Just 20 free qusetions

An organization intends to deploy an appliance capable of enhancing its telecommuting capabilities. The device must be adept at managing a large number of secure, authenticated connections, ensuring data integrity and confidentiality. Which network appliance should be implemented to meet these demands most efficiently?.

Remote Access Server (RAS)

A Remote Access Server (RAS) is specifically designed to handle a significant number of secure, authenticated connections, which typically involve telecommuting scenarios. It provides a centralized solution for remote workers to access the corporate network, offering encryption and authentication to maintain data integrity and confidentiality. Despite being capable of various security functions, an Intrusion Detection and Prevention System (IDPS) primarily focuses on identifying and mitigating potential threats and breaches, rather than facilitating remote access. A Load Balancer excels at distributing networking or application traffic across multiple servers but does not inherently provide connectivity solutions for remote workers. 'Content Filtering Appliance' might seem like a viable option because it implies data protection, but it serves a different role — typically screening incoming web content for malware or policy violations — rather than enabling secure remote access.

An organization has experienced a security incident involving an advanced persistent threat (APT) that has bypassed existing security controls and established a foothold on the network. As part of the incident response activities, what is the MOST appropriate immediate action to take once the threat is confirmed?

Isolate the affected systems from the network to prevent the APT from further establishing its presence or causing additional damage.

The first and most appropriate immediate action following the confirmation of an advanced persistent threat is to contain the threat. This is to prevent any further spread or damage within the network. Containment strategies may vary depending on the characteristics of the incident but often include isolating affected systems, blocking malicious traffic, or temporarily shutting down services. Eradication and recovery steps only follow after containment is successfully achieved, and while documentation is critical, it does not take precedence over containing an active threat. In this scenario, as we are dealing with an APT, fast action is crucial to limit the threat.

A vulnerability that allows unauthorized code execution remotely

A company is about to enter into an agreement with a cloud service provider. Which of the following should the company primarily focus on to ensure timely and effective remediation of service interruptions?

Recovery Time Objective (RTO)

Which of the following physical security controls is designed to prevent unauthorized vehicles from entering a restricted area?

Bollards

When deploying a new fleet of servers, what is the BEST initial step to ensure that they adhere to the company's security policy?

Create and implement a documented security configuration baseline

The risk register only needs to be updated when a new risk is identified, not as part of a regular review process.

The statement is incorrect; the risk register requires updates during regular review processes as well as when new risks are identified.

A company is planning to integrate their authentication processes with a third-party service provider to allow employees to use a single set of credentials across both systems. To enhance the user experience and provide secure access to the services offered by the partner, which solution would be the BEST to implement?

Implementing a federated identity management system

The security team at XYZ Corporation is conducting a routine audit of the company's wireless technologies. They have identified the use of Bluetooth-enabled devices in several departments for sharing files and syncing personal devices with company laptops. Which of the following would be the MOST effective mitigation technique to reduce the risk of a potential security breach due to these Bluetooth connections?

Disabling Bluetooth when not in use

Which of the following options is a network device that can use VLANs to reduce collisions and the size of broadcast domains?

Switch

Switches automatically reduce collision domains by only transmitting data on the physical ports that are needed based on MAC addresses (as opposed to a Hub which broadcasts all data to all ports). When used with VLANs switches also reduce broadcast domains.

A site fully equipped and operationally ready to take over functionality within minutes in the event of a system failure is classified as a warm site.

This statement is false.

The description provided is actually the definition of a hot site. A hot site is a replica of the primary site of the organization, with full computer systems as well as near-complete backups of user data. It provides the ability to switch over operations to a standby server and resume operations seamlessly. In contrast, a warm site is equipped with some of the system hardware, software, telecommunications, and power sources, but it is not fully operational and would take longer to become operational compared to a hot site.

An organization is conducting a Business Impact Analysis. Which metric should be determined to establish the maximum time frame that a critical system can be disrupted before severe impact to business operations occurs?

Determining the maximum tolerable downtime for critical systems, otherwise known as the Recovery Time Objective, is essential for prioritizing their restoration.

Identifying the Recovery Time Objective (RTO) during a Business Impact Analysis is critical because it denotes the maximum duration that a service or system can be unavailable before causing unacceptable detriment to the business. Setting the RTO helps in crafting prioritized recovery strategies, ensuring that the most crucial systems are restored within a timeframe that prevents significant operational or financial loss. The other options, while related to business continuity and disaster recovery, do not directly address the focus on time frame for critical system recovery, like the RTO does.

Which of the following is the BEST method to protect credit card information in a database while still allowing for customer data analysis?

Tokenize the credit card information within the database

Tokenization is the optimal method because it allows specific sensitive data elements, such as credit card numbers, to be replaced with non-sensitive equivalents, referred to as tokens. These tokens can be used in various operational processes without exposing the actual sensitive data. This is particularly useful for customer data analysis, as the analysis can often be performed with the non-sensitive token rather than needing the actual credit card number. Encryption, while it also obscures the original data, would not be as convenient because data analysis would typically require decryption. Masking affects the utility of the data for analysis because it often involves altering part of the data permanently. Lastly, hashing is incorrect because it is non-reversible and thus unsuitable for scenarios where the original data might need to be accessed again.

Unified Threat Management systems remain equally effective at threat mitigation even when their databases are not consistently updated with the latest threat intelligence.

False

When entering your company, you first enter a small area with a security desk where you must check-in with guard personnel before you are authorized access into the secure area. This area used for physical security is called what?

Access control vestibule

If an intruder smashes the back window of a house and gains entry, triggering an alarm due to motion detection, what category of security measure does the alarm system fall under?

Detective

During a scheduled change to implement a major software update, which of the following will BEST ensure that any unexpected issues can be remediated without affecting continued operations?

Having a detailed backout plan

Implementing a gateway at the network perimeter is only effective for inbound traffic and cannot filter or control outbound traffic from the internal network to the internet.

This statement is false

Which of the following best describes an attack that is primarily motivated by disruption and chaos, rather than financial gain or data exfiltration?

A nation-state actor exploiting critical infrastructure to create tension between countries.

During a review of system logs, a security analyst notices an increase in log entries off-hours for a service account. This account is associated with a third-party vendor's update process, which runs monthly maintenance. Which of the following actions should the analyst undertake FIRST to determine if these out-of-cycle log entries are of concern?

Validate the log entries against the third-party vendor's documented update schedule.