MOCK EXAM 1

Kelly Innovations decides to manage its IT infrastructure within its physical location, retaining full control over its hardware, software, and data. Which of the following security implications is MOST directly associated with this approach?

What is the primary difference between an insider threat and a shadow IT threat actor?

Who sets the strategic direction and policies of an organization and holds the ultimate decision-making authority, often relying on support from specialized groups for critical information?

Zumba Co. is implementing a security device that inspects live network traffic and takes immediate action to mitigate potential threats. Which of the following security items would MOST effectively satisfy this requirement?

At Kelly Innovations LLC, Sasha received an unexpected call from someone claiming to be from the IT department. The caller asked her to confirm her username and password for a system upgrade. Unsure, Sasha hesitated and asked the caller to provide some form of identification or a callback number. Which of the following terms describes the Social Engineering technique that Sasha encountered?

Which of the following attackers is MOST likely driven by a desire to expose unethical practices within a corporation, even if it means acting in an unethical way themselves?

A company's access control mechanism determines access to resources based on users' job functions. The system enforces access control based on these predefined responsibilities, and users do not have the discretion to modify or override access permissions. Which type of access control mechanism is being used in this scenario?

Enrique was validating the integrity of files in the company's database when he came across two distinct files that, surprisingly, had the same cryptographic hash value. Understanding the implications, Enrique immediately escalated the situation, realizing this could be a potential vulnerability in the hashing algorithm in use. Which of the following BEST describes the anomaly Enrique found in Kelly Innovations LLC's file signatures?

What is a similarity between data exfiltration and espionage as motivations for threat actors?

Hair and There, an online beauty supply store, has conducted a comprehensive risk assessment and identified potential vulnerabilities in their network infrastructure. They recognize that another global pandemic would seriously harm their business and is a considerable risk. After careful analysis, they determine that they simply cannot control whether another pandemic occurs. They take measures to help reduce the types of damage a pandemic will cause and then hope that it doesn't happen. Which risk management strategy is are they employing?

Stones Corporate Solutions has partnered with several smaller companies. They set up a system allowing employees from any company to access resources from another partner company without requiring a separate username and password. Which of the following is this an example of?

While analyzing network traffic, Carlos, a security analyst, discovered a specific workstation repeatedly sending HTTPS requests to unfamiliar IP addresses. These requests contained encoded data that matched sensitive company information. . Which of the following terms BEST describes the primary malicious activity Carlos detected?

Kelly Innovations LLC needs to securely authenticate remote users and needs to be able to handle multiple authentication methods. Which of the following protocols would be BEST suited for this scenario?

Which agreement type outlines the specific services to be provided by the vendor, along with associated timelines and costs?

You are a cybersecurity analyst for a large enterprise that has experienced several security incidents resulting from insider threats and compromised user accounts. The organization wants to enhance its security posture by implementing User Behavior Analytics (UBA). Which of the following approaches would be the MOST effective way to implement UBA for the given scenario?

An application creates a temporary file to save a value for later use. A malicious actor deletes this file after its creation but before its subsequent use by the application. What type of vulnerability is being exploited in this situation?

Which of the following BEST describes the phase of a penetration test where information is gathered without directly interacting with the target system?

Which of the following is the BEST action a security professional would undertake to determine the order in which identified vulnerabilities should be addressed, based on potential impact and exploitation likelihood?

Which of the following mitigation techniques can help enforce compliance with security standards and policies on a system or network by designating programs that are allowed to run and blocking all other programs from being run?

Jason and Reed, both IT specialists at Kelly Innovations LLC, are tasked with ensuring the workstations' secure baseline remains uncompromised over time. Which technique would BEST help them achieve this?

Which of the following BEST explains the importance of exceptions and exemptions in vulnerability management?

Which of the following mitigation techniques can help reduce the exposure of systems to potential attacks by turning off unneeded or unwanted network communication channels?

Enrique at Dion Training is responsible for ensuring that the company's project data is protected from potential data loss, especially since the office is located in a region prone to natural disasters. Which backup method would provide him with the most secure protection by keeping a physically separate copy of the data?

Prox Corp recently integrated a single security solution that provides multiple security functions at one point on their network. This solution incorporates functionalities such as intrusion prevention, gateway anti-virus, and VPN. Which of the following BEST describes this solution?

Jenny, a newly hired sales representative, has been granted access to view customer records but is unable to modify, delete, or add new ones. Only managers and the IT department have the ability to make changes to these records to maintain data integrity. Which principle is the organization applying?

Which of the following mitigation techniques inspects and controls incoming and outgoing network traffic on a per-application basis?

Reason and Rhyme, a tutoring service, has increased the security of its customers' passwords. They have always converted passwords to fixed length sequences, but now they will do this process more than once to increase the amount of computing power and time it will take for an attacker to decode the password. What is this method known as?

Which of the following techniques replaces sensitive data with fictitious, but structurally similar, data to protect it in non-production or test environments?

Which of the following terms BEST describes a situation in which a company avoids addressing known system inefficiencies or shortcuts due to time constraints, potentially leading to future rework and vulnerabilities?

A financial services firm processes high volumes of transactions daily. To minimize data loss in case of a system failure, which backup frequency would you most likely recommend?

Sweet as Thyme, a flavoring supplier, uses a peer to peer network which relies on a public ledger to ensure the integrity of transactions and to provide a permanent record of all transactions. What is this technology they are using called?

Which of the following terms BEST describes the measurement used to describe a 7% possibility of hardware failure in the next year based on past statistical data?

Which of the following is a type of unsecure wireless network that uses short-range radio waves to connect devices without encryption or authentication?

Prox Corp is implementing a security system for its research facility, where sensitive data is stored. If the access control system fails, which mode should be adopted to ensure that no unauthorized personnel can enter the facility, even if it means some inconvenience to authorized staff?

While conducting a routine system audit at Kelly Innovations LLC, Enrique, a senior IT administrator, stumbled upon a startling discovery. He found that Jamario, a junior database analyst whose responsibilities typically revolved around running simple queries and generating weekly reports, suddenly had permissions to modify core database structures, including adding and removing tables. Further analysis revealed that these permissions weren't granted through the company's formal access control procedure. Enrique suspected an external intervention that could have allowed Jamario's account to bypass the standard role-based permissions. This is an example of:

Jason is working with David to enhance the security of the switches at Prox Corp. Which technique would be the BEST for them to prioritize?

During the decommissioning process of a database server, the IT department of Prox Corp ensures that all stored customer data is rendered unrecoverable to protect against unauthorized access in the future. Which of the following practices is the IT department employing in this scenario?

Which of the following terms refers to a document that defines tasks that different parties perform in a cloud service agreement?

Which of the following BEST represents a primary goal when seeking evidence of internal audits from a third-party vendor?

Kelly Innovations LLC is in the process of selecting a new vendor for their cloud storage solutions. As part of the selection process, the IT manager, Jamario, reviews the potential vendor's past financial stability, customer reviews, and history of cybersecurity incidents. Which aspect of the vendor selection process is Jamario emphasizing?

Prox Corp needs a network appliance capable of filtering traffic based on URLs, HTTP headers, and specific web application functionalities. At which layer of the OSI model would this appliance primarily operate?

Prox Corp is looking to upgrade their current firewall to one that can detect and block advanced threats, provide additional functions like intrusion prevention, and give them deep visibility into traffic. Which of the following types of firewalls is BEST described here?

Which of the following types of penetration tests provides the tester with comprehensive knowledge of the target environment, including the system's architecture, design, and source code, to identify hidden vulnerabilities?

In disaster recovery planning, which of the following terms is used to describe the maximum targeted period in which data might be lost from an IT service due to a major incident?

Which of the following motivations is common among Hacktivists?

Which of the following terms refers to the ability to obtain and apply security updates or fixes for software or systems?

Trust Us is a company that acts as a trusted entity. They issue and manage security credentials and issue digital signature wrappers for public keys for message encryption. What type of company is Trust Us?

Prox Corp wants to increase the trustworthiness of its website for its clients. They are seeking a certificate that is signed and verified by a recognized external authority. What type of certificate should they pursue?