A Business Continuity Plan (BCP) is solely focused on restoring IT and technology services after a

disaster.

False

True

Next Question

Correct

Report Issue

Answer Description

The correct answer is False. While restoring IT and technology services is a critical component of
a Business Continuity Plan, it is not the sole focus. A comprehensive BCP addresses the
continuation of the entire business process during and after a disaster, including critical
functions beyond IT such as customer service, operations, supply chain management, and more.

Which of the following is a technology used to prevent unauthorized access to network

resources, by examining incoming and outgoing network traffic and deciding to allow or block
specific traffic based on a defined set of security rules?

Antivirus Software

Intrusion Detection System

Virtual Private Network

Firewall

Protocol Analyzer

Security Information and Event Management system

Next Question

Correct

Report Issue

Answer Description
A firewall is designed to prevent unauthorized access to or from a private network. It can be
implemented in either hardware or software, or a combination of both. Firewalls are frequently
used to prevent unauthorized Internet users from accessing private networks connected to the
Internet, especially intranets. All messages entering or leaving the intranet pass through the
firewall, which examines each message and blocks those that do not meet the specified security
criteria.

A Next-Generation Firewall (NGFW) is limited to stateful packet inspection and does not provide
application-level inspection or intrusion prevention system capabilities.

False

True

Next Question

Correct

Report Issue

Answer Description

The statement is incorrect because Next-Generation Firewalls, or NGFWs, are specifically

designed to offer more than just stateful packet inspection. In addition to traditional firewall
capabilities, NGFWs include advanced features such as application-level inspection, intrusion
prevention systems (IPS), and sometimes even threat intelligence. These additional layers of
security allow NGFWs to effectively identify, control, and block sophisticated cyber threats by
inspecting the traffic for specific applications and taking proactive measures to prevent attacks.

When establishing an effective security governance framework for an organization, which of the
following is MOST essential to ensure alignment with business objectives and risk management
strategies?

Password complexity standards

Annualized Rate of Occurrence (ARO) calculations

Information security policies

Recovery Point Objective (RPO) metrics

Next Question

Incorrect

Report Issue

Answer Description

Information security policies are most essential for establishing a security governance
framework that aligns with business objectives and risk management strategies. They set the
overall direction and implement controls across the organization in line with its risk appetite,
compliance requirements, and business goals, and they provide a formal framework for staff to
understand their responsibilities.

A company's IT department is tasked with protecting sensitive client data stored on their
servers. To minimize the risk of unauthorized data exposure, the department needs to
implement a solution that ensures the data is unreadable without the proper decryption key,
even if it falls into the wrong hands. Which method should be used to secure the data on these
servers?

 You selected this option

Implementing file-level encryption for each client record individually

 You selected this option

Encrypting the email communications containing client data

 You selected this option

Full-Disk Encryption

 You selected this option

Using database encryption for only the tables with sensitive client data

Next Question

Incorrect

Report Issue

Answer Description
Full-Disk Encryption (FDE) is the method designed to encrypt the entire disk drive, ensuring that
all data on the drive is protected against unauthorized access and is unreadable without the
correct decryption key. This is crucial for minimizing risks such as data theft, especially if the
physical servers are compromised. Implementing file-level encryption could leave system files or
temporary files unencrypted, which might still contain sensitive information. Database
encryption could protect the contents of the database, but would not protect against threats at
the file system or OS level. Encrypting email communications would not protect data at rest on
the servers.

An employee in the finance department received an email with a spreadsheet attachment

claiming to contain urgent budget corrections required by their manager. However, the
spreadsheet is actually a file-based threat designed to compromise the user's system. What is
the BEST action the employee should take to mitigate this threat?

 You selected this option

Report the email to the organization's security team for analysis before any further action is
taken.

 You selected this option

Ignore the email and the attachment because it might be spam, and then delete it.

 You selected this option

Open the attachment to verify its content, then proceed with the tasks if it seems legitimate.

 You selected this option

Forward the email to their manager to confirm its authenticity before opening the attachment.

Next Question

Incorrect

Report Issue

Answer Description

By reporting the suspicious email to the organization’s security team, the employee is following
the proper protocol for dealing with potential file-based threats. This allows the security team
to investigate and respond to the threat effectively, possibly preventing a security breach.
Opening or ignoring the attachment could lead to system compromise, and contacting the
manager directly may not stop the potential threat in time if the file is indeed malicious.

What is a primary method for enhancing the security of a network switch?

 You selected this option

Disabling unused ports

 You selected this option

Enabling DHCP on the switch

 You selected this option

Configuring multiple VLANs

 You selected this option

Changing the management VLAN to a non-default value

Next Question

Unanswered

Report Issue

Answer Description

Disabling unused ports is a primary method for enhancing the security of a network switch. It
mitigates the risk of unauthorized access or network taps by reducing the number of active
points where a malicious actor can connect to the network. VLAN configuration is crucial for
segmenting network traffic and implementing access controls, but it is a practice for organizing
and controlling network traffic rather than securing the switch itself. Changing the management
VLAN to a non-default value helps minimize risk but is an added measure rather than a primary
method. Enabling DHCP on the switch is generally not a security measure; in fact, it could
introduce risks if not properly managed.

As a Policy Administrator in a zero trust environment, you are given the task of verifying and
updating access control policies. A senior developer needs to access a secure development
environment that contains sensitive code repositories. The developer already has multi-factor
authentication (MFA) enabled. To adhere to the principles of zero trust, what additional action
should you take before granting them access?

 You selected this option

Restrict the developer's access to the environment strictly during office hours

 You selected this option

Move the code repository to a less secure environment to avoid access issues

 You selected this option

Verify the user's recent activity for anomalies

 You selected this option

Enable multi-factor authentication (MFA) for the developer

Next Question

Incorrect

Report Issue

Answer Description

In a zero-trust environment, trust is never assumed, hence it's essential to continuously validate
every request as if it originated from an untrusted network. Verifying the user's recent activity
for anomalies ensures that the request hasn't been made by a malicious actor who has
compromised the developer's credentials despite MFA being enabled. Enabling MFA is incorrect
because it's already implemented for the developer. Moving the code repository to a less
secure environment goes against the zero trust principle of 'never trust, always verify' and
unnecessarily exposes sensitive resources. Restricting access to office hours does not provide
the dynamic and context-aware security evaluation needed in a zero trust approach.

In this access control method permissions aren’t assigned to users directly. The permissions are
assigned to security groups based on which permissions are needed to perform a certain job
function then the user is assigned to security groups as needed.

 You selected this option

RuBAC
  You selected this option

RBAC

 You selected this option

ABAC

Next Question

Incorrect

Report Issue

Answer Description

Role-based access control (RBAC) is the access control method that assigns permissions to
security groups based on roles (job functions). Users are assigned to security groups that align
with the permissions needed for them to perform their duties.

Question 1:

Which of the following statements are true regarding Cloud-based security

vulnerabilities? (Choose all the apply)

A. Secure APIs

B. Misconfigured Cloud Storage

C. Poor Access Control

D. Shared Tenancy

Answer: B, C, D
Explanation:

Misconfigured Cloud Storage is correct.

Cloud storage is a rich source of stolen data for cybercriminals. Despite the high

stakes, organizations continue to make the mistake of misconfiguration of cloud

storage which has cost many companies greatly.

Poor Access Control is correct.

Another prevalent cyberattack in the cloud has to do with vulnerabilities around

access control. Often this is due to weak authentication or authorization methods

or is linked to vulnerabilities that bypass these methods.

Shared Tenancy is correct.

Another rare security vulnerability in the cloud that takes a high level of skill to

exploit; it's called shared tenancy. As you are probably aware, cloud platforms

involve a number of software and hardware components. Adversaries who are

able to determine the

Software or hardware used in a cloud architecture could take advantage of known

vulnerabilities and elevate privileges in the cloud.

Secure APIs is not considered as a cloud-based security vulnerability so it

incorrect.

Question 3:

A hacker attacks a network with the aim of maintaining ongoing access to the

targeted network rather than to get in and out as quickly as possible with the

ultimate goal of stealing information over a long period of time. Which type of

attack a hacker used in this case?

A. Advanced persistent threat (APT)

B. Insider threat

C. State actors

D. Hacktivism

Answer: A

Explanation:

The goal of most advanced persistent threat attacks is to achieve and maintain

ongoing access to the targeted network rather than to get in and out as quickly as

possible. Because a great deal of effort and resources usually go into carrying out

APT attacks, hackers typically target high-value targets, such as nation-states and

large corporations, with the ultimate goal of stealing information over a long

period of time.
Downloaded 42

Question 5:

Which of the following VPN solutions is used to connect two local area networks

(LANs) utilized by businesses large and small that want to provide their employees

with secure access to network resources?

A. Proxy server

B. Site-to-site

C. Split tunnel

D. Remote access

Answer: B

Explanation:

Site-to-site is the correct answer. The Site to Site VPN, known as point to point

VPN, is used to connect two local area networks (LANs). Site to site VPNs are

usually utilized by businesses large and small that want to provide their

employees or business partners secure access to network resources. Usually,

these network resources are files or access to programs that need to be

protected.

Remote Access is incorrect. Remote Access (Personal) VPN is used to connect a

personal user device to a remote server on a private network. Once a remote

access VPN is connected, a user's internet activity will go through the encrypted

VPN tunnel to the remote server and access the internet from that remote server.

That means that the internet website or application sees the remote server's IP

address instead of your personal devices IP address - which provides a layer of

privacy.

Split tunnel is incorrect. VPN split tunneling lets you route some of your device or

app traffic through the encrypted VPN tunnel while other devices or apps access

the internet directly. Use split tunneling to protect the traffic you choose, without

losing access to local network devices.

Proxy server is incorrect. A proxy server is not a VPN solution, the proxy server

acts as a gateway between you and the internet. It's an intermediary server

separating end users from the websites they browse. Proxy servers provide

varying levels of functionality, security, and privacy depending on your use case,

needs, or company policy. Proxy servers act as a firewall and web filter, provide

shared network connections, and cache data to speed up common requests.

Question 8:
PC1 can ping the printer device on the Marketing team network but can't ping the

printer on the Sales team network. Assuming you are working on a Linux

environment, which of the following commands will you type to get details about

the route that packets go through from the PC1 to the printer on the Sales team

network?

A. tracert

B. ifconfig

C. traceroute

D. dig

Answer: C