Question 1

Marcus, a cybersecurity manager, wants to perform random audits on user systems. He knows that a complete audit of one system could take an entire day or more. Which of the following might he implement to allow him to accomplish these random audits?

A) Mandatory vacation
B) Succession planning
C) Separation of duties
D) SIEM

Mandatory vacation

Accepted Answer

Mandatory vacation policies can force employees to take time off, during which their systems and activities can be audited without disrupting their work. This allows for a thorough examination of their systems for any irregularities or security issues.

Question 2

Tonia has just completed an audit of the accounts payable system and discovered what appears to be the embezzlement of funds by a clerk.The clerk was able to create entries of payments to be made and was also allowed to approve the payments. Which of the following might have prevented this situation from occurring and should be implemented immediately?

A) Dual control
B) Cross-training
C) Succession planning
D) Separation of duties

Separation of duties

Accepted Answer

Separation of duties is a key internal control that prevents fraud by ensuring that no single individual has control over all aspects of a financial transaction. By separating the responsibilities of creating and approving payments, the risk of embezzlement is reduced.

Question 3

Muhammed is a cybersecurity engineer for a quickly growing organization. He is concerned that his team may not be able to keep up with the growth, and that a system might remain vulnerable to certain exploits. He is considering taking advantage of the cloud to help accommodate the growth. Which of the following might he choose to use?

A) SaaS
B) SECaaS
C) SIEM
D) IaaS

SECaaS

Accepted Answer

SECaaS (Security as a Service) is a cloud-based service that provides security management and services to organizations. It can help Muhammed's team by outsourcing some of the security tasks, ensuring that the organization's systems remain protected even as it grows.

Question 4

A growing organization has recently created a policy that everyone in upper management must train each other in various aspects of their jobs.They must also train one of their direct reports to perform key parts of their jobs. The object is to establish continuity of the organization's operations if something catastrophic happens to a manager. Which of the following terms best describes the type of policy that has been implemented?

A) Succession planning
B) Job rotation
C) Dual control
D) Separation of duties

Accepted Answer

Succession planning is the process of identifying and developing new leaders who can replace old leaders when they leave, retire or die. The policy described aims to ensure continuity by preparing others to take over key roles, which aligns with the concept of succession planning.

Question 5

Samara needs to retrieve the private key from the key escrow service her company uses.Upon trying to retrieve the key, she is advised that at least two authorized personnel must request the key before it can be released. Which of the following has been implemented by the key escrow service?

A) Job rotation
B) Separation of duties
C) Dual control
D) Succession planning

Accepted Answer

This scenario describes dual control, where two or more authorized individuals must jointly perform a task or access sensitive information, such as retrieving a private key from an escrow service. This is a security measure to prevent unauthorized access or misuse of sensitive data.

Question 6

Falik has just returned from a cybersecurity conference where he learned about a UTM that provides some new features he would like to implement within his network. Which of the following best describes what he would like to implement?

A) SIEM
B) Next-generation firewall
C) Security appliance
D) Event logger

Accepted Answer

A UTM (Unified Threat Management) is a type of security appliance that integrates multiple security features such as firewall, intrusion detection, and antivirus into a single device.

Question 7

Paris is designing the logical configuration for the company's new headquarters building. He knows that several departments, including Human Resources and the research and development group, should not be able to communicate with each other. Which of the following should he include as part of the network design requirements?

A) ICS
B) Obfuscation
C) Automated reporting systems
D) Subnetting

Accepted Answer

Subnetting allows for the division of a network into smaller, logically separated networks, which can help in isolating different departments like Human Resources and the research and development group, preventing direct communication between them.

Question 8

Hannah has just been hired to review a large organization's formal IT processes and procedures. She finds that the company's backup methods create unacceptable risks because of potential data loss in a disaster, such as a fire. She recommends backing up the company's data to the cloud instead of storing magnetic tapes onsite. Which of the following best describes Hannah's recommendations?

A) Non-repudiation
B) Succession planning
C) Request for change
D) Process retirement

Accepted Answer

Hannah's recommendation to switch from onsite magnetic tape backups to cloud backups suggests retiring the current backup process due to its risks, aligning with process retirement.

Question 9

Amadeus is composing a new web application that his organization will make available to the general public. The site will offer users the ability to sign up for accounts and interact with certain functions of the application. Which of the following should he ensure is done as part of the sign-up process?

A) Input validation
B) Fuzzing
C) Static code analysis
D) Automated reporting

Accepted Answer

Input validation is crucial during the sign-up process to ensure that the data entered by users conforms to expected formats and values, helping to prevent SQL injection, cross-site scripting (XSS), and other types of attacks.

Question 10

Octavius has developed a new application and wants to ensure that there are no issues with memory corruption or program crashes as a result of certain types of input being sent to the application. Which of the following might he use to meet this goal?

A) Application stress testing
B) Fuzzing
C) Input validation
D) Regression testing

Accepted Answer

Fuzzing is a technique used to discover coding errors and security loopholes in software by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash. This helps identify potential memory corruption or program crashes.

Question 11

Aurelia has just modified a module in one of her company's software applications to add a new feature. Which of the following should be done to ensure that the changes did not adversely affect any other areas of the application?

A) Static code analysis
B) Regression testing
C) Application stress testing
D) User acceptance testing

Accepted Answer

The answer of Aurelia has just modified a module in...

Question 12

Marilla is creating an application that will be installed on all client computers in her organization. Which of the following should be performed before the application is compiled and distributed?&#10;A) Regression testing&#10;B) Static code analysis&#10;C) Web application vulnerability scanner&#10;D) Historical analysis

Accepted Answer

The answer of Marilla is creating an application that will...

Question 13

Phil wants to determine whether the new email filter on the company's mail server has been effective in reducing the number of malware instances detected on user computers. Which of the following is the best answer to describe what he should use for his analysis?

A) Data aggregation
B) Trend analysis
C) Data correlation
D) Intrusion detection system

Accepted Answer

The answer of Phil wants to determine whether the new...

Question 14

Brianne wants to find some best practices to share with the development team in her organization. Which of the following is not a good source for this type of information?&#10;A) OWASP&#10;B) SANS&#10;C) CIS&#10;D) ARIN

Accepted Answer

The answer of Brianne wants to find some best practices...

Question 15

Chase has found a virtual machine on one of the hosts in the data center that has been capturing packets, logging all of the GET and POST requests and parameters, and forwarding that information outside of the network. Which of the following best describes what he might have discovered?

A) Interception proxy
B) Fuzzer
C) Ransomware
D) Port scanner

Accepted Answer

The answer of Chase has found a virtual machine on...

Deck 11: Defense in Depth, Software Development, and Data Analysis