Sorry, you are out of time.
ISC2 CC Practice Exam 5
Take your exam preparation to the next level with fully simulated online practice tests designed to replicate the real exam experience. These exams feature realistic questions, timed conditions, and detailed explanations to help you assess your knowledge, identify weak areas, and build confidence before test day.
1. An e-commerce company uses a SaaS platform for customer relationship management (CRM). To ensure compliance with data protection regulations, what aspect should they verify with the SaaS provider?
Verifying data residency and regulatory compliance (B) with the SaaS provider ensures that the e-commerce company adheres to data protection regulations, such as GDPR, by understanding where data is stored and processed. The color scheme of the SaaS application (A) is irrelevant to compliance. Integration capabilities with social media (C) are useful but do not ensure compliance. Availability of mobile app support (D) is a convenience feature but does not address compliance.
2. During a security awareness training, employees are taught about the consequences of data breaches. How does understanding these consequences impact their behavior?
Understanding the consequences of data breaches motivates employees to be more vigilant and adhere to security policies (B), thereby reducing the likelihood of such incidents. Sharing more personal information (A) is contrary to security goals. Becoming less engaged with work (C) or disregarding non-security policies (D) are negative outcomes that are not the intent of security awareness training.
3. An organization needs to protect its proprietary research data from unauthorized access. What data classification level should be assigned to this type of data?
Proprietary research data should be classified as restricted (D), indicating that it is highly sensitive and access should be limited to only those with a legitimate need to know. Public (A) classification is for data intended for general public access and does not require protection. Internal (B) is for data that is not sensitive but not intended for public release. Confidential (C) is for data that requires protection but may not be as sensitive as restricted data.
4. Your organization’s password policy requires the use of multi-factor authentication (MFA) for accessing sensitive systems. What is the primary advantage of this policy in the context of password security?
The correct answer is B. Implementing MFA adds an extra layer of security by requiring users to provide a second form of authentication, such as a code from a mobile app or a fingerprint scan, in addition to the password. This reduces the risk of unauthorized access even if a password is compromised. Option A (It simplifies the password recovery process) is incorrect as MFA does not impact the password recovery process directly. Option C (It makes password management tools unnecessary) is not accurate, as password management tools are still useful for managing complex passwords. Option D (It eliminates the need for strong passwords) is incorrect because strong passwords are still necessary to protect against initial unauthorized access attempts.
5. A company emphasizes continuous security awareness training for all its staff. Which of the following best describes a key benefit of this approach?
Continuous security awareness training keeps security practices up-to-date and reinforces good habits (B), ensuring employees remain aware of evolving threats and best practices. While not all employees will become security experts (A), they will be more informed and vigilant. Bypassing security protocols (C) is not desirable, as it compromises security. A dedicated security team (D) is still essential for managing and responding to threats.
6. A software development team is building an application that requires secure file transfers over the internet. Which protocol should they implement to ensure files are transferred securely?
SFTP (B) stands for Secure File Transfer Protocol and operates over SSH to provide secure file transfer with encryption and secure authentication. This ensures that files are transferred securely over the internet. FTP (A) is an older file transfer protocol that does not provide secure data transfer unless combined with additional security measures. TFTP (C) is a simplified version of FTP that lacks security features, making it unsuitable for secure file transfers. HTTP (D) is used for web communication and does not inherently secure file transfers.
7. A user reports that their antivirus software is flagging a commonly used file as malicious, but the user is confident the file is safe. What is the best course of action to take?
The correct answer is C. Contact the antivirus vendor for further analysis. This approach ensures that the antivirus software is not flagging a legitimate file incorrectly and that if the file is indeed safe, it can be whitelisted in future updates. Option A (Add the file to the antivirus exclusion list) is risky without confirmation that the file is safe. Option B (Delete the file immediately) could disrupt the user’s work if the file is legitimate and necessary. Option D (Disable the antivirus) is unsafe as it exposes the system to potential threats.
8. A company needs to ensure that data labeling is applied consistently across all departments. What is a critical step in achieving this goal?
Implementing a centralized data labeling policy (B) is critical to ensure that data labeling is applied consistently across all departments, providing uniform guidelines for labeling data according to its sensitivity and handling requirements. Allowing each department to create its own labeling standards (A) can lead to inconsistencies and confusion. Labeling only the data that is stored digitally (C) neglects physical data and could lead to gaps in data security. Providing labels based on employee preference (D) is subjective and does not ensure consistency or adherence to security requirements.
9. An organization has implemented a Bring Your Own Device (BYOD) policy that requires employees to install a mobile device management (MDM) application on their personal devices. What is the primary purpose of this requirement?
The correct answer is C. Installing an MDM application on personal devices allows the organization to enforce security policies, such as data encryption and remote wipe capabilities, ensuring that company data on personal devices is protected and can be managed securely. Option A (To ensure employees can access company resources remotely) is a benefit but not the primary purpose, which is security. Option B (To monitor employee productivity during work hours) is not related to the purpose of an MDM. Option D (To facilitate easier communication between employees) may be a secondary benefit but is not the main reason for implementing MDM.
10. A company's security team detects an unusual increase in network traffic to an external server that does not correspond to any known business operations. The external server is flagged for potential malicious activity. What type of threat should the security team prioritize investigating?
The correct answer is B. Command and Control (C2) Communication. The scenario describes an increase in network traffic to an external server, which is a key indicator of C2 communication where compromised systems communicate with an attacker-controlled server to receive instructions or exfiltrate data. Option A (Distributed Denial of Service) is incorrect because DDoS attacks involve overwhelming a target with traffic to disrupt services, not traffic to a specific external server. Option C (Phishing Attempt) is incorrect because phishing involves deceptive attempts to acquire sensitive information, not unusual traffic patterns. Option D (Cross-Site Scripting) is incorrect as XSS involves injecting malicious scripts into web pages to execute on the client-side, not external server communication.
11. A tech company wants to ensure that its network remains operational even if a major component fails. What network redundancy feature should they implement?
Implementing active-passive failover for critical devices (D) ensures that if the primary device fails, the secondary device takes over, maintaining network operations. Single Point of Failure (SPOF) mitigation (A) involves identifying and eliminating SPOFs but does not specify a redundancy method. Network segmentation (B) improves security and performance but does not provide redundancy. Spanning Tree Protocol (STP) (C) helps prevent network loops and ensures redundancy in Layer 2 networks but is not as comprehensive as active-passive failover for critical devices.
12. After connecting a USB drive to their workstation, an employee notices that many of their files have been corrupted and the system performance has significantly degraded. Upon investigation, the IT team discovers that a piece of malware from the USB drive has infected the system. Which type of threat is most likely responsible?
The correct answer is B. Virus. This scenario describes a situation where a virus on a USB drive infects the workstation, corrupting files and degrading system performance. Viruses often spread through infected media like USB drives and can cause significant damage to files and system performance. Option A (Spyware) is incorrect because spyware collects information from the user’s system and does not typically corrupt files or degrade system performance. Option C (Keylogger) is incorrect because keyloggers record keystrokes and do not infect files or degrade system performance in the described manner. Option D (Botnet) is incorrect as a botnet is a collection of compromised computers controlled by an attacker, and while they can be used to spread malware, the specific symptoms described are more indicative of a virus infection.
13. A university is setting up an online portal for students and staff, which must be accessible over the internet. To ensure that the internal academic and administrative networks are secure, what should they implement?
Placing the online portal in a DMZ and restricting access to internal networks (A) provides secure internet accessibility while protecting internal academic and administrative networks from potential security threats. Placing the portal in the internal network with static IP addresses (B), on a VLAN shared with internal servers (C), or on the same network as administrative systems (D) would expose internal networks to potential risks.
14. A large corporation relies on security guards to control physical access to its buildings. To ensure effective access control, guards are required to check badges and verify identities. What additional measure can enhance the security provided by the guards?
Implementing random spot checks and audits of access logs helps ensure that the procedures for checking badges and verifying identities are consistently followed, thereby enhancing security (B). Installing automated gates (A) removes the human element, which can be crucial for recognizing unusual behavior. Allowing guards to admit frequent visitors without checks (C) weakens security. Using a sign-in sheet (D) provides a record but does not ensure that verification procedures are followed.
15. A network engineer needs to route traffic between different subnets in a large organization. Which IPv4 feature should be configured to facilitate this routing?
IP forwarding (C) is a feature that enables a router to route traffic between different subnets, allowing devices in one subnet to communicate with devices in another. This feature is crucial for network interconnectivity in large organizations with multiple subnets. Subnetting (A) divides a network into smaller segments but does not handle the routing between them. NAT (B) translates private IP addresses to a public IP address for internet access, not routing between internal subnets. DHCP (D) assigns IP addresses dynamically but does not facilitate routing between subnets.
16. An IPS is configured to block traffic based on specific attack signatures. What is the primary limitation of using signature-based detection in an IPS?
The correct answer is B. It cannot detect unknown or zero-day attacks. Signature-based detection relies on predefined signatures of known threats, so it cannot identify new or unknown threats that do not match existing signatures. Option A (It generates too many false positives) is a potential issue but not the primary limitation of signature-based detection. Option C (It increases network bandwidth usage) is incorrect as signature-based detection typically does not significantly impact bandwidth. Option D (It requires frequent reboots to update signatures) is incorrect as most modern IPS systems can update signatures without requiring a reboot.
17. A security team needs to apply a critical security patch to all systems to protect against a recently discovered vulnerability. What is the most effective method to deploy this patch quickly across a large network?
The correct answer is B. Using a patch management tool allows for the rapid and automated distribution of the patch across all systems, ensuring that the vulnerability is addressed promptly and uniformly. Option A (Roll out the patch during the next scheduled maintenance) may delay the application of the critical patch, leaving systems vulnerable. Option C (Wait until the next quarterly update cycle) is too slow for addressing urgent security threats. Option D (Send an email) relies on user compliance, which can be inconsistent and inefficient for critical updates.
18. A software developer needs to ensure that the software package they distribute has not been tampered with. Which feature of asymmetric encryption can be used to verify the integrity and authenticity of the software package?
Signing the package with a private key (B) ensures that the integrity and authenticity of the software package can be verified by anyone with the corresponding public key, as only the holder of the private key could have signed it. Encrypting the package with a private key (A) is incorrect because private key encryption is used primarily for authentication, not for data protection. Encrypting with a public key (C) allows anyone to encrypt the package, but only the holder of the private key can decrypt it, which does not verify integrity. Hashing with a public key (D) is not applicable, as hashing is a different process not related to key use in encryption.
19. A healthcare facility requires a reliable power supply for its on-premises network to support critical medical equipment. Which solution ensures that the network equipment continues to operate during extended power outages?
A gas-powered generator (B) provides a long-term power supply during extended outages, ensuring that critical equipment can continue to operate for as long as fuel is available. A UPS with a 15-minute battery life (A) is suitable for short-term outages but not for extended periods. A surge protector (C) only protects against voltage spikes and does not provide backup power. A power inverter with solar panels (D) may provide supplemental power but is not typically sufficient for the continuous operation of critical equipment during prolonged outages.
20. A healthcare organization wants to enhance its network security by implementing a defense-in-depth strategy. Which approach best demonstrates this concept by incorporating multiple layers of security measures?
Implementing firewalls, intrusion detection systems, endpoint protection, and regular employee training (C) represents a defense-in-depth strategy by providing multiple layers of security measures to protect against various types of threats. Installing a single, high-end firewall (A) focuses only on perimeter security and lacks depth. Using antivirus software and security awareness training (B) is part of the strategy but not comprehensive. Configuring all servers to use a common default password (D) reduces security and increases vulnerability.
21. An employee downloads what appears to be a legitimate software update for a commonly used application from an unfamiliar website. After installation, the software collects sensitive data from the system and transmits it to an unknown external server. What type of malware is responsible for this activity?
The correct answer is C. Trojan Horse. This scenario describes a situation where seemingly legitimate software collects and transmits sensitive data after installation, which is characteristic of a Trojan Horse. Trojans disguise themselves as legitimate applications to trick users into installing them, allowing the malware to perform unauthorized actions, such as data exfiltration. Option A (Worm) is incorrect because worms are self-replicating and spread across networks without disguising themselves as legitimate software. Option B (Virus) is incorrect because viruses attach to legitimate files and require user action to spread, but they do not typically disguise themselves as software updates. Option D (Adware) is incorrect because adware primarily aims to display unwanted advertisements rather than steal data or disguise itself as legitimate software.
22. A security manager is responsible for ensuring all servers are up-to-date with the latest security patches. What is the best practice to follow to maintain compliance with this requirement?
The correct answer is A. Using a centralized patch management system automates the update process, ensuring that all servers receive timely patches, reducing the risk of missing critical updates and maintaining compliance efficiently. Option B (Manually check each server) is time-consuming and prone to errors. Option C (Apply patches only for new vulnerabilities) may delay updates for other important issues. Option D (Rely on default update settings) does not ensure that the updates are applied in a controlled and timely manner.
23. An organization’s change management policy requires that changes be tested in a non-production environment before deployment. What is the main benefit of this practice?
The correct answer is B. Testing changes in a non-production environment ensures that they function correctly and do not disrupt live operations, which helps prevent downtime and service interruptions. Option A (To ensure that changes are completed during regular business hours) is not the main benefit, as testing can occur at any time. Option C (To reduce the costs associated with deploying changes) is not directly related to testing in a non-production environment. Option D (To provide a training environment for new employees) is not relevant to the primary goal of ensuring the changes are safe and effective.
24. A retail company is moving its e-commerce platform to a cloud provider and needs to ensure that performance metrics are clearly defined and enforced. Which element of the Cloud Service-Level Agreement (SLA) should they focus on?
Application performance metrics (A) in the Cloud Service-Level Agreement (SLA) define the expected performance levels of the e-commerce platform, such as response time and throughput, which are crucial for maintaining a satisfactory user experience. Contract renewal terms (B) relate to the continuation of service agreements but not to performance. Data storage capacity (C) is about the volume of data that can be stored, not performance. The service decommissioning process (D) covers the removal of services, which is unrelated to ongoing performance metrics.
25. A company handles various types of data, including financial records, customer information, and internal memos. How should they classify these data types to ensure appropriate security measures are applied?
Data should be classified based on sensitivity and impact if compromised (B) to ensure that appropriate security measures are applied according to the risk associated with each data type. Classifying all data as public (A) would expose sensitive information to unnecessary risks. Classifying data according to its size (C) does not address the security needs based on data sensitivity. Classifying data only after a security breach (D) is reactive and does not provide proactive protection.
26. A company is planning to enhance its physical security through environmental design. Which strategy is most appropriate for reducing the risk of unauthorized access and ensuring the safety of the facility?
A single, monitored entrance point with controlled access helps to centralize security efforts, making it easier to manage and monitor who enters and exits the facility, significantly reducing the risk of unauthorized access (A). Camouflaging colors (B) do not affect access control. Mirrors (C) are useful for internal surveillance but do not address entry points. Unrestricted access during daytime hours (D) compromises security by allowing unauthorized individuals to enter.
27. An administrator is tasked with securing a new server deployment. Which configuration management process should be implemented to ensure that security settings remain consistent across all servers?
The correct answer is B. Applying standard security templates through automated deployment scripts ensures that all servers are configured consistently according to predefined security policies. This helps in maintaining uniformity and compliance. Option A (Use a centralized logging system) is crucial for monitoring but does not enforce configurations. Option C (Set up network-based firewalls) protects servers but does not ensure configuration consistency. Option D (Enable antivirus software) is necessary for malware protection but does not address the consistency of configuration settings.
28. A financial institution discovers unauthorized transactions in their systems. Upon investigation, they find that a piece of malware posing as a security tool was installed on several computers. This malware enabled attackers to remotely control the infected systems and conduct fraudulent activities. What type of malware is this?
The correct answer is C. Trojan Horse. This scenario describes malware that poses as a security tool and allows remote control over the infected systems, enabling unauthorized transactions, which is typical of a Trojan Horse. Trojans often disguise themselves as helpful software to gain trust and subsequently allow unauthorized access or control. Option A (Ransomware) is incorrect because ransomware encrypts files and demands payment for decryption, rather than allowing remote control of systems. Option B (Spyware) is incorrect because spyware gathers information secretly without providing remote access to the system. Option D (Keylogger) is incorrect because keyloggers record keystrokes but do not enable remote control or disguise themselves as legitimate security tools.
29. In a company using DAC, a file owner has granted specific access permissions to a file. During a security audit, it was discovered that multiple users have access to this file, including some who should not. What is the likely cause of this issue?
Option A is correct because, under DAC, the file owner is responsible for assigning permissions, and it is likely that the owner mistakenly granted access to the wrong users. This highlights a potential risk of DAC, where the owner's decisions can lead to unintended access. Option B (B) is incorrect as DAC allows for specific access control and does not default to all users. Option C (C) suggests a security breach which is less likely in this context without further evidence. Option D (D) is incorrect because DAC specifically allows owners to control access permissions.
30. A company wants to implement a secure email communication system where only the intended recipient can read the message. Which characteristic of asymmetric encryption makes it suitable for this purpose?
Asymmetric encryption (B) allows key exchange through insecure channels by using a public key for encryption and a private key for decryption, ensuring that only the intended recipient, who possesses the private key, can decrypt the message. Using the same key for encryption and decryption (A) describes symmetric encryption, which is less secure for key exchange over insecure channels. Asymmetric encryption generally has slower encryption and decryption speeds (C) due to its complex algorithms. While key management may involve third parties (D), it is not a necessity and is more relevant to managing public key infrastructures (PKI).
31. A company’s security policy requires employees to change their passwords every three months. During security awareness training, what reason is given for this policy?
The primary reason for periodic password changes is to mitigate the risk of long-term password compromise (B). Over time, passwords can be exposed through breaches, phishing, or other means, so regular changes reduce this risk. Making passwords easier to remember (A) and managing them for the IT department (C) are not the goals of this policy. While government regulations (D) may influence password policies, the key reason for frequent changes is to enhance security.
32. In designing a secure facility, which environmental design feature is essential to prevent unauthorized access while ensuring effective surveillance?
Clear sightlines and minimal obstructions allow for effective surveillance and monitoring, making it easier to detect and prevent unauthorized access to the facility (A). Opaque materials for walls (B) block visibility and hinder surveillance. Ground-level windows (C) increase security risks by providing easy access points. Decorative elements like statues (D) do not contribute to security and can obstruct sightlines.
33. A company experiences a sudden increase in network traffic and system crashes. Upon inspection, it is found that an employee downloaded and ran a game from an untrusted source. The game file was actually a program that replicated itself and spread to other systems on the network, attaching to various executable files. What type of malware is described in this scenario?
The correct answer is C. Virus. This scenario describes malware that attaches itself to executable files and spreads to other systems on the network, which is characteristic of a virus. Viruses typically replicate and spread by attaching to other files or programs. Option A (Trojan Horse) is incorrect because a Trojan Horse disguises itself as legitimate software to deceive users, and it does not replicate itself by attaching to other files. Option B (Worm) is incorrect as worms are self-replicating and spread across networks without needing to attach to other files. Option D (Ransomware) is incorrect because ransomware encrypts files and demands payment for decryption, which does not involve attaching to other files or programs to spread.
34. A financial services firm is implementing a VLAN configuration to separate sensitive financial data from regular employee traffic. What primary benefit does using VLANs provide in this scenario?
VLANs provide enhanced security by logically segmenting network traffic (B), preventing unauthorized access to sensitive data and controlling broadcast domains within the same physical network. Increased network speed (A) is not a primary benefit of VLANs; they might improve performance by reducing broadcast traffic, but the main advantage is security segmentation. Simplified network topology (C) is not a direct result of VLAN implementation, as VLANs add complexity in terms of configuration. Cost reduction (D) is also not a primary benefit, as the focus of VLANs is on logical separation and security, not necessarily on reducing costs.
35. A company’s data center is experiencing frequent overheating, which is affecting network equipment performance. To improve the situation, which HVAC strategy should they implement?
Using hot aisle/cold aisle containment (C) improves the efficiency of cooling systems by separating hot and cold air streams, which prevents mixing and ensures that cold air reaches the front of the servers while hot air is expelled. Installing additional portable fans (A) might provide some temporary relief but does not address the root cause of inefficient cooling. Increasing the temperature setpoint (B) would exacerbate overheating issues. Installing more power outlets (D) does not address cooling problems.
36. An organization uses discretionary access control (DAC) for file sharing within a team. Alice, a team member, wants to share a confidential project document with only one colleague. How should Alice configure the access permissions to comply with DAC principles?
Option B is correct as it adheres to the DAC principle by allowing Alice, the owner of the document, to specify the colleague who should have read access. This approach ensures that access is granted only to the intended individual, maintaining control over the document's permissions. Option A (A) violates the principle by allowing unnecessary access to all team members, increasing the risk of unauthorized access. Option C (C) removes Alice's control and grants too much access to the colleague. Option D (D) does not utilize DAC and could lead to potential password sharing, compromising document security.
37. A company is setting up a web server that needs to be accessible over the internet. Which TCP/IP layer should the network administrator configure to ensure the server has a valid IP address and is reachable by clients?
The Internet layer (C) of the TCP/IP model is responsible for logical addressing and routing of packets. Configuring a valid IP address for the server ensures it is uniquely identifiable and reachable by clients over the internet. The Application layer (A) is responsible for application-specific protocols like HTTP or HTTPS for web servers but does not handle IP addressing. The Transport layer (B) manages data transfer and provides services such as TCP and UDP, ensuring data integrity but not IP addressing. The Network Interface layer (D) deals with physical connections and MAC addressing, which are essential for local network communication but not for assigning IP addresses.
38. A healthcare organization needs to ensure that sensitive patient data is protected from unauthorized access within their network. Which network segmentation strategy should they implement to achieve this?
Segmenting the network by using Virtual Local Area Networks (VLANs) for different departments (A) isolates sensitive patient data within the healthcare organization's network, preventing unauthorized access and improving security. Using a single flat network (B) does not provide any segmentation or isolation, leading to potential security risks. Deploying a single firewall (C) monitors traffic but does not achieve the isolation required for sensitive data. Configuring all devices with static IP addresses (D) does not contribute to network segmentation or enhanced security for patient data.
39. A healthcare facility is upgrading its storage systems and needs to securely dispose of old electronic storage devices. Which data destruction method ensures compliance with data privacy regulations?
Overwriting data on the devices with random data multiple times (B) ensures compliance with data privacy regulations as it makes data recovery highly unlikely by repeatedly replacing the existing data. Deleting patient files (A) and reformatting the storage devices (D) do not fully remove the data and leave it recoverable with specialized tools. Backing up data to a cloud service before disposal (C) does not address the secure destruction of the original storage devices and could introduce risks if not properly managed.
40. A financial institution detected an unauthorized transfer of funds from one of its accounts. The investigation revealed that the attacker had inserted malicious code into the institution's website that intercepted and altered transaction data as it was being processed. Which type of threat does this scenario represent?
The correct answer is C. Man-in-the-Browser Attack. This scenario represents a type of threat where malicious code is inserted into a web application to intercept and modify transaction data, which is characteristic of a man-in-the-browser attack. Option A (Cross-Site Scripting) is incorrect because XSS involves injecting malicious scripts into web pages to execute on the client-side, which typically does not alter transaction data directly. Option B (SQL Injection) is incorrect as it involves manipulating a database query by injecting malicious SQL code, which would not intercept and alter transaction data in transit. Option D (Buffer Overflow) is incorrect as it involves overloading a program’s buffer with excessive data to cause it to crash or behave unexpectedly, not intercepting and altering data.
41. An organization deploys a Host-based Intrusion Detection System (HIDS) on its critical servers. One of the HIDS generates an alert for a modification to the system’s kernel files, which were not scheduled for any updates. What is the most likely reason for this alert?
The correct answer is B. Malware attempting to gain root access. The HIDS alert for a modification to the system's kernel files suggests an unauthorized attempt to alter critical system files, which is a common tactic used by malware to gain elevated privileges and control over the system. Option A (Network congestion) is incorrect because network issues do not affect kernel files and would not trigger a HIDS alert. Option C (Routine software update) is incorrect as updates are usually scheduled and authorized, and the system would likely recognize and log them as legitimate. Option D (System backup operation) is incorrect because backups involve copying data, not modifying system kernel files, and would not trigger this type of alert.
42. A company's security awareness training emphasizes the importance of data confidentiality. What practical measure should employees take to ensure data confidentiality during a business trip?
To maintain data confidentiality, employees should use encrypted storage devices (A), which protect sensitive information even if the device is lost or stolen. Sharing documents through email (B) can expose them to unauthorized access if not properly encrypted. Discussing confidential information in public places (C) poses a risk of eavesdropping. Accessing resources through public Wi-Fi without a VPN (D) increases the likelihood of data interception, compromising confidentiality.
43. A healthcare organization needs to ensure that sensitive patient data transmitted between remote clinics and the main hospital is secure. What is the most appropriate VPN configuration to achieve this?
A Site-to-Site VPN with IPsec encryption (A) provides robust security for transmitting sensitive patient data between remote clinics and the main hospital, ensuring data confidentiality and integrity. Remote Access VPN with PPTP (B) is less secure due to weak encryption. Intranet VPN with basic encryption (C) may not provide adequate security for sensitive data. Extranet VPN with SSL (D) is typically used for secure external partner access, not for connecting internal sites.
44. An organization experiences a data breach and needs to investigate access logs to identify the source of the breach. Which feature is most crucial for the logs to support an effective investigation?
Detailed timestamps for each log entry are crucial for correlating access events with specific incidents, which aids in the effective investigation of the data breach (A). Weekly summaries (B) provide an overview but lack detailed information. Hard copy logs (C) are cumbersome and inefficient for detailed analysis. Anonymized user data (D) hinders the ability to identify the source of the breach accurately.
45. An IT company needs to provide secure access for its remote developers to access internal code repositories. They require a VPN solution that is easy to deploy and use without needing to install special client software. Which solution should they choose?
SSL VPN (B) provides secure access to internal resources, such as code repositories, through a web browser without needing special client software, making it easy to deploy and use for remote developers. IPsec VPN (A) typically requires client software for secure connections. Site-to-Site VPN (C) is not intended for individual remote access. PPTP VPN (D) is outdated and less secure compared to SSL VPN.
46. A company’s physical access control system generates extensive logs. To manage and utilize these logs effectively for security purposes, what should be the primary focus?
Automated log analysis tools with alerting capabilities allow for efficient management and real-time monitoring of logs, enabling quick identification of security incidents and trends (B). Daily manual reviews (A) are impractical due to the volume of logs. Archiving logs externally (C) is good for backup but does not facilitate active monitoring. Limiting log generation to critical events (D) may lead to missing important contextual data.
47. A financial institution needs to secure its sensitive data from various types of cyber threats. Which practice best illustrates the application of defense in depth?
Using a combination of firewalls, access controls, data encryption, and regular vulnerability assessments (B) illustrates a defense-in-depth approach by providing multiple layers of security to protect sensitive data against various threats. Encrypting sensitive data only (A) is important but insufficient on its own. Relying solely on user authentication (C) does not address other security threats. Implementing a network-wide VPN without additional controls (D) provides secure communication but lacks comprehensive protection.
48. A manufacturing facility has implemented a gate entry system to control access to its premises. Despite this, unauthorized vehicles have been reported inside the facility. What is the most effective immediate action to enhance the security of the gate entry system?
Installing an automatic license plate recognition system enhances security by automatically verifying and recording vehicle entries, ensuring that only authorized vehicles are allowed inside (B). Increasing security patrols (A) may deter unauthorized access but does not directly address the gate entry issue. Providing temporary access cards (C) is useful for visitor management but does not control vehicle access. Replacing the gate system with manual checks (D) is less efficient and may lead to human error.
49. A NIDS alert reports that a large number of SYN packets are being sent to a specific server in rapid succession from multiple external IP addresses, but the connections are not being completed. What type of attack is the NIDS likely identifying?
The correct answer is B. SYN Flood. The NIDS alert indicating numerous SYN packets being sent in rapid succession without completing the connections is characteristic of a SYN flood attack. This attack overwhelms the target server by sending many connection requests (SYN packets) without finishing the handshake, leading to resource exhaustion. Option A (Man-in-the-Middle) is incorrect because MITM involves intercepting and potentially altering communications between two parties, not flooding a server with connection requests. Option C (SQL Injection) is incorrect as it involves injecting malicious SQL code into a database query, not SYN packets. Option D (Cross-Site Scripting) is incorrect because XSS involves injecting malicious scripts into web pages, not sending SYN packets to a server.
50. A tech startup is leveraging a hybrid cloud to scale its resources dynamically. What is a key security challenge they should address to protect their hybrid cloud environment?
Securing data transfers between cloud and on-premises systems (B) is a key challenge in a hybrid cloud environment, as it involves protecting data from interception and ensuring secure communication channels. Ensuring 24/7 support (A) is beneficial but not specific to data security. Using open-source tools (C) is a strategic choice but not directly related to securing data transfers. Relying solely on the public cloud (D) for critical workloads negates the benefits of a hybrid cloud and can pose security risks.
51. As part of a change management policy, all changes must be reviewed by a Change Advisory Board (CAB) before implementation. What is the main advantage of this requirement?
The correct answer is B. The CAB reviews changes to provide a collective evaluation of the potential impacts, ensuring that changes are carefully considered from multiple perspectives, which helps in making well-informed decisions that enhance system stability and security. Option A (It ensures that changes are documented and traceable) is a benefit but not the main advantage of involving a CAB. Option C (It accelerates the process of change approval) is incorrect, as the CAB might actually add to the review time. Option D (It reduces the number of changes implemented in a year) is not relevant to the purpose of evaluating the impacts of each change.
52. A security team receives an alert from the HIDS indicating that a critical configuration file on a server has been modified. The team confirms that no authorized changes were scheduled for that file. What should be their immediate next step?
The correct answer is C. Investigate the source and reason for the modification. The HIDS alert indicates an unauthorized change to a critical configuration file, and it is essential to understand how and why this modification occurred to determine if it is part of a malicious activity. Option A (Restore the file from backup) is incorrect as an immediate action because it does not address the underlying cause of the modification and could result in further compromise. Option B (Reboot the server) is incorrect because it could disrupt operations and does not help in understanding the cause of the modification. Option D (Ignore the alert) is incorrect because the alert signals a potential security incident that requires investigation.
53. During a cybersecurity training session, employees are taught how an attacker might intercept and read emails by sitting between the communication lines of the sender and receiver without either party knowing. What type of attack are the employees learning about?
The correct answer is B. Man-in-the-Middle (MITM). This training scenario describes an attacker who intercepts and reads emails between a sender and receiver without either party's knowledge, which is indicative of a MITM attack. MITM attacks involve eavesdropping on or altering the communication between two parties. Option A (Denial of Service) is incorrect because DoS attacks aim to disrupt services, not intercept communications. Option C (Phishing) is incorrect because phishing involves tricking users into revealing sensitive information, typically through deceptive emails or websites, and does not involve intercepting communications. Option D (Ransomware) is incorrect as ransomware encrypts files and demands payment for decryption, which does not involve intercepting communication.
54. A network administrator notices that several employees have been redirected to malicious websites despite typing the correct URLs for trusted sites. The issue is traced back to an attacker who has intercepted and altered the DNS requests made by these employees. What type of network threat does this represent?
The correct answer is B. Man-in-the-Middle (MITM). This scenario describes an attacker intercepting and altering DNS requests to redirect users to malicious websites, which is a type of MITM attack that involves intercepting and modifying network communications. Option A (Trojan Horse) is incorrect because a Trojan disguises itself as legitimate software to trick users, but it does not typically involve intercepting and altering network traffic. Option C (Phishing) is incorrect because phishing involves tricking users into revealing sensitive information, often through deceptive emails or websites, rather than intercepting and altering DNS requests. Option D (Virus) is incorrect because viruses attach to files and require user interaction to spread, and they do not involve intercepting and altering DNS requests.
55. A company is transitioning to a new email system and needs to migrate data. Which approach should be taken to comply with the principle of least privilege?
Option B is correct because it ensures that the migration team only has access to the specific data needed for their task, minimizing unnecessary exposure to sensitive information. This adheres to the principle of least privilege by limiting access strictly to what is necessary. Option A (A) and D (D) provide too broad access, which can lead to potential misuse or security issues. Option C (C) limits their ability to perform the migration as it does not allow for necessary modifications.
56. An IT department is responsible for maintaining the security of all systems within the organization. They have noticed that some critical systems are frequently missing security updates. Which practice should they implement to ensure timely application of these updates?
The correct answer is B. Setting up automatic update scheduling ensures that updates are applied promptly, reducing the risk of vulnerabilities due to missed updates. This approach minimizes manual intervention and helps maintain system security consistently. Option A (Implement a change management process) is essential for overseeing changes but may not ensure timely updates. Option C (Conduct manual updates) can be inconsistent and lead to delays in applying updates. Option D (Disable all updates) increases the risk of security breaches as it leaves systems vulnerable to known threats.
57. An organization has implemented an IPS that is capable of deep packet inspection. Which benefit does deep packet inspection provide in an IPS?
The correct answer is A. It can identify and block traffic based on application data within the packets. Deep packet inspection allows the IPS to analyze the data payload of packets, enabling it to identify and block malicious traffic based on the application data, which provides more precise threat detection. Option B (It reduces the number of alerts) is incorrect as deep packet inspection itself does not inherently reduce alerts; it provides more detailed analysis. Option C (It increases the speed of network traffic) is incorrect because deep packet inspection typically adds latency due to the detailed analysis. Option D (It replaces the need for other security controls) is incorrect because no single security control can address all potential threats, and a layered approach is necessary.
58. A financial institution requires high availability for its database servers. Which redundancy configuration should they implement to achieve this goal?
Active-active clustering (B) involves multiple servers running simultaneously, providing redundancy and load balancing for high availability. RAID 5 on a single server (A) offers redundancy for disk failures but not for server-level failures. Nightly backups to an offsite location (C) provide data recovery but do not ensure high availability. Network-attached storage (NAS) without replication (D) lacks the necessary redundancy for high availability.
59. A retail company needs to ensure that only authorized devices can access its point-of-sale (POS) network. Which NAC solution should they implement to achieve this?
Implementing 802.1X port authentication (B) ensures that only authorized devices can connect to the POS network by requiring authentication at the network port level, enhancing security for critical systems. Open network access with logging (A) does not prevent unauthorized access. Static IP allocation (C) helps manage devices but does not enforce access control. Using a public Wi-Fi network (D) is insecure and not suitable for POS systems.
60. A healthcare organization must label patient data to comply with regulatory requirements. Which label should be used for patient records to indicate that they must be handled with the highest level of security?
The appropriate label for patient records that must be handled with the highest level of security is "Restricted Access" (B), indicating that the data is highly sensitive and access should be strictly controlled to protect patient privacy and comply with regulatory requirements. General (A) is too vague and does not imply the need for high security. For Internal Use Only (C) suggests lower sensitivity than required for patient data. Public Information (D) is inappropriate for patient records as it implies that the data can be freely accessed by the public.
61. An organization is experiencing WiFi connectivity issues where devices frequently disconnect and the signal strength is weak in certain areas. Which factor is most likely causing these issues, and how can it be mitigated?
Interference from other WiFi networks (A) can cause connectivity issues and weak signal strength, especially if neighboring networks are using the same or overlapping channels. Changing the WiFi channel to one that is less congested can help mitigate these issues and improve signal strength. Insufficient bandwidth (B) would lead to slow internet speeds but not necessarily weak signal strength. Outdated network drivers (C) could cause connectivity issues for individual devices but are not likely to impact the overall network signal strength. High network latency (D) affects the speed of data transmission but does not typically cause weak signals or frequent disconnections.
62. An IT company needs to ensure that their cloud service provider can meet their disaster recovery needs. Which part of the Cloud Service-Level Agreement (SLA) should they examine?
The disaster recovery time objectives (A) in the Cloud Service-Level Agreement (SLA) specify the maximum time that the cloud provider will take to restore services after a disaster, ensuring that the IT company’s business continuity needs are met. Customer support response times (B) are important for addressing issues but not directly related to disaster recovery. Service scalability options (C) refer to the ability to scale resources but not disaster recovery. Network bandwidth limitations (D) address data transfer capacities, not recovery times.
63. A government agency is deploying sensitive applications on an IaaS platform. Which feature is essential to ensure secure and compliant access to these applications?
Ensuring that the IaaS provider complies with government security standards and can audit access logs (A) is essential for secure and compliant access to sensitive applications. This provides assurance that the platform meets required security protocols and allows for monitoring and auditing access. The availability of customizable virtual machine templates (B), the provider’s geographic location (C), and the number of virtual CPUs (D) are relevant for operational purposes but not specifically for security compliance.
64. A company’s data center is located in a coastal area prone to high humidity. To protect their network infrastructure from environmental damage, what control should they implement?
Using dehumidifiers (B) helps maintain appropriate humidity levels, preventing condensation and corrosion in high-humidity environments, thus protecting network infrastructure. Increasing air conditioning capacity (A) may help with temperature control but does not address humidity directly. Open racks (C) improve ventilation but are not effective for controlling humidity. Reducing temperature (D) alone does not mitigate the risk of high humidity.
65. An organization’s NIDS has detected an increase in ICMP traffic from multiple internal hosts to an external IP address. The traffic patterns suggest that the internal hosts are sending large volumes of ping requests simultaneously. What type of attack should the security team be concerned about?
The correct answer is B. ICMP Flood. The NIDS detecting an increase in ICMP traffic, particularly large volumes of ping requests from multiple internal hosts to an external IP, suggests an ICMP flood attack. This type of attack involves overwhelming the target with ICMP packets, typically to disrupt services. Option A (SQL Injection) is incorrect because SQL injection involves manipulating database queries through malicious SQL code, not ICMP traffic. Option C (Phishing) is incorrect as phishing involves deceptive attempts to acquire sensitive information, not generating ICMP traffic. Option D (DNS Cache Poisoning) is incorrect because it involves corrupting DNS cache entries to redirect traffic, not flooding with ICMP packets.
66. A healthcare organization is adopting a Software as a Service (SaaS) platform to manage patient records. What is a critical security consideration they should ensure the SaaS provider addresses?
Ensuring data encryption in transit and at rest (B) is critical for protecting sensitive patient records in a SaaS environment, as it prevents unauthorized access to data both during transmission and while stored on the provider’s servers. A customizable user interface (A) is important for usability but not for security. Availability of offline access (C) may be convenient but does not address data protection. User training on SaaS features (D) is necessary for effective use but does not ensure data security.
67. A network administrator is troubleshooting connectivity issues in a network where several devices are unable to access the internet. The administrator discovers that all affected devices have IP addresses starting with "169.254". What does this indicate about the issue?
IP addresses starting with "169.254" indicate that the devices are using an Automatic Private IP Addressing (APIPA) address (B), which is automatically assigned when they cannot obtain an IP address from the DHCP server. This typically signifies a problem with the DHCP server or the devices' ability to communicate with it. Using an outdated network driver (A) might cause other issues, but it wouldn't result in an APIPA address. Static IP addresses (C) are manually assigned and would not fall in the "169.254" range unless misconfigured. Different VLAN configuration (D) might lead to connectivity issues but is not related to APIPA addressing.
68. A company wants to implement MAC to control access to its proprietary research data. Which configuration best demonstrates the correct application of MAC principles?
Option B is correct because it aligns with MAC principles by defining and enforcing access levels based on roles and job functions. The system controls access based on predefined policies, ensuring that users can only access data appropriate for their role and clearance level. Option A (A) allows discretionary access, which is contrary to MAC. Option C (C) involves manual approval, which is not consistent with the automatic enforcement of MAC. Option D (D) suggests a flexible system that does not adhere to the rigid and predefined access controls of MAC.
69. An IT team is setting up a network for a remote office and wants to ensure that devices can communicate with each other without any IP address conflicts. Which type of IP address assignment should be used to avoid conflicts and ensure proper network communication?
Dynamic IP assignment (B) uses DHCP to automatically assign IP addresses to devices, ensuring no conflicts occur and each device receives a unique IP address within the specified range. This helps manage IP addresses efficiently and avoids manual errors. Static IP assignment (A) requires manual configuration and can lead to conflicts if not managed carefully. Reserved IP assignment (C) is used for specific devices needing a consistent IP address, typically alongside dynamic assignment for other devices, but alone does not prevent conflicts. APIPA assignment (D) is used for auto-assigning IP addresses when DHCP is unavailable and is not suitable for planned network configurations.
70. During a security awareness training session, employees are taught the importance of reporting suspicious activity. Which of the following scenarios demonstrates successful application of this training?
Reporting unusual activities, such as suspicious login attempts (C), directly supports the security posture by enabling timely responses to potential threats. Changing a password (A) is a good practice but does not involve reporting. Deleting a suspicious email (B) is preventive but does not provide valuable information to the security team. Installing antivirus software (D) is useful for personal device security but is not directly related to reporting suspicious activities as covered in awareness training.
71. During a routine audit, an IT team discovers that the antivirus software on several machines has not been updated for several months. What is the most immediate risk associated with this situation?
The correct answer is C. Potential exposure to new malware threats. Outdated antivirus software cannot detect new malware, leaving systems vulnerable to infections from threats that have emerged since the last update. Option A (Increased vulnerability to zero-day exploits) is incorrect because antivirus updates primarily provide protection against known threats, while zero-day exploits are new and unknown vulnerabilities. Option B (Reduced performance of the antivirus software) is incorrect because performance is not directly impacted by the lack of updates; it’s the efficacy of detection that is affected. Option D (Inability to detect hardware failures) is incorrect because antivirus software does not detect hardware issues.
72. A company employs security guards to patrol the premises and respond to security incidents. To improve the guards’ response time to incidents, which of the following actions should the company take?
Providing guards with mobile devices equipped with real-time communication capabilities allows for quick coordination and response to incidents, improving overall security response times (B). Increasing static guard posts (A) does not enhance mobility or response time. Monthly drills (C) are useful for practice but do not directly improve real-time response. Using surveillance cameras (D) is complementary but does not replace the need for immediate physical response by guards.
73. An organization wants to prevent external attacks from reaching its internal network while allowing necessary outbound traffic. Which type of firewall rule is most appropriate for this scenario?
The correct answer is B. Outbound allow, inbound block. This rule configuration allows the organization to permit necessary outbound traffic while blocking unsolicited inbound traffic, thereby preventing external attacks from reaching the internal network. Option A (Inbound allow, outbound block) is incorrect because it would allow external attacks to reach the internal network while blocking legitimate outbound traffic. Option C (Allow all traffic) is incorrect because it does not provide any security and would allow all traffic, including potential attacks, to pass through. Option D (Block all traffic) is incorrect as it would prevent all communications, both inbound and outbound, which is not practical for business operations.
74. A company is located in an area prone to frequent power surges, which have previously damaged network equipment. To protect their on-premises network infrastructure, what device should they install?
A UPS with built-in surge protection (A) provides both continuous power during outages and protection against power surges, safeguarding equipment from damage. An Automatic Transfer Switch (ATS) (B) switches the power source from main supply to backup but does not provide surge protection. A power inverter (C) converts DC to AC power, useful for off-grid systems but not for surge protection. A Battery Backup Unit (BBU) (D) provides backup power but does not inherently protect against surges.
75. A financial institution wants to protect its internal systems from potential threats originating from guest devices connected to the network. Which segmentation approach is most effective?
Creating a separate VLAN for guest devices (A) ensures that these devices are isolated from the main corporate network, reducing the risk of threats spreading to internal systems. Allowing guest devices to connect to the main corporate network (B) exposes internal systems to potential security risks. Using the same IP range for all devices (C) does not provide isolation and can lead to security vulnerabilities. Disabling DHCP for guest devices (D) does not isolate them from the corporate network and can create configuration issues.
76. An organization uses an alarm system to secure its critical infrastructure. To ensure immediate response to alarm activations, which of the following should be implemented?
Connecting the alarm system to a 24/7 monitoring service ensures that any alarm activation is immediately noticed and responded to, providing continuous protection (B). Training employees to reset the alarm (A) is not a timely response strategy. Allowing law enforcement access to the controls (C) could lead to security risks and is not a standard practice. Placing the control panel in a public area (D) compromises security.
77. An organization enforces a password history policy that prevents users from reusing any of their last five passwords. What is the main benefit of this policy?
The correct answer is D. A password history policy that prevents users from reusing their last few passwords helps mitigate the risk of password recycling, where users might otherwise reuse passwords, making it easier for an attacker to guess or compromise accounts over time. Option A (It reduces the administrative burden of managing passwords) is incorrect, as managing such policies could add to the administrative workload. Option B (It prevents users from selecting commonly used passwords) is related but not the main benefit, as the focus is on reusing old passwords rather than commonly used ones. Option C (It ensures that passwords are changed regularly) is not entirely accurate since regular changes are enforced by a separate policy, such as password expiration.
78. A company's BYOD policy includes a provision that all devices must have up-to-date antivirus software. What is the main security benefit of this requirement?
The correct answer is B. Requiring up-to-date antivirus software on personal devices helps prevent malware infections that could compromise company data stored or accessed on those devices. Option A (It ensures devices run more efficiently) is incorrect as the primary goal is security, not efficiency. Option C (It allows employees to use their devices without restrictions) is not true because the policy enforces restrictions for security reasons. Option D (It simplifies the IT department's workload) is not the main focus, as the policy aims to protect company data.
79. After implementing a new firewall, a company noticed a significant increase in network traffic coming from a specific external IP address attempting to connect to various internal ports. The traffic was identified as probing attempts to find vulnerabilities in the network services. What type of network threat is this an example of?
The correct answer is B. Port Scanning. This scenario describes a situation where an external IP address is making multiple connection attempts to various internal ports to identify open ports and vulnerabilities, which is characteristic of port scanning. Option A (Malware) is incorrect because malware refers to malicious software designed to damage, disrupt, or gain unauthorized access to systems, not to probe for open ports. Option C (Phishing) is incorrect as phishing involves deceptive emails or messages designed to trick users into revealing sensitive information, not scanning network ports. Option D (Denial of Service) is incorrect as it involves overwhelming a network or service with excessive traffic to render it unavailable, not systematically probing for vulnerabilities.
80. An organization is required to dispose of physical documents that contain sensitive information. Which method of data destruction is most appropriate for these documents?
The most appropriate method for securely destroying physical documents containing sensitive information is shredding them using a cross-cut shredder (B), as it cuts the documents into small, unreadable pieces, making data reconstruction extremely difficult. Throwing the documents in the trash (A) exposes them to unauthorized access. Storing the documents in a secure offsite location (C) does not destroy the data and only delays potential access. Scanning and storing digital copies (D) does not destroy the physical documents and introduces the risk of digital exposure.
81. An IT department finds that several workstations are connecting to a known malicious IP address. The connections occur periodically and transmit small amounts of data. The users of these workstations deny any knowledge of these connections. What type of threat does this most likely represent?
The correct answer is A. Malware Beaconing. The scenario describes workstations periodically connecting to a known malicious IP address and transmitting small amounts of data, which is indicative of malware beaconing. Beaconing involves malware communicating with a command and control server to receive instructions or send status updates. Option B (Insider Threat) is incorrect because insider threats involve malicious actions by authorized users, not hidden communications by malware. Option C (Network Scanning) is incorrect because network scanning involves searching for open ports or vulnerabilities, not periodic connections to a malicious server. Option D (Social Engineering) is incorrect because social engineering involves manipulating individuals to gain access or information, not hidden malware communications.
82. A company has recently installed an alarm system to protect its server room from unauthorized access. However, there have been multiple false alarms, causing disruptions. What is the most effective action to reduce false alarms while maintaining security?
Conducting regular maintenance checks and recalibrating the sensors helps ensure that the alarm system functions accurately, reducing false alarms while maintaining security (B). Increasing the sensitivity of the sensors (A) may lead to more false alarms. Deactivating the alarm during working hours (C) compromises security. Installing additional alarms (D) does not address the root cause of the false alarms and can lead to desensitization.
83. A network engineer is tasked with setting up secure communication for a company's email system, which involves the establishment of connections and data transfer. At which TCP/IP layer should the engineer focus to implement protocols like TLS?
The Application layer (A) of the TCP/IP model is where protocols like TLS (Transport Layer Security) are implemented to secure data transmissions for applications such as email. TLS encrypts data to protect it during transit. The Transport layer (B) manages end-to-end communication and provides services like TCP for reliable data transfer but does not handle encryption directly. The Internet layer (C) focuses on IP addressing and routing of packets and does not manage application-level security. The Network Interface layer (D) handles the physical transmission of data over the network and does not implement higher-level security protocols like TLS.
84. A company wants to prevent configuration drift in its servers due to unauthorized changes. Which of the following actions best addresses this requirement?
The correct answer is A. Establishing a baseline configuration and regularly auditing for changes helps to identify and rectify unauthorized changes, thereby preventing configuration drift. This practice ensures that systems remain compliant with the desired state. Option B (Implementing a robust firewall policy) is critical for network security but does not address configuration drift directly. Option C (Enforcing strong password policies) is important for access control but does not prevent configuration drift. Option D (Scheduling regular system backups) is a recovery measure and does not prevent or identify unauthorized changes.
85. An educational institution is planning to move its learning management system to an IaaS platform. What security feature should they prioritize to protect student data?
Prioritizing data encryption both in transit and at rest (B) ensures that student data is protected from unauthorized access and breaches, safeguarding personal information and complying with data protection laws. The aesthetic design of the IaaS management console (A) and the ability to host multiple websites (C) do not directly address data security. Integration with social media platforms (D) is not relevant to securing student data.
86. A company's network security policy mandates that all traffic from the internet must be inspected and filtered before reaching internal servers. Which type of firewall configuration should the company implement to ensure compliance with this policy?
The correct answer is B. Application Layer Firewall. Application layer firewalls can inspect and filter traffic at the application level, providing detailed analysis and filtering of incoming internet traffic before it reaches internal servers. This ensures compliance with the company's policy to inspect and filter all internet traffic. Option A (Stateless Packet Filtering) is incorrect because it only inspects packets based on predefined rules without analyzing the application layer, which may not provide sufficient filtering. Option C (Network Address Translation) is incorrect because NAT primarily hides internal IP addresses from external networks but does not inspect or filter traffic. Option D (Demilitarized Zone) is incorrect as a DMZ is a network segment used to isolate external-facing services but does not itself filter traffic.
87. A company is deploying a new web-based application that requires secure data transmission between the clients and the server. Which protocol should be used to encrypt the data in transit and ensure confidentiality?
HTTPS (C) is the secure version of HTTP and uses SSL/TLS to encrypt data transmitted between the client and the server, ensuring confidentiality and integrity of the data. HTTP (A) does not provide encryption and transmits data in plaintext, which is insecure. FTP (B) is used for transferring files and does not inherently provide secure data transmission unless supplemented with additional security protocols like FTPS or SFTP. Telnet (D) is used for remote command-line access but transmits data, including credentials, in plaintext, making it insecure for sensitive data transmission.
88. An employee is setting up a new password for their work account. According to the company's security awareness training on password protection, which of the following is the best practice for creating a secure password?
The best practice for creating a secure password involves using a combination of different character types (A) to enhance complexity and reduce the likelihood of brute force or dictionary attacks. A simple and memorable word related to work (B) is easy to guess and not secure. Using the same password across multiple accounts (C) is risky because if one account is compromised, all others are vulnerable. Personal information like birthdates or pet names (D) can be easily guessed or found through social engineering, making it insecure.
89. A company uses hashing to verify the integrity of files shared between departments. How does the hashing process contribute to maintaining data integrity?
Hashing contributes to maintaining data integrity by generating a unique hash value (C) that can be compared before and after transmission to ensure that the file has not been altered. Hashing does not encrypt files (A); it verifies their integrity. It does not allow retrieval of original files from hash values (B), as hashing is a one-way function. Hash verification does not require a shared secret key (D), as it relies on comparing hash values.
90. A critical patch has been released to fix a zero-day vulnerability. What should be the first step to secure the organization's systems?
The correct answer is B. Assessing the impact of the vulnerability and testing the patch in a controlled environment helps ensure that the patch does not introduce new issues, while promptly addressing the security threat. This balanced approach mitigates risks while maintaining system stability. Option A (Immediately apply the patch) can be risky without understanding potential side effects. Option C (Wait for confirmation) delays protection against the zero-day vulnerability. Option D (Inform users) is not effective for ensuring comprehensive security coverage.
91. A corporate IT department needs to enforce security policies on all devices attempting to connect to the internal network. Which NAC component is crucial for evaluating and enforcing these policies?
A posture validation server (B) is a critical component of NAC, responsible for evaluating devices against security policies (such as antivirus status and patch levels) and enforcing compliance before granting network access. An Access Control List (ACL) (A) can restrict network access based on IP addresses or protocols but does not evaluate device compliance. A DHCP server (C) assigns IP addresses but does not enforce security policies. A network switch (D) provides connectivity but does not perform compliance checks.
92. A corporate office complex uses a gate entry system that requires employees to swipe their access cards to enter. Recently, there have been complaints about long entry times during peak hours. Which solution would best address this issue while maintaining security?
Installing additional entry gates can help alleviate congestion by providing more points of entry, thus reducing wait times while maintaining the security of the access control system (A). Allowing entry without swiping cards (B) compromises security. Increasing security personnel (C) may help with processing but is not as efficient as adding more gates. Implementing a biometric system (D) might increase security but does not directly address the issue of long entry times during peak hours.
93. An online banking system uses hashing to protect transaction logs. Which property of hashing ensures that attackers cannot generate the same hash value as a legitimate transaction?
Strong hash functions make it computationally infeasible to find two different inputs that produce the same hash value (D), ensuring that attackers cannot generate the same hash value as a legitimate transaction, thus protecting the integrity of transaction logs. Collisions in hash functions (A) are undesirable and indicate weakness in the hash function. Producing a fixed-size output regardless of input size (B) is a characteristic of hash functions but does not specifically prevent attacks. Hash functions being deterministic (C) means the same input will always produce the same hash, which is not relevant to the uniqueness of the hash.
94. A security analyst needs to monitor the WiFi network for unauthorized access attempts. Which tool or method should be used to detect and identify unauthorized devices attempting to connect to the network?
An Intrusion Detection System (IDS) (B) is designed to monitor network traffic for suspicious activities and unauthorized access attempts. It can detect and alert on potential security threats, including unauthorized devices trying to connect to the WiFi network. A network sniffer (A) captures and analyzes network traffic but does not automatically detect unauthorized access attempts. Access Point logs (C) can provide information about connected devices, but manual monitoring is required to identify unauthorized devices. Packet filtering (D) involves controlling access to the network based on specific criteria, but it does not provide monitoring or detection capabilities.
95. A financial institution needs to ensure that its data center's HVAC system is operating efficiently to maintain optimal temperatures for sensitive equipment. Which method should they use to monitor and adjust the temperature levels dynamically?
Networked temperature sensors and controls (B) allow for real-time monitoring and dynamic adjustment of temperature levels, ensuring that the HVAC system operates efficiently and maintains optimal conditions for sensitive equipment. Manual thermostat adjustments (A) are less precise and do not offer real-time control. Portable air conditioners (C) are typically insufficient for maintaining temperature in a data center. Opening windows for natural ventilation (D) is not appropriate for maintaining the controlled environment required in a data center.
96. A software developer needs to troubleshoot a bug in a payroll application. To adhere to the principle of least privilege, what is the best way to provide access?
Option B is correct as it provides the necessary access for troubleshooting within a controlled test environment, adhering to the principle of least privilege by preventing unnecessary access to live sensitive data. Option A (A) and D (D) grant more access than needed and to a live environment, which increases the risk of data compromise or unintended changes. Option C (C) still exposes the developer to live sensitive data unnecessarily, which does not align with the principle of least privilege.
97. A retail company wants to set up a public-facing web application server and ensure that their internal systems are protected from potential attacks on this server. What is the most secure approach?
Placing the web application server in a DMZ and using a firewall to restrict access to the internal network (A) isolates the public-facing server from internal systems, enhancing security. Placing the server in the internal network with public IP addresses (B) exposes internal systems. A dedicated VLAN within the internal network (C) or on the same subnet (D) does not provide adequate isolation from potential threats.
98. A financial firm is migrating part of its operations to a hybrid cloud environment. Which practice should they adopt to manage and secure data across both cloud and on-premises systems?
Using a unified identity and access management system (B) helps manage and secure data across both cloud and on-premises systems by providing consistent access controls and authentication mechanisms. Storing all data in the public cloud (A) might expose sensitive data. Allowing direct connections between users and the public cloud (C) increases security risks. Implementing different security policies (D) can lead to inconsistencies and potential security gaps.
99. In an organization with a MAC system, a software engineer attempts to modify a security protocol classified as "Highly Confidential." The engineer’s clearance level is "Confidential." What action should the MAC system take?
Option B is correct as the MAC system would automatically deny the modification request since the engineer’s clearance level is insufficient for accessing "Highly Confidential" information. This ensures that access policies are strictly enforced based on predefined security classifications. Option A (A) allows the modification, which violates MAC principles. Option C (C) suggests temporary access, which is not in line with the strict enforcement of MAC. Option D (D) involves requesting higher access, which is not compatible with the automatic, non-discretionary nature of MAC.
100. An organization wants to reduce the environmental impact of its data center while maintaining optimal performance. Which approach should they take?
Implementing a hot aisle/cold aisle configuration (B) optimizes cooling efficiency by managing airflow and reducing energy consumption, aligning with the goal of reducing environmental impact. Increasing lighting (A) does not affect cooling efficiency and can increase energy use. More power-hungry cooling systems (C) would increase environmental impact due to higher energy consumption. Using open racks (D) without a proper cooling strategy can lead to inefficient airflow management.
Your score is
Restart quiz
