FREE AND STUDY GAMES ABOUT SET1 TEST4

PDF Download

FREE AND STUDY GAMES ABOUT SET1 TEST4

Actual Qs and Ans Expert-Verified Explanation

This Exam contains:

-Guarantee passing score -90 Questions and Answers -format set of multiple-choice -Expert-Verified Explanation Question 1: David, an IT manager at Dion Training, has been put in charge of labeling data.Which label would David use for sensitive client data to ensure the highest security?

Answer:

Confidential Question 2: According to the most recent NIST guidelines on password policies, which of the following is NOT a recommended practice?

Answer:

Enforcing specific password complexity rules Question 3: Which of the following is NOT a consequence of non-compliance with regulations?

Answer:

Layoffs Question 4: You agree and install the extension. The extension then hijacks your browser and redirects you to malicious websites. What kind of threat vector was used for this attack?

Answer:

IM

Question 5: In the onboarding process of a new employee, which of the following tasks does NOT accurately represent the responsibilities of the IT and HR functions in ensuring secure access for the individual?

Answer:

automatically assigning all possible privileges to the user for a trial period Question 6: detecting and analyzing malicious activity on their network in real-time. They need a solution that can monitor traffic, identify suspicious patterns, and send alerts for immediate action.

Answer:

network sensors Question 7: Which of the following is the BEST example of a system that does not interact with the network traffic and primarily relies on detection?

Answer:

IDS Question 8: Jamario, a sysadmin at Dion Training Solutions, wants to prevent unauthorized mail servers from sending emails on behalf of the company's domain. He needs a solution that allows him to specify which servers are allowed to send these emails.

Answer:

SPF Question 9: After implementing the rules, Jason, a manager, reports that he can't access an external FTP site. Which of the following firewall rules could be the cause of the issue?

Answer:

block inbound TCP traffic on port 21 to all internal addys Question 10: A cloud service provider recently underwent an audit to confirm their compliance with international data security standards. The final report provided by the auditors served as an attestation of the provider's security measures.

Answer:

It assures that the providers security controls comply with the established standards

Question 11: equiring users or processes to have the appropriate level of access before allowing them to run the programs or scripts?

Answer:

Permissions Question 12: Kelly Innovations LLC frequently develops and tests new software builds.sometimes they need to revert to a previous build several times a day due to unexpected issues.Which backup frequency would be the MOST appropriate for their use case?

Answer:

Continuous Backups Question 13: Which term describes the average duration needed to repair a system or component after a failure has occurred?

Answer:

MTTR Question 14: You decide to examine the Intrusion Prevention System/Intrusion Detection System (IPS/IDS) logs. Which of the following pieces of information would be MOST valuable in these logs to investigate the incident?

Answer:

details of detected suspicious activities for the last two weeks Question 15: Which legislation mandates the implementation of risk assessments, internal controls, and audit procedures for ensuring transparency and accountability in financial reporting in the US?

Answer:

SOX Question 16: In which symmetric encryption method is plaintext divided into equal-sized parts, potentially requiring padding to fit the designated size, and then subjected to complex operations based on a specific key value?

Answer:

Bloack Cipher

Question 17: An organization deploys numerous specialized devices with software hard-coded into their firmware. These devices cannot be easily updated or patched. Which security concern is MOST directly associated with this type of system?

Answer:

embedded system Question 18: Which of the following BEST enhances the security by exponentially increasing possible combinations?

Answer:

Longer Key Length Question 19: Which of the following statements is NOT true regarding the security implications in the procurement process?

Answer:

there is no ongoing need to periodically revaluate their suitability Question 20: Which of the following types of threat actors tend to know the most about how to hack a computer?

Answer:

Nation State actors Question 21: Who is responsible for ensuring that the appropriate access controls are in place and being followed?

Answer:

Data Owner Question 22: The company's IT policy allows only senior developers and administrators to make changes in production to minimize risks. Which of the following BEST describes the security principle the company is adhering to?

Answer:

Principal of least priviledge Question 23: aware of the inherent vulnerabilities tied to SSL 3.0, he recognized the risk of attackers forcing weaker encryption standards.Which potential risk is associated with Jamario's observation at Dion Training?

Answer:

cryptographic downgrade attack