Download CERTMASTER CE SECURITY+ DOMAIN 4.0 SECURITY OPERATIONS QUESTIONS AND ANSWERS and more Exams Security Analysis in PDF only on Docsity!
CERTMASTER CE SECURITY+ DOMAIN 4.0 SECURITY
OPERATIONS QUESTIONS AND ANSWERS
The chief information officer (CIO) wants to expand the company's ability to accurately identify vulnerabilities across the company. The CIO wants to be able to scan client PCs, mobile devices, servers, routers, and switches. What type of scanner are they looking to institute? A. Network vulnerability scanner A financial services company is decommissioning many servers that contain highly sensitive financial information. The company's data protection policy stipulates the need to use the most secure data destruction methods and comply with strict regulatory requirements. The company also has a significant environmental sustainability commitment and seeks to minimize waste wherever possible. What should the company's primary course of action be during this process? D. Degaussing the servers, rendering the data irretrievable, followed by reselling or recycling the servers after certification A cyber technician pulls logs on the new Apple iMacs to ensure the company's employees adhere to the policy. What log can provide the
technician with the computer's attempted logins or denial when an employee attempts to access a file? B. Operating system-specific security logs A large multinational company uses a cloud-based document storage system. The system provides access to documents by considering a combination of factors: the user's department, geographic location, the document's sensitivity level, and the current date and time. For example, only the finance department of a specific region can access its financial reports, and they can do so only during business hours. Which access control model does the company MOST likely use to manage this complex access control C. Attribute-based access control The IT team at a medium-sized company is upgrading its wireless network security to protect sensitive data and ensure secure communication between devices. They have decided to implement Wi-Fi Protected Access 3 (WPA3). What is the primary purpose of implementing WPA3 on the company's wireless network? C .To enhance wireless network security with the latest encryption standards
simulation and that doesn't require extensive investment and planning. Which IRP exercise is the BEST option for this company? D. Walkthrough A technology firm's network security specialist notices a sudden increase in unidentified activities on the firm's Security Event and Incident Management (SIEM) incident tracking system. An unknown entity or process also increases the number of reported incidents. The specialist decides to investigate these incidents. Which combination of data sources would provide a balanced perspective to support the investigation? B. System-specific security logs, which track system-level operations; logs generated by applications running on hosts; and real-time reports from the SIEM solution, summarizing incidents. A proprietary software remains mission-critical ten years after its in- house creation. The software requires an exception to the rules as it cannot use the latest in-use operating system (OS) version. How can the IT department protect this mission-critical software and reduce its exposure factor? (Select the two best options.) A. Network segmentation C. Compensating controls
A system administrator has seen repeated positive vulnerability messages only to discover that no vulnerability exists. The vulnerability messages repeat daily for several days, causing the system administrators to ignore them. What can the system administrator do to combat false positives? (Select the two best options.) A. Review logs B. Use different scanners A global financial institution with a vast network of offices and data centers has faced increasing cybersecurity threats. The organization's IT team realizes that privileged accounts are a prime target for hackers, and manually managing them poses a significant risk. The company implemented a Privileged Access Management (PAM) solution to strengthen its security posture. As part of the implementation, the IT team focuses on password vaulting, a critical component of PAM. As part of the advanced B. Securely store and manage privileged account credentials An IT admin has been testing a newly released software patch and discovered an exploitable vulnerability. The manager directs the IT admin to immediately report to Common Vulnerability Enumeration
organization with a mix of computer systems and network appliances. The CSO has concerns about the system resources that the data collection process on the individual computer systems utilizes. Which method should the CSO consider to minimize the resource usage on these systems while ensuring effective data collection for the SIEM system? C. Implementing an agentless collection method on the computer systems The IT department at a medium-sized company is exploring ways to enhance its authentication methods to improve security. They want to choose an authentication approach that balances security and user convenience. Which authentication method eliminates the need for passwords and provides a secure way of verifying a user's identity based on the device's hardware or software characteristics? A. Biometric authentication (incorrect) B. Attestation (incorrect) A tech department reviews the current model for incident response procedures in response to a serious incident at the company. What part of the process should they focus on for a review of data to determine the legitimacy of a genuine incident? A. Analysis
Upon receiving new storage media drives for the department, an organization asks a software engineer to dispose of the old drives. When considering the various methods, what processes does sanitization involve? (Select the two best options.) A. It refers to the process of removing sensitive information from storage media to prevent unauthorized access or data breaches. B. Its process uses specialized techniques, such as data wiping, degaussing, or encryption. An organization needs to implement web filtering to bolster its security. The goal is to ensure consistent policy enforcement for both in-office and remote workers. Which of the following web filtering methods BEST meets this requirement? B. Deploying agent-based web filtering An information security manager is fine-tuning a Security Information and Event Management (SIEM) system in a company that has recently reported a series of unauthorized account access attempts. The manager wants to ensure prompt detection of similar incidents for immediate investigation. Which approach should the manager consider to optimize the system's alerting capability?
with BYOD. They determined that employees' mobile devices must meet the security requirements to protect sensitive company data. Considering the scenario, which of the following measures is the MOST effective way to enhance the security of employees' mobile devices under the BYOD policy? C. Using MDM solutions to centrally control employees' mobile devices An organization needs a solution for controlling and monitoring all inbound and outbound web content, analyzing web requests, blocking access based on various criteria, and offering detailed logging and reporting of web activity. Which of the following solutions is the MOST suitable in this situation? C. Centralized web filtering A security operations analyst at a financial institution analyzes an incident involving unauthorized transactions. The analyst suspects that a malware infection on one of the endpoints might have led to the unauthorized access. To identify the root cause and trace the activities of the suspected malware, which combination of data sources should the analyst primarily consider? D. Endpoint logs, log files generated by the OS components of the affected host computer, and logs from the host-based intrusion detection system.
After experiencing a catastrophic server failure in the headquarters building, what can the company use to monitor notable events such as port failure, chassis overheating, power failure, or excessive CPU utilization? D. SNMP trap A company plans to upgrade its wireless network infrastructure to improve connectivity and security. The IT team wants to ensure that the new network design provides adequate coverage, minimizes interference, and meets security standards. To achieve this, they conduct a site survey and create a heat map of the area. What is the primary purpose of conducting a site survey and creating a heat map for the company's wireless network upgrade? D. To assess wireless signal coverage, identify dead zones, and optimize access point placement for the upgrade The IT department of a medium-sized company is exploring various mobile solutions to improve productivity and enable employees to work efficiently on their mobile devices. They aim to choose a solution ensuring data security and seamless integration with the existing infrastructure. The team has narrowed the options to three potential mobile solutions: MDM, MAM, and COPE. Each solution
company take to improve the security of the switch and avoid such breaches in the future? C. Change the default credentials of the switch During routine monitoring, an incident response analyst at a prominent corporation notices suspicious network activity on a server. The analyst can access various network data sources. Which data sources would provide the MOST relevant information for the analyst to investigate and identify the potential threat actor and tools used in this activity? A. Packet captures A cyber architect explores various methods to assist in not having to manually pull data to support IT operations. What are the benefits associated with user provisioning? (Select the two best options.) A. It can create, modify, or delete individual user accounts. B. It can create, modify, or delete individual users' access rights across IT systems. A financial institution is preparing to decommission a number of its old servers. The servers contain sensitive customer data that needs proper handling to prevent unauthorized access or data breaches.
Which strategy should the institution primarily employ to ensure the data on these servers stays irretrievable? C. Carry out a sanitization process that includes multiple passes of overwriting and degaussing. A digital forensics analyst at a healthcare company is investigating a case involving a potential internal data breach. The breach has led to unauthorized access and potential exposure of sensitive patient information. The company uses a Security Information and Event Management (SIEM) tool that aggregates and correlates data from multiple sources. The analyst's task is to identify potential insider threats that could be responsible for the breach. Given the nature of the breach, which combinati D. Investigate log files generated by the OS components of client and server host computers, logs generated by applications, services running on hosts, and endpoint logs. A cyber technician is enhancing application security capabilities for corporate email accounts following a breach. Which of the following options leverages encryption features to enable email verification by allowing the sender to sign emails using a digital signature? B. DKIM
involves the application of updates to systems to fix known vulnerabilities? B. Patching After finding some of the company's confidential data on the internet, a software team is drafting a policy on vulnerability response and remediation. What remediation practice refers to measures put in place to mitigate the risk of a vulnerability when the team cannot directly eliminate it? C. Compensating controls In a small software development company, the development team has created a critical application that handles sensitive user data. The company's security policy mandates conducting a thorough application security assessment before deployment. To achieve this, the team employed a static code analysis tool, taking advantage of its primary feature. How can the development team utilize static code analysis in the critical application's software development process? C. To identify potential security vulnerabilities in the application's source code The IT security team at a corporation has concerns about potential security risks on the cloud platform. They noticed that some
employees have been able to submit malformed data, leading to inconsistencies and potential data breaches. The team wants to enhance the platform's security without hindering productivity. In this case, what security measure should the IT security team implement to improve the security of the cloud platform at the corporation? B. Implement robust input validation mechanisms to validate all incoming data In a medium-sized company, the IT security team implements Privileged Access Management (PAM) tools to enhance security measures. The team is considering using just-in-time (JIT) permissions to reduce the risk of unauthorized access to critical systems and sensitive data. JIT permissions allow users to obtain temporary access only when necessary, minimizing the exposure of privileged accounts. The team is aware that this approach can significantly improve security by limiting the window of oppor A. JIT permissions reduce unauthorized access risk by granting temporary access only when necessary. A company merged with another company and is reviewing and combining both companies' procedures for incident response. What
Security Teams maintain that generates metrics of a score from 0 to 10? B. CVSS A cybersecurity manager is preparing to begin working when a police officer comes through the door waving a warrant. The officer states that the company is under investigation for suspicious activities relating to recent overseas sales, and they are taking the servers with them. What gives police officers the right to take the servers? A. Data acquisition (incorrect) B. Due process (incorrect) An incident response analyst investigates a suspected network breach in the organization. With access to a Security Information and Event Management (SIEM) tool that aggregates and correlates data from multiple sources, which combination of data sources should the analyst primarily consider to trace the origin and pathway of the breach? B. Trace the origin through logs of network-based vulnerability scanners, firewall logs, and OS-specific security logs A senior security analyst is refining the incident response processes for a large organization that recently implemented a Security
Information and Event Management (SIEM) system. During a simulation of a cybersecurity incident, the analyst observed that the SIEM system generated several alerts that were false positives, leading to unnecessary consumption of resources. On which step should the analyst focus to improve the efficiency of the alert response and remediation process? D. Enhancing the validation and quarantine processes in the alert response What type of log file is application-managed rather than through an operating system and may use Event Viewer or syslog to write event data in a standard format? B. Application logs An organization is increasing security on corporate email exchanges after being a target in a whaling campaign. Which of the following options is an email authentication method that helps detect and prevent sender address forgery? A. SPF A tech company is in the process of decommissioning a fleet of old servers. It wants to ensure that sensitive data stored on these servers is fully eliminated and is not accessible in the event of unauthorized
