A chief information officer (CIO) recently read an article involving a similar
company that was hit with ransomware due to ineffective patch-management
practices. The CIO tasks a security professional with gathering me
...
A chief information officer (CIO) recently read an article involving a similar
company that was hit with ransomware due to ineffective patch-management
practices. The CIO tasks a security professional with gathering metrics on the
effectiveness of the company's patch-management program to avoid a similar
incident. Which method enables the security professional to gather current,
accurate metrics? ---Answer: Review authenticated vulnerability scan reports
A combined mail server and calendaring server environment contains no secure
sockets layer (SSL) certificate.Which security principle of the CIA triad is
affected by the lack of an SSL certificate? ---Answer: Confidentiality
A company develops a business continuity plan in addition to an emergency
communication plan. What should be included in the company's emergency
communication plan? Choose 2 answers. ---Answer: Alternate means of contact
Backup people for each role
A company does not have a disaster recovery plan (DRP) and suffers a multiday
power outage. Which provisioning should the company perform to provide stable
power for a long period of time? ---Answer: Purchase generators
A company has identified a massive security breach in its healthcare records
department. Over 50% of customers' personally identifiable information (PII) has
been stolen. The customers are aware of the breach, and the company is taking
actions to protect customer assets through the personal security policy, which
addresses PII data.Which preventive measure should the company pursue to protect
against future attacks? ---Answer: Use network-based and host-based firewalls
A company has signed a contract with a third-party vendor to use the vendor's
inventory management system hosted in a cloud. For convenience, the vendor set
up the application to use Lightweight Directory Access Protocol (LDAP) queries
but did not enable secure LDAP queries or implement a secure sockets layer (SSL)
on the application's web server. The vendor does not have the ability to secure
the system, and company management insists on using the application. Which
defense-in-depth practices should the company implement to minimize the
likelihood of an account compromise due to insecure setup by the vendor?
---Answer: Location-based access control and multifactor authentication
A company has user credentials compromised through a phishing attack. Which
defense-in-depth practice will reduce the likelihood of misuse of the user's
credentials? ---Answer: Deploy multifactor authentication
A company hires several contractors each year to augment its IT workforce. The
contractors are granted access to the internal corporate network, but they are
not provided laptops containing the corporate image. Instead, they are required
to bring their own equipment. Which defense-in-depth practice should be required
for contractor laptops to ensure that contractors do not connect infected
laptops to the internal corporate network? ---Answer: Ensure antimalware
software and signatures are updated
A company is concerned about loss of data on removable media when media are lost
or stolen. Which standard should this company implement on all flash drives?
---Answer: Encryption
A company is concerned about securing its corporate network, including its
wireless network, to limit security risks. Which defense-in-depth practice
represents an application of least privilege? ---Answer: Disable wireless access
to users who do not need it
A company is concerned about unauthorized network traffic. Which procedure
should the company implement to block FTP traffic? ---Answer: Filter ports 20
and 21 at the firewall
A company is concerned about unauthorized programs being used on network
devices. Which defense-in-depth strategy would help eliminate unauthorized
This study source was downloaded by 100000831988016 from CourseHero.com on 08-10-2022 04:20:40 GMT -05:00
https://www.coursehero.com/file/92939885/OA-Prep-2-C795txt/
software on network devices? ---Answer: Use application controls tools and
update AppLocker group policies
A company is concerned about unneeded network protocols being available on the
network. Which two defense-in-depth practices should the company implement to
detect whether FTP is being used? Choose 2 answers. ---Answer: Perform automated
packet scanning
Implement application firewalls
A company is concerned that disgruntled employees are sending sensitive data to
its competitors. Which defense-in-depth practices assist a company in
identifying an insider threat? ---Answer: Data loss prevention (DLP) and audit
logs
A company is hit with a number of ransomware attacks. These attacks are causing
a significant amount of downtime and data loss since users with access to
sensitive company documents are being targeted. These attacks have prompted
management to invest in new technical controls to prevent ransomware. Which
defense-in-depth practices should this company implement? ---Answer: Spam
filtering and antimalware
A company is implementing a defense-in-depth approach that includes capturing
audit logs. The audit logs need to be written in a manner that provides
integrity. Which defense-in-depth strategy should be applied? ---Answer: Write
the data to a write-once, read-many (WORM) drive
A company is moving its database backups from an off-site location to an
alternate processing site warehouse using bulk transfers. Which type of database
recovery is this company employing? ---Answer: Electronic vaulting
A company is terminating several employees with high levels of access. The
company wants to protect itself from possible disgruntled employees who could
become potential insider threats. Which defense-in-depth practices should be
applied? ---Answer: Account revocation and conducting a vulnerability assessment
A company needs to improve its ability to detect and investigate rogue WAPs.
Which defense-in-depth practice should be used? ---Answer: Install a wireless
IDS to monitor irregular behavior
A company notices that someone keeps trying to access its system using different
passwords and usernames.What can help mitigate the success of this attack?
---Answer: Require a CAPTCHA
A company performs a data audit on its critical information every six months.
Company policy states that the audit cannot be conducted by the same employee
within a two-year timeframe. Which principle is this company following?
---Answer: Job rotation
A company presents team members with a disaster recovery scenario, asks members
to develop an appropriate response, and then tests some of the technical
responses without shutting down operations at the primary site. Which type of
disaster recovery test is being performed? ---Answer: Simulation
A company relies exclusively on a system for critical functions. An audit is
performed, and the report notes that there is no log review performed on the
system. Management has been tasked with selecting the appropriate person to
perform the log reviews in order to correct the deficiency. Which role is
responsible for reviewing and auditing logs in order to detect any malicious
behavior? ---Answer: Security administrator
A company wants to monitor the inbound and outbound flow of packets and not the
content. Which defense-in-depth strategy should be implemented? ---Answer:
Traffic and trend analyses should be installed on the router.
This study source was downloaded by 100000831988016 from CourseHero.com on 08-10-2022 04:20:40 GMT -05:00
https://www.coursehero.com/file/92939885/OA-Prep-2-C795txt/
A company wants to prevent cybercriminals from gaining easy access into its
email server. The company wants to know which user is accessing which resources
and to prevent hackers from easily gaining access to the server. Which defensein-depth strategy should be used? ---Answer: Authenticate users and devices and
log events within the network
A company wants to reduce the risk of an employee with internal knowledge
committing an act of sabotage once that employee is no longer with the company.
Which control should the company implement to mitigate this risk? ---Answer:
Enable an access termination procedure
A company's business operations are disrupted due to a flash flood. Which
consequences to business continuity should be addressed in the disaster recovery
plan? ---Answer: Evaluation of risk from possible flood damage
A company's database administrator requires access to a database server to
perform maintenance. The director of information technology will provide the
database administrator access to the database server but will not provide the
database administrator access to all the data within the server's database.
Which defense-in-depth practice enhances the company's need-to-know data access
strategy? ---Answer: Using compartmented mode systems and least privilege
A company's main asset is a physical working prototype stored in the research
and development department. The prototype is not currently connected to the
company's network. Which privileged user activity should be monitored?
---Answer: Accessing camera logs
A company's main asset is its client list stored in the company database, which
is accessible to only specific users. The client list contains Health Insurance
Portability and Accountability Act (HIPAA) protected data. Which user activity
should be monitored? ---Answer: Privilege escalation
A company's vulnerability management policy requires assessing a vulnerability
based on its severity. Which standard should this company use to prioritize
vulnerabilities? ---Answer: Common Vulnerability Scoring System (CVSS)
A company's vulnerability management policy requires internet-facing
applications to be scanned weekly.Which vulnerability scanning technique meets
this policy requirement? ---Answer: Web
A government agency is at risk of attack from malicious nation-state actors.
Which defense should the agency put on the boundary of its network to stop
attacks? ---Answer: Employ an intrusion prevention system
A hacker is sitting between a corporate user and the email server that the user
is currently accessing. The hacker is trying to intercept and capture any data
the user is sending through the email application. How should a system
administrator protect the company's email server from this attack? ---Answer:
Encrypt network traffic with VPNs
A malicious employee installs a network protocol scanner on a computer and is
attempting to capture coworkers' credentials. Which policy, procedure, standard,
or guideline would solve this issue? ---Answer: Encrypt all sensitive
information in transit
A member of a sales team receives a phone call from someone pretending to be a
member of the IT department. The salesperson provides security information to
the caller. Later, the salesperson's user account is compromised. Which strategy
should be used by the company to mitigate accounts being compromised in the
future? ---Answer: Provide training to all users on social engineering threats
A penetration tester identifies a SQL injection vulnerability in a businesscritical web application. The security administrator discusses this finding with
This study source was downloaded by 100000831988016 from CourseHero.com on 08-10-2022 04:20:40 GMT -05:00
https://www.coursehero.com/file/92939885/OA-Prep-2-C795txt/
the application developer, and the developer insists that the issue would take
two months to remediate. Which defense-in-depth practice should the security
administrator use to prevent an attacker from exploiting this weakness before
the developer can implement a fix? ---Answer: Implement a web-application
firewall
A security analyst observes that an unauthorized user has logged in to the
network and tried to access an application with failed password attempts. Which
defense-in-depth tactic should the security analyst use to see other activities
this user has attempted? ---Answer: Use SIEM to collect logs and look at the
aggregate data
A security professional for a midsize company is tasked with helping the
organization write new corporate security procedures. One of the policies
includes the use of multifactor authentication. Which defense-in-depth practice
should the security professional apply? ---Answer: Create a unique administrator
account for each person and configure a security token that provides a passcode
every 60 seconds
A technician notifies her supervisor that the nightly backup of a critical
system failed during the previous night's run. Because the system is critical to
the organization, the technician raised the issue in order to make management
aware of the missing backup. The technician is looking for guidance on whether
additional actions should be taken on the single backup failure. Which role is
responsible for making the final decision on how to handle the incomplete
backup? ---Answer: Data owner
A web server is at near 100% utilization, and it is suggested that several web
servers run the same site, sharing traffic from the internet.Which system
resilience method would this be? ---Answer: Network load balancing
An attacker compromises the credentials that a system administrator uses for
managing a user directory. The attacker uses these credentials to create a rogue
administrator account. Which defense-in-depth practice would have helped a
security administrator identify this compromise? ---Answer: Log and alert when
changes to administrative group membership take place
An employee is transferring data onto removable media. The company wants to
reduce the likelihood of fraud, and transferring data onto removable media is
limited to special cases.Which security principle should the company execute as
a policy to reduce fraud? ---Answer: Two-person control
An executive is using a personal cell phone to view sensitive data. Which
control would protect the sensitive data stored on the phone from being exposed
due to loss or theft? ---Answer: Encryption
An organization is creating a security policy that will be able to audit the use
of administrative credentials. The company has decided to use multifactor
authentication to allow for the accountability of administrative actions.Which
multifactor authentication policy should be applied? ---Answer: Assign
administrators individual accounts that require a password and a physical smart
card
An organization is deploying a number of internet-enabled warehouse cameras to
assist with loss prevention. A plan is put in place to implement automated
patching. Which defense-in-depth measure will ensure that the patch images are
as expected? ---Answer: All remotely installed software must be signed.
An organization needs to control the flow of traffic through intranet borders by
looking for attacks and evidence of compromised machines. What should be
implemented to enhance boundary protection so unwanted intranet traffic can be
detected and prevented? ---Answer: Network-based intrusion prevention system
(NIPS)
This study source was downloaded by 100000831988016 from CourseHero.com on 08-10-2022 04:20:40 GMT -05:00
https://www.coursehero.com/file/92939885/OA-Prep-2-C795txt/
An organization needs to improve the securit
[Show More]
.png)
