Free Practice Exam 4

Correct Answer: B. Inter-VLAN routing was improperly configured to allow unrestricted access Explanation: Inter-VLAN routing being improperly configured to allow unrestricted access (B) is the correct answer because it enables devices in one VLAN to access resources in another VLAN without proper restrictions, defeating the purpose of segmentation. VLAN tagging not being enabled on trunk ports (A) would prevent traffic from being properly identified and routed between switches but does not directly relate to unauthorized access. Disabling Spanning Tree Protocol (STP) (C) could cause network loops but does not affect VLAN access control. Assigning VLANs to different subnets (D) is a standard practice and not a configuration mistake. Properly configuring access control lists (ACLs) and firewall rules in the inter-VLAN routing setup is critical to maintaining VLAN isolation.

Correct Answer: B. Distributed Denial of Service (DDoS) attack Explanation: The scenario describes a situation where a server becomes unresponsive due to a high volume of traffic from multiple sources. This aligns with a Distributed Denial of Service (DDoS) attack (B), where attackers use numerous devices to overwhelm a server with traffic, disrupting its availability. Option A, Man-in-the-Middle (MITM) attack, involves intercepting communications between two parties without their knowledge, which does not match the described scenario. Option C, Phishing attack, typically involves tricking users into revealing sensitive information, which is unrelated to overwhelming traffic. Option D, Privilege escalation, involves exploiting vulnerabilities to gain higher access levels, which also does not align with the symptoms of server unavailability caused by traffic spikes.

Correct Answer: A. Multi-region load balancing with DNS failover Explanation: Multi-region load balancing with DNS failover (A) is the correct answer because it distributes traffic across multiple geographically dispersed data centers and redirects users to an available region in case of failure. This approach ensures high availability and minimal downtime. Network Address Translation (NAT) across subnets (B) is incorrect because it handles IP address mapping but does not address geographical redundancy. VLAN segmentation (C) improves internal network organization but does not ensure service continuity across locations. Backup servers with manual activation (D) involve human intervention, causing delays in failover. Multi-region load balancing with DNS failover provides automated and seamless geographical redundancy for uninterrupted service.

Correct Answer: B. Implement Quality of Service (QoS) to prioritize critical traffic. Explanation: The correct answer is (B) because Quality of Service (QoS) can prioritize critical business traffic, ensuring that essential applications receive bandwidth over less critical activities like video streaming. (A) Increasing bandwidth may provide a temporary fix but does not manage resource allocation effectively. (C) Blocking video streaming may be too restrictive and could impact legitimate uses. (D) Deploying a proxy server to cache content could reduce bandwidth usage for frequently accessed content but does not address prioritization of critical traffic during peak hours.

Correct Answer: B Explanation: The correct answer is B because using consistent and predefined labels ensures that all data is classified systematically, enabling easier compliance with data protection regulations and effective data handling. Option A (A) is incorrect because labeling only customer data neglects the importance of protecting sensitive internal data. Option C (C) is incorrect because arbitrary labeling leads to inconsistencies and makes compliance and enforcement difficult. Option D (D) is incorrect because labeling data only when shared externally fails to address internal data security requirements and may result in mismanagement of sensitive information.

Correct Answer: A. Review the escalation procedures outlined in the SLA with the MSP Explanation: Reviewing the escalation procedures outlined in the SLA with the MSP (A) is the correct answer because the SLA should include provisions for addressing failures in meeting security obligations, such as patch management. Replacing the firewalls (B) does not address the root issue of the MSP's non-compliance. Conducting a vulnerability scan (C) identifies risks but does not resolve the underlying problem of MSP accountability. Assigning an internal team to take over firewall management (D) might be an overreaction without first engaging the MSP to rectify the situation. The SLA provides a structured approach to addressing and resolving service delivery failures.

Correct Answer: B Explanation: The correct answer is B because in symmetric encryption, the same key is used for both encryption and decryption. The recipient must possess the symmetric key to decrypt the file. Option A (A) is incorrect as private keys are used in asymmetric encryption, not symmetric encryption. Option C (C) is incorrect because passwords are not typically used as encryption keys but may be used to derive keys in some systems, which is not applicable here. Option D (D) is incorrect because public keys are part of asymmetric encryption schemes and are not used in symmetric encryption.

Correct Answer: B) Turnstiles with automated entry Explanation: Turnstiles with automated entry are designed to ensure that only authorized personnel can pass through, providing a robust physical barrier. While security badges (A) and motion-sensitive lighting systems (D) offer security, they do not actively prevent unauthorized access as effectively. Security guards (C) can also provide security but depend on human vigilance and can be bypassed or ineffective, especially during off-hours.

Correct Answer: A. False positive; adjust the detection rules Explanation: Flagging legitimate encrypted communication as malicious is a false positive (A), where normal activity is incorrectly identified as a threat. Mitigating this issue involves adjusting detection rules to better differentiate between legitimate and malicious traffic. Option B, False negative, refers to failing to detect a threat, which is not the case here. Option C, System misconfiguration, incorrectly assumes the encryption protocols are at fault. Option D, Packet loss, refers to missing data during transmission and is unrelated to the described scenario.

Correct Answer: B. Behavioral authentication Explanation: Adaptive authentication using user behavior patterns primarily falls under behavioral authentication (B), as it evaluates actions such as location, device type, or typing speed. Option A (Static authentication) involves unchanging credentials, like passwords, and does not adapt to user behavior. Option C (Knowledge-based authentication) relies on information the user knows, such as security questions, which are unrelated to behavior. Option D (Biometric authentication) uses physical or physiological traits but does not involve analyzing user behavior. Behavioral authentication enhances security by identifying potential threats based on deviations from normal user patterns.

Correct Answer: C) Investigate the alarm source by checking the area immediately and contacting other personnel Explanation: The most appropriate action (C) is for the guard to investigate the alarm source immediately and contact other personnel to assist with the response. This ensures that the situation is handled promptly and efficiently, while preventing the situation from escalating. Waiting for the system to reset (A) could delay a timely response, allowing the intrusion to continue unnoticed. Ignoring the alarm (B) would risk failing to address a potential security breach, while disabling the alarm (D) could compromise the system’s integrity and prevent real-time monitoring of a potential threat.

Correct Answer: C. Network Layer Explanation: The correct answer is (C) because the Network Layer (Layer 3) is responsible for routing packets between devices and across networks, including external networks such as the internet. Troubleshooting at this layer may involve examining IP configurations, routing tables, or gateway settings. (A) Transport Layer deals with end-to-end communication, ensuring data integrity and sequencing, but it is not directly involved in routing issues. (B) Data Link Layer is responsible for local device-to-device communication and MAC addressing, so it does not handle routing. (D) Application Layer focuses on user interfaces and applications, and would not address the underlying routing problem.

Correct Answer: D) Immediately notify other security personnel and initiate the facility's response protocol Explanation: The most immediate action in the case of tailgating (D) is to notify other security personnel and activate the facility's response protocol. This ensures that appropriate steps are taken to address the security breach, such as reviewing surveillance footage or preventing further unauthorized access. Informing the person that they cannot enter (A) may be necessary but does not fully address the security risk. Verifying the identity of the tailgater (B) is important but should be done as part of a broader response, not as the first step in a tailgating incident. Physically blocking the person (C) could escalate the situation and create safety risks without proper backup from other personnel.

Correct Answer: A Explanation: Automated configuration scripts (A) enforce security settings consistently and efficiently during deployment, ensuring that all new servers adhere to hardening standards from the outset. Manual checks (B) are prone to human error, time-consuming, and lack scalability. Third-party monitoring software (C) is useful for detecting changes but does not enforce the initial configuration. Periodic audits (D) are reactive and may allow misconfigured systems to remain vulnerable for extended periods. Automation ensures repeatability, accuracy, and compliance with hardening policies at the time of deployment.

Correct Answer: A. Digital signatures Explanation: Digital signatures (A) are the most critical mechanism to ensure file integrity during transmission because they provide a way to verify both the origin and unaltered state of the files. Option B (Strong passwords) protects access but does not prevent file alteration during transmission. Option C (Network segmentation) reduces exposure but does not ensure file integrity if data is intercepted. Option D (File encryption) ensures confidentiality but does not detect tampering. Digital signatures confirm that a file has not been modified, making them essential for maintaining integrity.

Correct Answer: B. Enable two-factor authentication (2FA) Explanation: Enabling two-factor authentication (2FA) (B) is the most effective measure because it combines something the user knows (password) with something they have (e.g., a mobile app token) or are (biometric). This significantly reduces the risk of unauthorized access compared to passwords alone. Option A (Implement CAPTCHA challenges) prevents bots but does not enhance authentication for human users. Option C (Monitor user login activity) aids in detection but does not prevent unauthorized access. Option D (Enforce password complexity requirements) improves password security but does not protect against stolen credentials. 2FA adds a critical additional layer of security.

Correct Answer: B. Side-channel attack Explanation: The use of acoustic signals to deduce keystrokes is a form of side-channel attack (B), as it leverages unintended physical signals to extract sensitive information. Option A, Eavesdropping attack, involves listening to communications but does not involve analyzing physical signals like acoustic emissions. Option C, Keylogger attack, uses software or hardware to directly record keystrokes but does not infer them acoustically. Option D, DNS spoofing, redirects users to malicious websites by altering DNS data and is unrelated to analyzing acoustic signals.

Correct Answer: A) Provide guards with constant access to security cameras and alarm systems Explanation: Providing guards with constant access to security cameras and alarm systems (A) is the most effective method, as it allows them to monitor activity in real-time, ensuring that they don’t miss important events. By integrating technology with human oversight, guards can respond more quickly to security threats. Having guards monitor multiple entrances (B) may spread them too thin and decrease their ability to effectively monitor each entrance. Relying solely on automated systems (C) reduces the human element, which is critical for interpreting complex security situations. Placing guards in high-traffic areas (D) may increase visibility but doesn’t ensure that they are aware of potential threats at less frequented access points.

Correct Answer: B Explanation: The correct answer is B because comparing the hash values of a file before and after uploading is a direct application of hashing to verify data integrity. If the hash values match, it ensures that the file has not been altered during transit. Option A (A) is incorrect because encryption ensures confidentiality, not integrity, and does not detect tampering. Option C (C) is incorrect because signing a file with a private key is a feature of asymmetric encryption, not hashing, and focuses on authenticity rather than integrity. Option D (D) is incorrect because while a checksum can be used for verification, sharing it via email introduces potential risks of compromise or tampering, and it does not inherently leverage cryptographic hashing.

Correct Answer: B Explanation: The correct answer is (B) because requiring the employee to update their device and install the approved MDM application ensures compliance with the BYOD policy while allowing continued use of personal devices. (A) is incorrect because permitting limited access without addressing the security issue exposes the organization to potential risks. (C) is incorrect because revoking access without attempting remediation disrupts productivity unnecessarily. (D) is incorrect because replacing the personal device undermines the purpose of the BYOD policy. Updating the device and installing MDM safeguards corporate resources while respecting the BYOD framework.

Correct Answer: B Explanation: Deploying a centralized configuration management tool (B) is the most effective method to ensure system hardening and prevent unauthorized changes. These tools automate the enforcement of baseline configurations, detect deviations, and often include version control to track changes. Manual updates (A) are error-prone and inefficient, lacking enforcement capabilities to prevent future deviations. Periodic monitoring and manual correction (C) introduce delays in addressing misconfigurations, increasing the risk of exploitation. Relying on logs (D) is reactive and does not proactively prevent deviations from the baseline. Centralized tools provide proactive, scalable, and consistent configuration management.

Correct Answer: A Explanation: A robust patch management policy (A) that includes timelines for testing and deployment ensures compliance with regulations while minimizing operational risks. Automatically applying patches (B) without testing can lead to system instability, which is particularly critical in healthcare environments. Focusing only on internet-facing systems (C) neglects internal threats and lateral movement risks. Delaying patch deployment (D) until quarterly reviews increases the window of exposure to vulnerabilities. A structured policy balances regulatory compliance, security, and operational stability.

Correct Answer: B. Signature-based detection Explanation: The antivirus software identifies the malware using a known malware signature, which is characteristic of signature-based detection (B). This method compares files against a database of known threat signatures to identify malicious code. Option A, Heuristic-based detection, relies on analyzing the behavior or structure of files to detect unknown threats. Option C, Behavior-based detection, monitors the actions of programs rather than using predefined signatures. Option D, Anomaly-based detection, identifies deviations from normal activity but does not rely on known signatures.

Correct Answer: C. Remote Desktop Protocol (RDP); investigate unauthorized access attempts. Explanation: The correct answer is (C) because port 3389 is used by Remote Desktop Protocol (RDP), which enables remote access to systems. Unusual traffic on this port may indicate an attempt to exploit vulnerabilities or gain unauthorized access, so the analyst should review access logs, monitor for brute-force attempts, and ensure RDP is secured with multi-factor authentication. (A) is incorrect because SSH uses port 22, not 3389, and is unrelated to the scenario. (B) is incorrect because HTTP uses port 80, which is not associated with remote desktop access. (D) is incorrect because FTP uses ports 20 and 21, making it irrelevant to port 3389.

Correct Answer: B. Man-in-the-Middle (MITM) attack Explanation: The attack described involves SSL stripping, which downgrades HTTPS to HTTP, exposing sensitive information, a tactic used in Man-in-the-Middle (MITM) attacks (B). MITM attacks exploit vulnerabilities in secure communication protocols to intercept or manipulate data. Option A, SQL injection, targets database vulnerabilities and does not involve intercepting session data. Option C, Ransomware attack, encrypts files and demands payment, unrelated to secure session manipulation. Option D, Brute force attack, systematically guesses credentials but does not involve interception or protocol downgrading.

Correct Answer: C. It lacks a centralized mechanism to enforce consistent access policies. Explanation: DAC relies on resource owners to manage access, which can lead to inconsistencies and a lack of centralized oversight. (A) is incorrect because DAC generally supports flexible access, not restrictive policies. (B) is incorrect because the additional user was added by a legitimate user with granted permissions, which is allowed under DAC. (C) is correct as DAC’s decentralized nature can result in uncontrolled access extensions. (D) is incorrect as the original developer retains ownership but may lose track of how access is distributed.

Correct Answer: A. To improve staff readiness and refine recovery processes Explanation: The primary purpose of disaster recovery drills is to test the effectiveness of the recovery plan and ensure that staff are prepared to execute it when needed, as well as to identify and address weaknesses in the procedures (A). While regular drills can complement the need for external backup solutions, they do not eliminate it (B). Drills aim to prepare for incidents rather than reduce their likelihood (C), as prevention is the role of broader cybersecurity measures. Compliance with industry standards (D) may be a reason for conducting drills, but it is not the primary purpose. Therefore, A is the most suitable answer.

Correct Answer: C. Unicast communication across the internet. Explanation: The correct answer is (C) because the address 2001:0db8:85a3::8a2e:0370:7334 is an example of a Global Unicast Address, which is routable on the internet and is unique globally. (A) is incorrect because IPv6 does not have broadcast communication; it uses multicast instead. (B) is incorrect because the address is not restricted to local subnet communication, which would involve Link-Local addresses. (D) is incorrect because addresses reserved for internal testing are usually found in ranges like "::1" (loopback) or documentation prefixes like "2001:0db8::/32."

Correct Answer: D. Implement seismic bracing for racks and reinforce the building’s structure Explanation: Implementing seismic bracing for racks and reinforcing the building’s structure (D) is the correct answer because these measures directly mitigate the impact of earthquakes on both the data center’s infrastructure and equipment. Seismic bracing prevents racks from toppling during tremors, and structural reinforcement enhances the overall resilience of the facility. Using anti-vibration mounts and redundant power supplies (A) addresses vibrations and power stability but does not provide comprehensive earthquake protection. Installing seismic bracing and relocating equipment (B) is impractical as relocation is often infeasible for established data centers. Deploying reinforced racks and conducting drills (C) improves preparedness but does not address structural vulnerabilities. Seismic bracing and structural reinforcement are the most effective measures to protect the data center in earthquake-prone regions.

Correct Answer: B. Service-Level Agreement (SLA) Explanation: The Service-Level Agreement (SLA) (B) is the correct answer because it defines the agreed-upon response times and performance standards that the MSP is obligated to meet. If the MSP fails to adhere to these terms, the SLA provides the basis for addressing and resolving the issue. A Memorandum of Understanding (MOU) (A) outlines general cooperation terms but does not enforce performance obligations. A Data Processing Agreement (DPA) (C) governs how data is handled but does not cover operational performance. A Vendor Risk Assessment (D) evaluates risks prior to engagement but does not enforce service expectations. The SLA is the binding document that ensures accountability for response time commitments.

Correct Answer: A. 25 Explanation: The correct answer is (A) because port 25 is the default port used by Simple Mail Transfer Protocol (SMTP) for sending emails. If this port is blocked or misconfigured, the email application will be unable to send messages. (B) Port 143 is used by IMAP for accessing emails on a server, not for sending them. (C) Port 110 is used by POP3 for retrieving emails from a server, which is unrelated to sending emails. (D) Port 8080 is often used for alternative web services and is unrelated to SMTP.

Correct Answer: B Explanation: The correct answer is B because AES (Advanced Encryption Standard) is a symmetric encryption algorithm designed for speed and efficiency in encrypting large volumes of data. It is widely adopted due to its strong security and performance characteristics. Option A (A) is incorrect because RSA is an asymmetric encryption algorithm, not suitable for large data encryption due to its computational overhead. Option C (C) is incorrect as SHA-256 is not an encryption algorithm but a hashing function used for data integrity verification. Option D (D) is incorrect because Diffie-Hellman is a key exchange mechanism, not a symmetric encryption algorithm, and does not directly encrypt data.

Correct Answer: A. Implement multi-factor authentication Explanation: Multi-factor authentication (A) strengthens authentication by requiring additional factors, such as a PIN or a token, alongside biometrics. This ensures that even if biometric data is compromised, unauthorized access is still prevented. Option B (Use stronger encryption for biometric data) protects stored biometric data but does not address spoofing attacks directly. Option C (Conduct regular penetration testing) identifies vulnerabilities but does not actively mitigate the risk of fake fingerprints. Option D (Increase the threshold for fingerprint matching) may reduce false acceptances but risks higher false rejections, impacting usability. Multi-factor authentication provides a robust solution by layering multiple security measures.

Correct Answer: C) The system should be equipped with encryption to protect communication between the badge and reader Explanation: The primary defense against cloned RFID badges is encryption (C), which secures the communication between the badge and reader, preventing attackers from intercepting and replicating the badge's credentials. While having a photo on the badge (A) may deter casual impersonation, it does not prevent someone from using a cloned RFID badge. Programming the badge to work in specific locations (B) adds a layer of restriction but does not address the risk of cloned badges. Regular scanning (D) would help with monitoring, but encryption is a more direct countermeasure against cloning.

Correct Answer: B. Heuristic-based detection Explanation: The antivirus software uses heuristic-based detection (B) to identify potentially malicious files by analyzing suspicious characteristics in the file’s code, even without a matching signature. This approach is effective for detecting new or modified malware. Option A, Signature-based detection, relies solely on matching known signatures and cannot detect new threats. Option C, Sandboxing, involves running files in a controlled environment to observe their behavior, which is not described here. Option D, Network-based detection, pertains to analyzing network traffic rather than file characteristics.

Correct Answer: A Explanation: The correct answer is A because storing records in a cloud solution with strong access controls and periodic audits ensures security, accessibility, and compliance with retention requirements. Option B (B) is incorrect because local storage on individual department hard drives is not secure or easily manageable for retention compliance. Option C (C) is incorrect because storing encrypted records in a shared folder accessible to all employees violates the principle of least privilege and increases the risk of unauthorized access. Option D (D) is incorrect because using physical paper files creates challenges in secure storage, retrieval, and management, increasing the risk of non-compliance.

Correct Answer: A. Plan documentation and maintenance Explanation: The scenario describes the process of documenting recovery steps, including RTOs and RPOs, which is a key part of plan documentation and maintenance (A). This ensures the disaster recovery plan is detailed, actionable, and up-to-date. Risk mitigation strategies (B) are focused on reducing vulnerabilities before a disaster occurs, not documenting recovery steps. Incident escalation protocols (C) involve notifying the appropriate teams or authorities during an incident but are unrelated to documentation. Post-incident review (D) occurs after recovery to evaluate performance and is not about creating recovery documentation. Therefore, A is the correct answer.

Correct Answer: B. Use dual ISPs with Border Gateway Protocol (BGP) failover Explanation: Using dual ISPs with Border Gateway Protocol (BGP) failover (B) is the correct answer because BGP ensures seamless transition between internet service providers in case one fails, maintaining uninterrupted connectivity. A single ISP connection with a backup modem (A) is insufficient because it relies on the same ISP, offering no protection against ISP-wide outages. Implementing a software-defined networking (SDN) controller (C) enhances network management but does not inherently provide redundancy for internet connections. Relying on load balancing between routers (D) may improve traffic distribution but does not address ISP-level redundancy. Dual ISPs with BGP failover provide a robust and automated solution for ensuring continuous internet connectivity.

Correct Answer: A. Threat identification Explanation: Identifying that a web server is vulnerable to SQL injection due to improper input validation is part of threat identification (A), which focuses on recognizing potential threats that could exploit vulnerabilities. Option B, Vulnerability assessment, involves evaluating weaknesses but does not specifically focus on the threats exploiting those vulnerabilities. Option C, Risk treatment, deals with selecting and implementing measures to mitigate identified risks, which comes after threat identification. Option D, Incident response, involves actions taken after a threat has materialized, which is beyond the scope of identifying threats.

Correct Answer: B. It reduces the attack's impact on critical business operations. Explanation: The importance of incident response lies in reducing the impact of attacks on critical operations, as demonstrated by reallocating resources during a DDoS attack (B). This allows the organization to maintain functionality while resolving the issue. Option A (never experiencing downtime) is incorrect, as incident response minimizes downtime rather than eliminating it entirely. Option C (preventing repeat attacks) is not achievable through incident response alone, as attackers can evolve their methods. Option D (proving unbreakable security controls) misrepresents the purpose of incident response, which addresses breaches rather than showcasing invulnerability.

Correct Answer: A. Create a VLAN for embedded systems and route traffic through a firewall with specific allow rules Explanation: Creating a VLAN for embedded systems and routing traffic through a firewall with specific allow rules (A) is the correct answer because it isolates the systems and allows fine-grained control over communication, ensuring that only authorized internal devices can interact with them. Configuring port mirroring (B) is for monitoring traffic, not segmentation. Using static IP addresses and disabling routing (C) does not ensure proper control or enforce security policies. Placing embedded systems on the same network as monitoring devices (D) without additional controls does not prevent unauthorized access or communication. VLANs with firewalls provide both isolation and controlled access.

Correct Answer: B. Implement a firewall with strict rules between the segments Explanation: Implementing a firewall with strict rules between the segments (B) is the correct answer because it allows controlled communication by defining which traffic is permitted between the OT and IT networks while maintaining segmentation. Configuring a VPN (A) is incorrect because it focuses on securing remote access rather than controlling inter-segment traffic. Using NAT (C) is not suitable for segmentation as it changes IP addresses but does not enforce access control. Removing the segmentation (D) is a security risk and defeats the purpose of isolating the OT network. Firewalls with strict rules ensure secure and controlled communication between segmented networks.

Correct Answer: C. Roles and responsibilities Explanation: The correct answer is C because establishing an escalation process ensures that roles and responsibilities are clearly defined, which is essential during a crisis to avoid confusion and delays. Option A is incorrect because while communication protocols are important, they focus on how information is shared rather than who is responsible for decisions. Option B is incorrect because emergency response procedures focus on immediate actions during the onset of a crisis, not on decision-making hierarchies. Option D is incorrect because resource allocation plans deal with the distribution of assets and not the assignment of roles or responsibilities.

Correct Answer: A Explanation: Passwords written down on paper are considered insecure (A) because they can be lost, stolen, or accessed by unauthorized individuals, even if stored in a desk. While encryption (B) enhances digital password storage security, it does not apply to physical notes. Writing down passwords (C) is not universally prohibited by compliance requirements, though it is discouraged. The act of writing down passwords (D) does not inherently affect their strength but compromises their confidentiality. Security awareness training should focus on educating employees about the risks of physical password exposure and promote alternatives like password managers.

Correct Answer: C. Potential for further exploitation by attackers Explanation: The creation of backdoors for remote access is a common secondary threat introduced by worms (C), allowing attackers to exploit the compromised devices for additional malicious activities, such as data exfiltration or installing other malware. Option A, Unauthorized physical access, relates to physical security and is unrelated to the described scenario. Option B, Increased system uptime, is incorrect as worms often degrade performance by consuming resources. Option D, Prevention of malware infections, contradicts the scenario, as worms contribute to system compromise and additional vulnerabilities.

Correct Answer: B. Surge protector Explanation: A surge protector (B) is the correct answer because it prevents damage to sensitive devices by blocking or grounding excessive voltage during electrical surges or spikes. A Power Distribution Unit (PDU) (A) is incorrect because it only distributes power to multiple devices without providing protection against surges. An Uninterruptible Power Supply (UPS) (C) can condition power but is not primarily designed for surge protection. A backup generator (D) provides power during an outage but does not address the issue of electrical spikes or surges. Surge protectors are specifically designed to safeguard equipment from power fluctuations, making them essential for this scenario.

Correct Answer: B. Discretionary Access Control (DAC) Explanation: DAC gives resource owners control over permissions for their resources, allowing them to specify access levels for other users. (A) is incorrect because RBAC assigns permissions based on predefined roles, not individual discretion. (B) is correct as it aligns with the requirement for file owners to manage access to their own files. (C) is incorrect because MAC enforces access control through strict policies set by administrators, not resource owners. (D) is incorrect as ABAC determines access based on attributes like user roles or environmental factors, which is not described in the scenario.

Correct Answer: C. Clean agent fire suppression system Explanation: Clean agent fire suppression systems (C) are the correct answer because they use gaseous agents, such as FM-200 or Novec 1230, that effectively extinguish fires without causing damage to sensitive electronics or leaving a residue. These systems are designed for environments like data centers where water or residue-based suppression methods could harm equipment. Water sprinkler systems (A) are incorrect because water can damage electronic components and cause prolonged downtime. Dry chemical fire suppression systems (B) are also inappropriate as they leave a residue that can harm electronics and require extensive cleanup. Foam-based fire suppression systems (D) are generally used for liquid fires and are unsuitable for protecting data center equipment. Clean agent systems provide the most effective and least damaging solution for fire suppression in a data center.

Correct Answer: A) Risk mitigation Risk mitigation involves implementing controls or strategies to reduce the likelihood or impact of a risk. In this case, the company is using a workaround as a temporary solution to reduce the likelihood of the vulnerability being exploited. Option (B) is incorrect because risk acceptance would imply no action is taken. Option (C) refers to transferring the risk to another party (e.g., through insurance or outsourcing), which is not the case here. Option (D) refers to eliminating the risk entirely, which is not feasible in this scenario as the company has only implemented a temporary measure.

Correct Answer: D. Require a certificate authority (CA) to validate signatures Explanation: Requiring a certificate authority (CA) to validate signatures (D) strengthens non-repudiation by ensuring that the digital signatures are verified against a trusted source. Option A (Implement stronger encryption for transaction data) protects confidentiality but does not enhance non-repudiation. Option B (Enforce multi-factor authentication before signing) improves authentication but does not directly address disputes over the validity of a signature. Option C (Record the IP address and geolocation of the signer) aids in context but does not irrefutably link the customer to the transaction. A CA adds a layer of trust by verifying the authenticity of digital signatures, making it harder to deny their validity.

Correct Answer: B. Anomaly-based IDS Explanation: The IDS in this scenario detects deviations from normal network behavior, such as unusual traffic volumes or access patterns, which characterizes an anomaly-based IDS (B). This approach is effective for identifying previously unknown threats by flagging abnormal activities. Option A, Signature-based IDS, relies on predefined attack signatures and would not detect novel patterns. Option C, Host-based IDS (HIDS), monitors activity on specific devices rather than network-wide anomalies. Option D, Rule-based IDS, follows predefined rules to identify threats but does not involve baseline behavioral analysis.

Correct Answer: B. Configure the SaaS platform to restrict data downloads on untrusted devices Explanation: Configuring the SaaS platform to restrict data downloads on untrusted devices (B) is the correct answer because it prevents sensitive data from being stored on personal devices, reducing the risk of data leakage. Enforcing endpoint encryption (A) may not be feasible for personal devices and does not control data access. Requiring a VPN (C) secures the connection but does not address data leakage risks on personal devices. Disabling access outside office hours (D) may disrupt productivity and does not mitigate risks associated with personal device use. Restricting downloads on untrusted devices effectively minimizes the potential for data leakage in this scenario.

Correct Answer: B Explanation: The correct answer is B because encrypting data with TLS (Transport Layer Security) during transmission ensures confidentiality and protects it from interception. Securing endpoints further mitigates risks of unauthorized access. Option A (A) is incorrect because compression does not provide confidentiality, and FTP is not secure. Option C (C) is incorrect because plain text transfer, even with restricted network access, is vulnerable to interception. Option D (D) is incorrect because password-protected ZIP files transmitted over email are not secure, as email is susceptible to interception and passwords can be guessed or leaked.

Correct Answer: C. To minimize revenue losses during a peak business period Explanation: Disaster recovery is crucial in this scenario because it helps restore operations quickly, minimizing revenue losses during a critical business period like the holiday season (C). While customer data protection (A) is important, this scenario focuses on operational downtime rather than data loss. Legal obligations (B) may be relevant, but the primary concern here is financial loss due to downtime. Enhancing cybersecurity resilience (D) is a long-term objective but is not the direct focus of immediate disaster recovery efforts. Therefore, C accurately reflects the importance of disaster recovery in this context.

Correct Answer: B. Enforce network monitoring and anomaly detection for the IoT VLAN Explanation: Enforcing network monitoring and anomaly detection for the IoT VLAN (B) is the correct answer because it provides visibility into traffic patterns, helping to detect and respond to potential security incidents in the segmented network. Implementing endpoint protection software (A) is impractical for many IoT devices due to their limited processing capabilities. Configuring static routes (C) allows connectivity but does not enhance security. Enabling split tunneling (D) increases exposure by allowing some traffic to bypass secure channels. Monitoring and anomaly detection strengthen segmentation by providing proactive threat detection and response capabilities.

Correct Answer: B Explanation: The correct answer is B because overwriting the data with random values using a secure wipe tool ensures that the original data is no longer recoverable. This method adheres to secure data destruction standards. Option A (A) is incorrect because a factory reset may not overwrite all data, leaving traces that could be recovered. Option C (C) is incorrect because manually deleting files and reinstalling the operating system does not securely erase all data. Option D (D) is incorrect because transferring the data does not address the destruction of sensitive information on the original hardware, leaving it vulnerable to recovery.

Correct Answer: A. Install a dedicated cooling unit and implement proper cable management Explanation: Installing a dedicated cooling unit and implementing proper cable management (A) is the correct answer because these measures directly address both the lack of ventilation and airflow obstruction caused by disorganized cables. A dedicated cooling unit provides localized temperature control, while proper cable management ensures unobstructed airflow around equipment. Replacing existing servers with energy-efficient models (B) does not solve the immediate overheating issue caused by poor ventilation. Using shorter cables and keeping the closet door open (C) is an unprofessional approach that introduces security risks and does not provide adequate cooling. Increasing the cooling capacity of the building’s HVAC system (D) is inefficient for addressing the specific needs of a small, enclosed server closet. Dedicated cooling and cable management are the most targeted and effective solutions.

Correct Answer: B. Worm attack Explanation: The reduction in network traffic after patching an operating system vulnerability strongly suggests that a worm attack (B) was mitigated. Worms exploit vulnerabilities to spread and often generate significant network traffic due to their replication processes. Option A, Phishing, involves social engineering to trick users into providing sensitive information and does not involve traffic patterns caused by replication. Option C, SQL injection, targets database vulnerabilities rather than operating systems and does not involve spreading malware. Option D, Denial-of-service (DoS), aims to disrupt service availability but does not involve self-replicating behavior or vulnerability exploitation for propagation.

Correct Answer: A Explanation: The correct answer is (A) because "Summer2025!" contains a predictable pattern (a season and a year) that attackers can easily guess, even with added special characters. Replacing it with a passphrase like "MountainsAreBlue2025!" would increase unpredictability and overall strength. (B) is incorrect because the password already includes special characters, so lack of complexity is not the issue. (C) is incorrect because while longer passwords are generally better, the primary weakness here is the predictability, not the length. (D) is incorrect because the password already includes both uppercase and lowercase letters. Predictability, not technical complexity, is the main concern.

Correct Answer: D Explanation: The correct answer is (D) because implementing a password manager helps users securely store and retrieve complex passwords, reducing reliance on memory and improving compliance with strong password policies. (A) is incorrect because reducing complexity weakens security and does not align with best practices. (B) is incorrect because while MFA adds a layer of security, allowing less complex passwords introduces vulnerabilities. (C) is incorrect because increasing the expiration period without addressing the root cause (users forgetting passwords) does not solve the issue and might still lead to weak password practices. A password manager is the best solution for balancing security and usability.

Correct Answer: C Explanation: Establishing a change management process (C) ensures that baselines remain relevant and effective by incorporating updates to address new threats or organizational changes. Real-time monitoring (A) detects deviations but does not ensure baselines are updated to remain effective. Annual reviews (B) may identify misalignments but are too infrequent to address rapidly evolving threats. Training administrators (D) supports adherence but does not adapt the baselines themselves to changing security requirements. Change management is critical for maintaining the long-term effectiveness of baselines in dynamic environments.

Correct Answer: A. Use a write-once log storage system Explanation: Using a write-once log storage system (A) ensures that logs cannot be altered after being recorded, preserving their integrity. Option B (Implement role-based access control) limits access to logs but does not guarantee their immutability. Option C (Enable multi-factor authentication for log access) strengthens authentication but does not prevent tampering by authorized users. Option D (Conduct regular vulnerability scans) helps identify weaknesses but does not protect logs from modification. Write-once systems ensure that logs remain an unalterable source of truth, critical for investigating incidents.

Correct Answer: B. Difficulty in analyzing encrypted traffic Explanation: The scenario illustrates the limitation of an IDS in analyzing encrypted traffic (B), as it cannot inspect the contents of encrypted payloads to detect malicious behavior. Option A, Lack of anomaly detection capabilities, is irrelevant as the scenario does not specify an anomaly-based approach. Option C, Inability to monitor internal devices, is unrelated because the IDS is monitoring traffic entering and leaving the network. Option D, Over-reliance on endpoint logs, pertains to Host-based IDS (HIDS), not Network-based IDS (NIDS) as described.

Correct Answer: B) Administrative control Explanation: Requiring employees to review and acknowledge security policies is an administrative control because it is a management-driven process aimed at ensuring employees understand and agree to follow security guidelines. (A) Physical controls relate to tangible measures such as locks or security cameras and do not involve employee policies. (C) Detective controls are designed to detect incidents after they occur, such as audit logs, but they do not proactively ensure employees are aware of security policies. (D) Corrective controls focus on responding to and correcting issues after a security incident, like restoring data from backups, but do not address ongoing policy compliance.

Correct Answer: C) Background checks during hiring processes Explanation: Background checks are an administrative control because they focus on human resources processes and policies to evaluate employees' trustworthiness before they are hired, helping mitigate the risk of insider threats. (A) Encryption is a technical control that protects data confidentiality but does not address insider threats through personnel management. (B) Network segmentation is a technical control that limits access to sensitive systems, but it is not directly related to managing the risk from insiders. (D) An IPS is a technical control that detects and prevents malicious network activities but does not address the potential for insider threats through administrative measures.

Correct Answer: B. Stateless Address Autoconfiguration (SLAAC) Explanation: The correct answer is (B) because SLAAC allows IPv6 devices to automatically configure their addresses by deriving them from the network prefix advertised by routers and their unique interface identifier. (A) Stateful DHCPv6 is incorrect because it requires a DHCP server for address allocation, which contradicts the scenario. (C) Network Address Translation (NAT) is not used in IPv6 the way it is in IPv4, as IPv6 aims to provide enough address space to avoid address sharing. (D) IPv6 Multicast is used for group communication, not for address configuration.

Correct Answer: B. Implement multi-factor authentication (MFA) for privileged accounts Explanation: Implementing multi-factor authentication (MFA) for privileged accounts (B) is the correct answer because it provides an additional layer of security to protect these high-value targets, reducing the risk of unauthorized access. Deploying intrusion detection systems (IDS) (A) enhances monitoring but does not directly address the vulnerability of privileged accounts. Increasing encryption strength for stored data (C) improves data security but does not mitigate account-related risks. Conducting regular security awareness training (D) is important but does not address the specific vulnerability in privileged account access. MFA adds a critical layer of protection for privileged accounts, aligning with the defense-in-depth strategy.

Correct Answer: B. Providing access only to the tables containing customer contact information. Explanation: The principle of least privilege ensures that access is restricted to what is necessary for a user’s role. (A) is incorrect as full access exposes sensitive data beyond what the sales team needs. (B) is correct because it grants access solely to the required tables, adhering to the principle. (C) is incorrect because it includes unnecessary access to financial data, increasing the risk of misuse. (D) is incorrect as it over-restricts access, hindering productivity and not addressing the need securely.

Correct Answer: B. Review and update the standard based on current best practices Explanation: The correct answer is (B) Review and update the standard based on current best practices because standards must remain current to address evolving threats and technologies. Updating the encryption standard ensures it aligns with industry best practices and regulatory requirements. (A) is incorrect because relying on an outdated standard increases the risk of using insecure algorithms. (C) is incorrect because replacing the standard with a policy removes the specificity needed to guide technical implementations. (D) is incorrect because outsourcing does not absolve the organization from the responsibility of defining and maintaining a robust standard. Reviewing and updating the standard ensures ongoing compliance and security.

Correct Answer: B) Set up an automated alert system for when unauthorized personnel gain access Explanation: Setting up an automated alert system (B) is crucial for identifying and responding to incidents when unauthorized personnel gain access. This allows security to take immediate action, even if the physical access control system malfunctions. Manual checks (A) are resource-intensive and might not be practical at all entry points. Automatically logging unauthorized personnel (C) is useful, but it doesn’t provide the same level of immediate response as real-time alerts. Reprogramming the system (D) might not address the root cause of the malfunction, which could recur without other safeguards like alerts.

Correct Answer: B. Biometric access control with logging capabilities Explanation: Biometric access control with logging capabilities (B) is the correct answer because it provides a highly secure method of restricting access based on unique physical traits, such as fingerprints or retinal scans, and logs access attempts for monitoring and auditing purposes. Keypad access with a master override key (A) is incorrect because it is less secure due to the potential for PIN sharing or key theft. Surveillance cameras with motion detection (C) only record activity and do not prevent access, making them insufficient as a standalone solution. A keycard system and door alarms (D) add security but do not provide the same level of accountability and restriction as biometrics with logging. Biometrics effectively combine access control and monitoring, addressing both requirements comprehensively.

Correct Answer: C. Evaluate the business impact and consider risk-based exceptions Explanation: The correct answer is (C) Evaluate the business impact and consider risk-based exceptions because governance processes require balancing security with operational efficiency. The organization should assess the risks of granting an exemption versus the operational challenges posed by encryption, ensuring the decision aligns with the organization's risk tolerance and objectives. (A) is incorrect because modifying the policy without a thorough evaluation could introduce unacceptable risks. (B) is also incorrect because blindly enforcing the policy might hinder productivity and create resistance among stakeholders. (D) is incorrect because delegating the decision to the department manager could lead to inconsistent application of governance processes and undermine the organization’s overall policy framework. A risk-based evaluation ensures a measured and strategic decision.

Correct Answer: C Explanation: The correct answer is C because reviewing the content of each document and applying the appropriate labels ensures compliance with the data labeling policy and prevents mishandling of sensitive information. Option A (A) is incorrect because deleting documents without proper review risks losing important data. Option B (B) is incorrect because assigning a default label may lead to over-classification, which can cause inefficiencies or inconsistencies. Option D (D) is incorrect because assuming the documents are not sensitive and allowing unrestricted access could lead to exposure of sensitive data.

Correct Answer: B. Minimizing downtime by enabling alternative operational methods Explanation: The correct answer is B because training staff on manual systems directly supports the business continuity objective of minimizing operational downtime during a system failure. Option A is incorrect because this measure is not explicitly about regulatory compliance but about operational continuity. Option C is incorrect because it focuses on preventing cyberattacks, which is more related to cybersecurity rather than continuity. Option D is incorrect because reducing costs is not a primary focus of business continuity planning, which prioritizes resilience and operational capability.

Correct Answer: B) The system may have experienced technical issues, and the logs should be reviewed to identify the source of the problem Explanation: The most likely reason for gaps in the logs (B) is that the system may have experienced technical issues during that time, such as a malfunction in the access control devices or a failure in the log recording process. Reviewing the system for technical issues is necessary to identify and address the root cause. Intentionally disabling the system (A) would likely be recorded in the logs, and should not cause unexplained gaps unless it was not properly logged. The logs being deleted due to a configuration error (C) is a possibility, but gaps should first be reviewed for technical issues before assuming they were deleted. Gaps in the logs are unlikely to be intentional (D) unless there is evidence supporting this, and should always warrant further investigation.

Correct Answer: B. Transport Layer Explanation: The correct answer is (B) because the Transport Layer handles fragmentation and reassembly of data packets to ensure reliable transmission, particularly when large files are transmitted over networks with varying maximum transmission units (MTUs). (A) Application Layer handles application-specific protocols and does not manage fragmentation. (C) Internet Layer provides routing and addressing services but does not reassemble fragmented packets. (D) Network Interface Layer concerns the physical transmission of packets and does not deal with fragmentation and reassembly logic.

Correct Answer: B) Accepting low-impact risks without further action In the "risk treatment" phase, the organization determines how to respond to identified risks. One possible response is accepting risks that are deemed to have a low impact or low probability of occurring, as they pose minimal threat to the organization. Option (A) refers to risk documentation, which is typically part of the identification process, not treatment. Option (C) refers to mitigation, but the question specifically asks for an appropriate response for low-impact risks, which may not require active treatment. Option (D) refers to monitoring, which is part of the post-treatment phase and not directly related to treatment itself.

Correct Answer: B. To establish step-by-step instructions for patch implementation Explanation: The correct answer is (B) To establish step-by-step instructions for patch implementation because procedures are detailed, specific instructions that explain "how" to perform a task or achieve compliance with a policy, such as the steps for patch management in this scenario. (A) is incorrect because policies define the overarching rules and objectives but do not provide step-by-step details. (C) is incorrect because technical standards define measurable specifications, such as system requirements for patches, not the process itself. (D) is incorrect because best practices are typically categorized as guidelines, which are not mandatory or detailed enough to replace procedures. This question emphasizes the critical role procedures play in operationalizing governance requirements.

Correct Answer: C. False positive; refine detection thresholds Explanation: Blocking legitimate traffic due to overly strict rules is a false positive (C). This issue should be addressed by refining detection thresholds or adjusting rules to reduce the likelihood of legitimate activities being flagged as malicious. Option A, False negative, occurs when malicious traffic is not detected, which is not described here. Option B, Misconfiguration, is a broader term and does not specifically address the issue of false positives. Option D, Latency issue, does not relate to blocking legitimate traffic due to detection thresholds.

Correct Answer: B) Risk tolerance Risk tolerance refers to the level of risk an organization is willing to accept in pursuit of its objectives. In this case, the leadership is balancing the costs of security controls with the organization's overall goals, which is characteristic of establishing the organization’s risk tolerance. Option (A) refers to eliminating a risk entirely, which would likely involve higher costs than the approach described in the question. Option (C) is incorrect because risk acceptance involves consciously allowing certain risks to occur without taking mitigation actions, whereas here the goal is to balance risk exposure. Option (D) pertains to reducing risk, which involves taking active steps to decrease risk but does not directly address the acceptable level of risk the organization is willing to bear.

Correct Answer: B Explanation: Security awareness training should focus on educating employees to verify recipient information (B) to avoid accidental data sharing, which directly addresses the issue. Explaining technical configurations (A) might provide background but does not change behavior. Mandating manager approval for all sensitive emails (C) is impractical and could slow down workflows without addressing the root cause of human error. Blocking emails with sensitive data (D) is a technical solution that may hinder legitimate communication needs. Training employees to confirm recipient details empowers them to take personal responsibility for safeguarding data, aligning with the core purpose of awareness programs.

Correct Answer: C Explanation: The correct answer is (C) because restricting the device’s access to corporate resources minimizes the risk of further data exposure while ensuring the employee has an opportunity to bring the device into compliance. (A) is incorrect because merely notifying the employee does not mitigate the immediate risk posed by an unencrypted device. (B) is incorrect because locking the device remotely may disrupt legitimate use, and a forensic investigation should only occur if a breach is confirmed. (D) is incorrect because revoking BYOD privileges is a last resort and may not be necessary if the issue can be remediated. Restricting access provides a balanced and effective response.

Correct Answer: C. It limits potential harm to customers and preserves their trust. Explanation: The importance of incident response is underscored by its ability to protect customers and maintain trust during a security event. Limiting harm to customers and preserving their trust (C) demonstrates the value of an effective response. Option A (avoiding legal action) may be a benefit but is not the primary importance; the focus is on minimizing impact. Option B (ensuring no future phishing attempts succeed) is unrealistic since phishing attempts will likely persist despite mitigations. Option D (preventing breach reporting) is incorrect, as organizations may still need to report incidents depending on legal or regulatory requirements.

Correct Answer: A Explanation: A centralized patch management solution (A) ensures consistent tracking and deployment of patches across all systems, reducing the risk of human error and ensuring timely compliance. Manual application by administrators (B) is error-prone and inefficient, especially in large environments. Monitoring system logs (C) is a reactive approach and does not proactively enforce patch compliance. Relying on user reports (D) is an unreliable method, as users may not recognize or report issues. Centralized solutions streamline the patch management process, ensuring enterprise-wide coverage and reducing the risk of vulnerabilities.

Correct Answer: C. Inform the nurse that their role does not include access to billing information. Explanation: Role-based access control assigns permissions based on predefined roles, ensuring users have access only to resources needed for their job. (A) is incorrect because granting full access undermines RBAC principles and increases risk. (B) is incorrect as altering the role would interfere with the nurse's primary responsibilities. (C) is correct because the nurse's role does not include billing access, and this restriction is intentional for security. (D) is incorrect because temporarily assigning an unrelated role violates RBAC structure and risks improper access.

Correct Answer: B) Enhanced security through two-factor authentication Explanation: The primary advantage of combining RFID badges with PIN codes (B) is the enhancement of security through two-factor authentication. This ensures that even if an unauthorized person obtains a valid badge, they cannot gain access without also knowing the correct PIN. While increased convenience (A) may be a secondary benefit, the focus of this system is on security. Badge distribution costs (C) are likely to be higher when both a badge and PIN system are used. Reduced gate malfunctions (D) are not a direct benefit of using this two-factor system.

Correct Answer: A Explanation: The correct answer is A because an automated system ensures timely deletion of data after its retention period, reducing the risk of human error and ensuring compliance with policy. Option B (B) is incorrect because manual deletion is error-prone, time-consuming, and less reliable for ensuring compliance. Option C (C) is incorrect because retaining sensitive data in an archive, even if encrypted, violates the principle of timely deletion after the retention period. Option D (D) is incorrect because retaining expired data, even in restricted access, increases security risks and violates retention policies and regulatory requirements.

Correct Answer: B. Microsegmentation using software-defined networking (SDN) Explanation: Microsegmentation using software-defined networking (SDN) (B) is the correct answer because it provides fine-grained control over traffic between individual workloads or systems, reducing the risk of lateral movement by attackers. Subnetting (A) segments the network at a broader level but lacks the granularity needed for workload-level isolation. Demilitarized Zone (DMZ) segmentation (C) isolates public-facing services but does not address internal segmentation. Virtual Private Network (VPN) segmentation (D) secures traffic over external connections but does not provide internal traffic isolation. Microsegmentation offers the highest level of granularity and security for limiting lateral movement within the network.

Correct Answer: C. Possession factor Explanation: The possession factor (C) prevented unauthorized access in this scenario because the attacker did not have the employee’s smartphone to receive the one-time passcode. This highlights the effectiveness of MFA in requiring something the user physically possesses. Option A (Knowledge factor) refers to something the user knows, like a password, which was already compromised in this case. Option B (Inherence factor) pertains to something inherent to the user, like a fingerprint, which is not relevant here. Option D (Context-based factor) involves analyzing user behavior or location, which was not described in this scenario. By requiring a possession factor, MFA ensures that access is not granted solely based on a compromised password.

Correct Answer: C. Signature-based detection Explanation: The NIDS detects the malicious payload by matching it to a known pattern, which is the essence of signature-based detection (C). This method relies on predefined attack signatures to identify threats. Option A, Anomaly-based detection, focuses on deviations from normal traffic patterns but does not rely on predefined signatures. Option B, Behavior-based detection, examines actions rather than static signatures. Option D, Heuristic-based detection, evaluates traffic based on heuristics or rules but does not involve signature matching.

Correct Answer: B. DNS amplification attack Explanation: The use of multiple DNS servers to amplify traffic and consume bandwidth is a hallmark of a DNS amplification attack (B), where attackers exploit DNS servers to generate large volumes of traffic directed at the target. Option A, SYN flood attack, targets the TCP handshake process and does not involve DNS servers. Option C, UDP flood attack, overwhelms the target with large volumes of UDP packets but does not involve DNS amplification. Option D, HTTP flood attack, focuses on overwhelming web servers with HTTP requests but does not utilize DNS servers to amplify traffic.

Correct Answer: B Explanation: An increase in reports, even with false positives, indicates employees are engaged and applying their training (B) to identify potential threats. This shows progress in creating a culture of security awareness. Declaring the training ineffective (A) is incorrect because the increase in reports reflects active participation. While false positives may occur, they do not necessarily mean the training has failed (C); instead, it might require refinement to improve accuracy. Suggesting training should focus only on IT staff (D) contradicts the purpose of security awareness, which aims to empower all employees to recognize threats. Continuous improvement and feedback loops can address false positives.

Correct Answer: C. Configure inter-VLAN routing on a Layer 3 device Explanation: Configuring inter-VLAN routing on a Layer 3 device (C) is the correct answer because VLANs are isolated by design, and a Layer 3 device such as a router or a Layer 3 switch is required to route traffic between them. Assigning all VLANs to the same subnet (A) is incorrect because VLANs must be in separate subnets to maintain isolation. Enabling VLAN Trunking Protocol (VTP) (B) helps manage VLAN configurations across switches but does not facilitate inter-VLAN communication. Using port mirroring (D) is a diagnostic tool and does not allow communication between VLANs. Inter-VLAN routing ensures controlled and secure communication between segmented VLANs.

Correct Answer: B) Installing lighting around the perimeter to eliminate dark areas at night Explanation: Installing perimeter lighting (B) is a key strategy in environmental design to deter unauthorized access, as it eliminates dark areas that could be used for concealment. While hedges and bushes (A) might obscure views, they can also provide cover for intruders. Reflective surfaces (C) reduce visibility for external observers but do not actively deter unauthorized access. Decorative water features (D) may enhance the appearance of the facility but do not contribute to its security.

Correct Answer: C) Evaluating both the likelihood and impact of each risk to determine priority In a risk assessment, both the likelihood of the risk occurring and its potential impact on the organization must be considered. This approach allows for the prioritization of risks based on their severity and probability, ensuring that the organization addresses the most critical threats first. Option (A) is incomplete because evaluating only likelihood without considering impact ignores the potential consequences of a risk. Option (B) focuses only on impact, which is important but does not provide a full picture. Option (D) ranks risks based on vulnerabilities, which could be misleading if it does not consider the broader context of risk impact and likelihood.

Correct Answer: A. Application Layer Explanation: The correct answer is (A) because domain name resolution, such as DNS (Domain Name System), is managed at the Application Layer in the TCP/IP model. If domain names are not resolving correctly, the issue lies in the DNS configuration or server. (B) Transport Layer ensures reliable data transmission but does not handle domain name resolution. (C) Internet Layer deals with IP addressing but depends on the Application Layer to resolve domain names to IP addresses. (D) Network Interface Layer concerns physical and data link transmission and is unrelated to DNS or domain name resolution.

Correct Answer: B. Configuring application-level data retention and deletion policies Explanation: Configuring application-level data retention and deletion policies (B) is the correct answer because the company is responsible for how its application handles data to comply with regulations like GDPR. Ensuring the PaaS provider’s platform meets GDPR requirements (A) is part of the provider’s responsibility, but the company must manage compliance within their application. Monitoring the platform’s underlying infrastructure (C) is the provider’s responsibility in the PaaS model. Requesting the provider to encrypt data (D) may be part of compliance, but the application must also implement retention and deletion policies. Application-level policies are a critical aspect of GDPR compliance in the PaaS model.

Correct Answer: B Explanation: The correct answer is (B) because confirming compatibility with third-party plugins through vendor communication ensures that dependencies are accounted for, reducing the likelihood of conflicts. (A) is incorrect because while senior management approval is part of governance, it does not address technical compatibility issues. (C) is incorrect because analyzing the cost-benefit ratio is important for decision-making but does not resolve or identify compatibility problems. (D) is incorrect because reviewing logs after the update only identifies issues post-implementation and does not prevent downtime. Proactive communication with vendors ensures that all components work together seamlessly.

Correct Answer: C) Risk mitigation Risk mitigation involves taking actions to reduce the likelihood or impact of a risk. In this case, the company is implementing stronger data encryption, improving access control, and providing employee training to reduce the likelihood of a data breach and mitigate its potential impact. Option (A) is incorrect because risk avoidance would involve eliminating the risk, which is not being done here; the company is managing the risk. Option (B) is incorrect because risk transference involves shifting the risk to another party (such as through insurance), which the company is not doing. Option (D) is incorrect because risk acceptance would involve tolerating the risk without taking any action, which is not the company’s approach.

Correct Answer: C) Restrict vehicle access to prevent ramming attacks on the facility Explanation: Bollards (C) are primarily used to restrict vehicle access and prevent ramming attacks, which could damage the facility or pose a security risk. They are not designed to prevent unauthorized personnel on foot (A), as this would require additional barriers or guards. Enhancing aesthetic appeal (B) may be a secondary consideration but is not the primary function. Tailgating by employees (D) is an issue related to foot traffic and requires measures like turnstiles or mantraps, not bollards.