (D) is incorrect because automatic key rotation does not eliminate the risk of key compromise; it only mitigates it by limiting the time a compromised key can be used.

Correct Answer: B) Backup generators with uninterruptible power supplies (UPS) Explanation: Backup generators and uninterruptible power supplies (UPS) (B) ensure that security systems, including access controls, continue to function during a power outage, preventing unauthorized access in the event of system downtime. Intruder alarms (A) and CCTV cameras (C) are useful for detecting and recording security breaches but would not function if power is lost unless supported by backup power. Fire doors (D) are important for fire safety but do not directly protect against unauthorized access during a power outage.

Correct Answer: A) Provide guards with constant access to security cameras and alarm systems Explanation: Providing guards with constant access to security cameras and alarm systems (A) is the most effective method, as it allows them to monitor activity in real-time, ensuring that they don’t miss important events. By integrating technology with human oversight, guards can respond more quickly to security threats. Having guards monitor multiple entrances (B) may spread them too thin and decrease their ability to effectively monitor each entrance. Relying solely on automated systems (C) reduces the human element, which is critical for interpreting complex security situations. Placing guards in high-traffic areas (D) may increase visibility but doesn’t ensure that they are aware of potential threats at less frequented access points.

Correct Answer: C) Risk tolerance The institution is setting boundaries on the amount of risk it is willing to accept. They are making a conscious decision to tolerate certain low-level threats but are not willing to accept higher risks that might cause major reputational or regulatory damage. This is the essence of risk tolerance. Option (A) would be incorrect because risk avoidance involves eliminating a risk completely, which is not the institution's approach here. Option (B) is incorrect because risk transference involves passing the risk to another party, which is not described in this scenario. Option (D) involves actively reducing risks, but the institution is not reducing all risks—they are deciding to tolerate some.

Correct Answer: B Explanation: The correct answer is B because overwriting the data with random values using a secure wipe tool ensures that the original data is no longer recoverable. This method adheres to secure data destruction standards. Option A (A) is incorrect because a factory reset may not overwrite all data, leaving traces that could be recovered. Option C (C) is incorrect because manually deleting files and reinstalling the operating system does not securely erase all data. Option D (D) is incorrect because transferring the data does not address the destruction of sensitive information on the original hardware, leaving it vulnerable to recovery.

Correct Answer: A. Install a dedicated cooling unit and implement proper cable management Explanation: Installing a dedicated cooling unit and implementing proper cable management (A) is the correct answer because these measures directly address both the lack of ventilation and airflow obstruction caused by disorganized cables. A dedicated cooling unit provides localized temperature control, while proper cable management ensures unobstructed airflow around equipment. Replacing existing servers with energy-efficient models (B) does not solve the immediate overheating issue caused by poor ventilation. Using shorter cables and keeping the closet door open (C) is an unprofessional approach that introduces security risks and does not provide adequate cooling. Increasing the cooling capacity of the building’s HVAC system (D) is inefficient for addressing the specific needs of a small, enclosed server closet. Dedicated cooling and cable management are the most targeted and effective solutions.

Correct Answer: B. Recovery procedures Explanation: The correct answer is B because recovery procedures include steps to restore critical systems within predefined objectives like the RTO. Option A is incorrect because a business impact analysis identifies critical processes and their dependencies but does not involve testing recovery. Option C is incorrect because risk mitigation strategies aim to reduce the likelihood or impact of risks but are separate from recovery testing. Option D is incorrect because incident response plans address immediate actions during an incident rather than the recovery of critical systems.

Correct Answer: B Explanation: The correct answer is (B) because the use of a secure file-sharing platform aligns with best practices for secure data handling, ensuring that sensitive data is protected against unauthorized access during transmission. (A) is incorrect because although encryption is an added layer of protection, email is not considered a secure medium for transmitting sensitive information. (C) is incorrect because internal transmission does not guarantee protection against potential compromise during email transit. (D) is incorrect because anonymizing data reduces sensitivity but does not guarantee full compliance with data handling policies, particularly if the transmission method remains insecure. Secure platforms ensure data integrity and confidentiality in adherence to best practices.

Correct Answer: B. Range checks Explanation: Range checks (B) are the appropriate validation method to ensure that transaction amounts fall within acceptable limits, preventing unexpected results and preserving data integrity. Option A (Input sanitization) removes malicious input but does not enforce logical boundaries for data. Option C (Output encoding) protects against output vulnerabilities, such as cross-site scripting, but does not validate input ranges. Option D (Error logging) records issues but does not prevent them. By implementing range checks, the system ensures that data remains logically consistent and adheres to predefined parameters, maintaining integrity.

Correct Answer: A. Review the escalation procedures outlined in the SLA with the MSP Explanation: Reviewing the escalation procedures outlined in the SLA with the MSP (A) is the correct answer because the SLA should include provisions for addressing failures in meeting security obligations, such as patch management. Replacing the firewalls (B) does not address the root issue of the MSP's non-compliance. Conducting a vulnerability scan (C) identifies risks but does not resolve the underlying problem of MSP accountability. Assigning an internal team to take over firewall management (D) might be an overreaction without first engaging the MSP to rectify the situation. The SLA provides a structured approach to addressing and resolving service delivery failures.

Correct Answer: B. Transport Layer Explanation: The correct answer is (B) because the Transport Layer (Layer 4) manages flow control, ensuring efficient data transfer by regulating the amount of data sent and received. Inefficient flow control mechanisms can result in delays or retransmissions, leading to latency. (A) Network Layer handles packet forwarding and routing, but it does not deal with flow control. (C) Session Layer manages the establishment, maintenance, and termination of communication sessions but does not control data flow. (D) Data Link Layer focuses on framing and error detection between directly connected devices and does not impact flow control in the context of large file transfers.

Correct Answer: B) Review the system’s configuration and adjust the sensitivity or settings to eliminate false positives Explanation: Reviewing the system’s configuration and adjusting the sensitivity or settings (B) is the best approach to resolving frequent false alarms. This allows the system to be fine-tuned for the environment, reducing the likelihood of false positives while still providing accurate alerts for genuine threats. Increasing the sensitivity (A) could make the system even more prone to false alarms, exacerbating the issue. Disabling the alarm system (C) during certain hours exposes the facility to potential threats and defeats the purpose of having an alarm system in place. Informing employees to avoid the area (D) does not address the underlying problem and creates unnecessary restrictions for staff.

Correct Answer: B. Identifying and containing the threat to minimize business impact. Explanation: The primary purpose of incident response is to effectively address and mitigate the impact of a security incident. Identifying and containing the threat (B) aligns with this goal, as it minimizes potential harm to the organization and allows recovery to commence efficiently. Option A (paying the ransom immediately) is a poor choice because it does not address the root cause, and it may encourage future attacks. Option C (suspending all network operations indefinitely) is overly disruptive and not aligned with restoring business continuity, a key purpose of incident response. Option D (publicly announcing the attack immediately) may have reputational impacts and is not part of the immediate purpose of incident response, which focuses on containment, eradication, and recovery.

Correct Answer: A. Threat identification Explanation: Identifying that a web server is vulnerable to SQL injection due to improper input validation is part of threat identification (A), which focuses on recognizing potential threats that could exploit vulnerabilities. Option B, Vulnerability assessment, involves evaluating weaknesses but does not specifically focus on the threats exploiting those vulnerabilities. Option C, Risk treatment, deals with selecting and implementing measures to mitigate identified risks, which comes after threat identification. Option D, Incident response, involves actions taken after a threat has materialized, which is beyond the scope of identifying threats.

Correct Answer: A) Set clear, measurable performance indicators for treated risks In the "monitoring and review" phase, it is essential to ensure that treated risks are continuously monitored for effectiveness. Setting clear and measurable performance indicators helps in assessing the success of the risk treatment plans and ensures that the mitigation actions are working as intended. Option (B) refers to allocating resources for risk treatment, which is part of an earlier phase, not the monitoring phase. Option (C) suggests focusing on new risks, but the monitoring phase also includes reviewing treated risks. Option (D) is incorrect because reducing monitoring frequency could lead to unnoticed failures in the risk treatment plans, which defeats the purpose of ongoing risk management.

Correct Answer: B. Implement hardware security tokens Explanation: Implementing hardware security tokens (B) mitigates the risk of phishing attacks by introducing a physical authentication factor, which attackers cannot easily steal through phishing. Option A (Use single sign-on) simplifies authentication but does not address credential theft. Option C (Conduct employee awareness training) reduces phishing success rates but does not eliminate the risk entirely. Option D (Enforce regular password changes) might limit the exposure of stolen credentials but does not prevent phishing attacks. Hardware security tokens effectively block unauthorized access by requiring possession of the token alongside the password.

Correct Answer: B Explanation: The correct answer is (B) because implementing a password history requirement prevents users from reusing their most recent passwords, thereby reducing the risk of attackers guessing reused or predictable credentials. (A) is incorrect because password history applies to a single account, not across multiple accounts. (C) is incorrect because password history does not directly enforce character type requirements, which are a separate aspect of the password policy. (D) is incorrect because password history does not directly encourage the use of passphrases; its main purpose is to mitigate password reuse within the same account. Password history improves overall security by ensuring password changes result in genuinely new and unique credentials.

Correct Answer: C. Clean agent fire suppression system Explanation: Clean agent fire suppression systems (C) are the correct answer because they use gaseous agents, such as FM-200 or Novec 1230, that effectively extinguish fires without causing damage to sensitive electronics or leaving a residue. These systems are designed for environments like data centers where water or residue-based suppression methods could harm equipment. Water sprinkler systems (A) are incorrect because water can damage electronic components and cause prolonged downtime. Dry chemical fire suppression systems (B) are also inappropriate as they leave a residue that can harm electronics and require extensive cleanup. Foam-based fire suppression systems (D) are generally used for liquid fires and are unsuitable for protecting data center equipment. Clean agent systems provide the most effective and least damaging solution for fire suppression in a data center.

Correct Answer: C. Software-Defined Networking (SDN) Explanation: Software-Defined Networking (SDN) (C) is the correct answer because it provides the flexibility to dynamically define and enforce fine-grained security policies at the workload level. SDN enables centralized control, allowing micro-segmentation to isolate workloads and control east-west traffic within a data center. Network Address Translation (NAT) (A) is incorrect because it is designed for IP address mapping and does not provide the granularity needed for workload-level segmentation. Virtual LANs (VLANs) (B) offer basic network segmentation but are not suitable for granular workload isolation. Firewall appliances (D) are often perimeter-focused and lack the flexibility to enforce micro-segmentation across dynamic environments. SDN is specifically designed to support micro-segmentation by enabling policy-based traffic control.

Correct Answer: A. Prioritization of critical assets Explanation: This scenario illustrates the prioritization of critical assets, a fundamental component of disaster recovery that ensures essential business functions are restored first to minimize operational impact (A). Risk analysis and assessment (B) involves identifying potential threats before an incident, not determining recovery priorities. Data restoration methods (C) pertain to techniques for recovering lost data but do not address the prioritization of functions. Incident notification procedures (D) focus on communication during an incident and are not related to prioritizing recovery efforts. Hence, A correctly identifies the component applied in this case.

Correct Answer: B. Alternate communication methods Explanation: The correct answer is B because specifying fallback communication methods directly addresses the need for alternate communication channels to maintain coordination during disruptions. Option A is incorrect because resource inventory refers to identifying and documenting resources, not methods of communication. Option C is incorrect because the escalation matrix focuses on the decision-making process and hierarchy, not communication methods. Option D is incorrect because data backup and recovery strategies focus on restoring information, not ensuring communication continuity.

Correct Answer: C) Evaluating both the likelihood and impact of each risk to determine priority In a risk assessment, both the likelihood of the risk occurring and its potential impact on the organization must be considered. This approach allows for the prioritization of risks based on their severity and probability, ensuring that the organization addresses the most critical threats first. Option (A) is incomplete because evaluating only likelihood without considering impact ignores the potential consequences of a risk. Option (B) focuses only on impact, which is important but does not provide a full picture. Option (D) ranks risks based on vulnerabilities, which could be misleading if it does not consider the broader context of risk impact and likelihood.

Correct Answer: A. Implement strict firewall rules to control traffic between the segmented network and the corporate network Explanation: Implementing strict firewall rules to control traffic between the segmented network and the corporate network (A) is the correct answer because it ensures that only authorized and necessary communication occurs, reducing the risk of attacks spreading between networks. Deploying IDS only on the corporate network (B) provides limited visibility and does not protect the embedded systems directly. Using shared credentials (C) weakens security by increasing the risk of credential compromise. Assigning static IP addresses without enabling VLANs (D) does not achieve proper segmentation. Firewalls with strict rules ensure controlled interaction between segmented and corporate networks, enhancing overall security.

Correct Answer: C. Host-based Intrusion Detection System (HIDS) Explanation: The solution described monitors log files, file integrity, and application activity on a specific server, which is a hallmark of a Host-based Intrusion Detection System (HIDS) (C). HIDS focuses on protecting individual devices by observing system-level activities. Option A, Network-based Intrusion Detection System (NIDS), monitors network traffic rather than specific host systems. Option B, Firewall, filters incoming and outgoing traffic but does not analyze file integrity or system logs. Option D, Antivirus software, detects and removes malicious files but does not perform comprehensive monitoring of application activity or file integrity.

Correct Answer: B Explanation: The correct answer is B because shredding the USB drives into small pieces physically destroys the storage media, making data recovery impossible. This is a recognized method for securely disposing of media. Option A (A) is incorrect because a quick format does not remove the underlying data, leaving it recoverable. Option C (C) is incorrect because deleting files does not securely erase the data, and simply storing the drives does not achieve destruction. Option D (D) is incorrect because encrypting the drives does not address the risk of physical recovery and does not constitute secure destruction.

Correct Answer: B. Stateful firewall Explanation: A stateful firewall (B) examines the state of network connections and determines if packets are part of an established connection, enabling it to make more informed decisions about traffic. Option A, Stateless firewall, evaluates packets in isolation without considering connection states. Option C, Application-layer firewall, focuses on filtering traffic based on application-specific protocols but does not inherently track connection states. Option D, Packet-filtering firewall, filters traffic based on predefined rules for individual packets but does not track the state of connections.

Correct Answer: B. Implement a firewall with strict rules between the segments Explanation: Implementing a firewall with strict rules between the segments (B) is the correct answer because it allows controlled communication by defining which traffic is permitted between the OT and IT networks while maintaining segmentation. Configuring a VPN (A) is incorrect because it focuses on securing remote access rather than controlling inter-segment traffic. Using NAT (C) is not suitable for segmentation as it changes IP addresses but does not enforce access control. Removing the segmentation (D) is a security risk and defeats the purpose of isolating the OT network. Firewalls with strict rules ensure secure and controlled communication between segmented networks.

Correct Answer: A. Threat identification Explanation: Recognizing that the organization's email system is being targeted by phishing emails constitutes threat identification (A), which is the process of pinpointing potential threats to the organization's systems. Option B, Risk prioritization, involves determining the order of addressing risks but does not involve recognizing specific threats. Option C, Impact analysis, evaluates the consequences of a realized threat but does not identify it. Option D, Security monitoring, involves continuous observation for suspicious activity and is broader than identifying specific threats like phishing.

Correct Answer: B. Discuss the issue with your colleague and encourage them to update the report. Explanation: The (ISC)² Code of Ethics emphasizes professional responsibility and fairness, which includes resolving conflicts through open communication first (B). Addressing the issue directly with the colleague allows them an opportunity to correct their mistake while maintaining team harmony. Option (A) disregards collaboration and could lead to trust issues. Option (C) violates ethical principles by knowingly submitting an inaccurate report. Option (D) is a last resort when direct resolution fails, making it less preferable than Option (B).

Correct Answer: C. Consistent use of security controls Explanation: Disabling antivirus software violates the principle of consistent use of security controls (C), as the user removed a critical layer of protection, allowing the Trojan to infect the system. Option A, Defense in depth, involves employing multiple layers of security, but disabling a key layer undermines this principle. Option B, Principle of least privilege, focuses on restricting user permissions, which is unrelated to antivirus use. Option D, Data encryption during transmission, pertains to protecting data in transit and is not applicable to this scenario.

Correct Answer: C. Possession factor Explanation: The possession factor (C) prevented unauthorized access in this scenario because the attacker did not have the employee’s smartphone to receive the one-time passcode. This highlights the effectiveness of MFA in requiring something the user physically possesses. Option A (Knowledge factor) refers to something the user knows, like a password, which was already compromised in this case. Option B (Inherence factor) pertains to something inherent to the user, like a fingerprint, which is not relevant here. Option D (Context-based factor) involves analyzing user behavior or location, which was not described in this scenario. By requiring a possession factor, MFA ensures that access is not granted solely based on a compromised password.

Correct Answer: A Explanation: The correct answer is A because an automated system ensures timely deletion of data after its retention period, reducing the risk of human error and ensuring compliance with policy. Option B (B) is incorrect because manual deletion is error-prone, time-consuming, and less reliable for ensuring compliance. Option C (C) is incorrect because retaining sensitive data in an archive, even if encrypted, violates the principle of timely deletion after the retention period. Option D (D) is incorrect because retaining expired data, even in restricted access, increases security risks and violates retention policies and regulatory requirements.

Correct Answer: B Explanation: Security awareness training should focus on educating employees to verify recipient information (B) to avoid accidental data sharing, which directly addresses the issue. Explaining technical configurations (A) might provide background but does not change behavior. Mandating manager approval for all sensitive emails (C) is impractical and could slow down workflows without addressing the root cause of human error. Blocking emails with sensitive data (D) is a technical solution that may hinder legitimate communication needs. Training employees to confirm recipient details empowers them to take personal responsibility for safeguarding data, aligning with the core purpose of awareness programs.

Correct Answer: B) Risk tolerance In this case, the organization is making a decision based on its ability to tolerate a certain level of risk, given the constraints of its budget. This is a direct example of risk tolerance, where the organization is willing to accept some risk rather than invest in expensive mitigation measures. Option (A) is incorrect because risk transference involves shifting the risk to another party, such as through insurance or outsourcing. Option (C) refers to actively reducing the likelihood or impact of the risk, which is not being done here. Option (D) involves eliminating the risk altogether, which is not the case in this scenario as the organization has chosen to accept the risk.

Correct Answer: B. Deny all, allow specific Explanation: The described configuration involves blocking all incoming traffic except for explicitly allowed ports, which aligns with the "deny all, allow specific" rule configuration (B). This approach is more secure as it minimizes the attack surface by restricting traffic to only essential services. Option A, "Allow all, deny specific," permits all traffic except for explicitly blocked ports, which is less restrictive. Option C, Stateful inspection, monitors the state of connections but does not inherently define the rule set. Option D, Proxy filtering, refers to the use of a proxy server to filter traffic, unrelated to the described rule configuration.

Correct Answer: B. It is a loopback address used for testing the local device. Explanation: The correct answer is (B) because "::1" is the IPv6 loopback address, equivalent to "127.0.0.1" in IPv4. It is used for testing and internal communication on the local device, verifying that the TCP/IP stack is functioning properly. (A) is incorrect because multicast addresses start with "FF::" and are used for group communication. (C) is incorrect because global unicast addresses begin with "2000::/3" and are routable on the internet. (D) is incorrect because link-local addresses start with "FE80::" and are used for communication on the local link.

Correct Answer: C Explanation: The correct answer is C because hashing passwords with a strong algorithm like bcrypt is the most secure method for password storage. Bcrypt is specifically designed for password hashing, incorporating salting and computational cost factors to prevent brute force attacks. Option A (A) is incorrect because symmetric encryption, while secure, requires managing keys, which introduces additional risks if the key is compromised. Option B (B) is incorrect because storing passwords in plaintext is a severe security vulnerability, making passwords accessible if the database is breached. Option D (D) is incorrect because Base64 encoding is not a secure mechanism for password protection, as it is easily reversible and does not involve cryptographic hashing.

Correct Answer: A. Enable the IaaS provider’s distributed denial-of-service (DDoS) protection service Explanation: Enabling the IaaS provider’s distributed denial-of-service (DDoS) protection service (A) is the correct answer because it leverages the provider’s built-in infrastructure to detect and mitigate DoS or DDoS attacks. Configuring static IP addresses (B) does not address DDoS risks and is unrelated to mitigating attack traffic. Using default credentials (C) increases vulnerabilities and does not secure administrative access. Placing virtual machines in a public-facing network (D) exposes them to unnecessary risks, increasing the likelihood of attack. DDoS protection services provided by the IaaS provider are specifically designed to handle such threats effectively.

Correct Answer: C. Firewall Explanation: A firewall (C) is the correct answer because it acts as a gatekeeper, inspecting incoming and outgoing traffic and applying security rules to block or allow traffic based on configured policies. It is designed specifically for filtering traffic and preventing unauthorized access to or from the network. An Intrusion Detection System (IDS) (A) is incorrect because it only monitors traffic and alerts administrators of suspicious activity but cannot actively block traffic. A router (B) is primarily for directing network traffic and lacks the granular security capabilities of a firewall. Network Access Control (NAC) (D) is used to enforce security policies for devices attempting to access the network but does not inspect or filter general traffic to and from the internet. The firewall’s role in securing the perimeter makes it the most suitable choice in this scenario.

Correct Answer: C Explanation: Using a centralized update management tool (C) ensures patches are monitored, tested, and deployed consistently, reducing the risk of missed updates or manual errors. Applying patches immediately upon release (A) may introduce untested updates, potentially destabilizing the application. Periodic vulnerability scans (B) are helpful but do not ensure timely application of critical patches. Relying on user feedback (D) is reactive and insufficient for addressing security vulnerabilities proactively. Centralized update management integrates updates into a controlled and repeatable process.

Correct Answer: C. It safeguards human lives and critical medical services Explanation: Disaster recovery in this scenario is critically important because it directly impacts the ability to safeguard human lives and maintain essential medical services (C). While compliance with regulations (A) is significant, it is secondary to the immediate goal of preserving life and services. Protecting sensitive data (B) is vital but is more relevant to data security measures than to disaster recovery. Reducing IT costs (D) is unrelated to the urgency of restoring critical systems to prevent loss of life. Thus, C best captures the importance of disaster recovery in this case.

Correct Answer: C. Potential for further exploitation by attackers Explanation: The creation of backdoors for remote access is a common secondary threat introduced by worms (C), allowing attackers to exploit the compromised devices for additional malicious activities, such as data exfiltration or installing other malware. Option A, Unauthorized physical access, relates to physical security and is unrelated to the described scenario. Option B, Increased system uptime, is incorrect as worms often degrade performance by consuming resources. Option D, Prevention of malware infections, contradicts the scenario, as worms contribute to system compromise and additional vulnerabilities.

Correct Answer: C. Three factors: something you know, something you are, and something you have Explanation: The setup described uses three distinct authentication factors: the PIN (something you know), the fingerprint scan (something you are), and the one-time passcode from the smartphone app (something you have), making C the correct answer. Option A (Two factors: something you know and something you are) is incorrect because it does not account for the possession factor. Option B (Two factors: something you know and something you have) omits the biometric factor. Option D (Three factors: something you are, something you know, and context-based authentication) mislabels the possession factor as context-based, which is not relevant here.

Correct Answer: A. 25 Explanation: The correct answer is (A) because port 25 is used by the Simple Mail Transfer Protocol (SMTP) for sending emails. Allowing traffic on this port ensures email communication can function properly. (B) is incorrect because port 110 is used by the Post Office Protocol (POP3) for retrieving email, not sending it. (C) is incorrect because port 143 is used by the Internet Message Access Protocol (IMAP) for accessing email on a server. (D) is incorrect because port 443 is used for secure web traffic (HTTPS) and is unrelated to email communication.