Which of the following BEST enables a cybersecurity analyst to influence the acceptance of effective security controls across an organization?
AContingency planning expertise
BCommunication skills
CKnowledge of cybersecurity standards
DCritical thinking
Which of the following security practices is MOST effective in reducing system risk through system hardening?
AGiving users only the permissions they need
BEnabling only the required capabilities
CHaving more than one user to complete a task
DPermitting only the required access
Which of the following is the PRIMARY purpose of load balancers in cloud networking?
AOptimizing database queries
BMonitoring network traffic
CLoad testing applications
DDistributing traffic between multiple servers
Which of the following BEST describes privilege escalation in the context of kernel security?
AA security vulnerability in the operating system that triggers buffer overflows
BA type of code to inject malware into the kernel
CA technique used by attackers to bypass kernel-level security controls
DA process by which an attacker gains unauthorized access to user data
Question 6
Cybersecurity Principles and Risks
0
Question 7
Incident Detection and Response
Question 8
Securing Assets
Question 9
Securing Assets
Question 10
Technology Essentials
Question 11
Securing Assets
Question 12
Securing Assets
Question 13
Securing Assets
Question 14
Securing Assets
Question 15
Securing Assets
Question 16
Adversarial Tactics, Techniques, and Procedures
Question 17
Cybersecurity Principles and Risks
Question 18
Securing Assets
Question 19
Securing Assets
Question 20
Securing Assets
Question 21
Securing Assets
Question 22
Technology Essentials
Question 23
Securing Assets
Question 24
Technology Essentials
Question 25
Technology Essentials
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Before performing a penetration test for a client, it is MOST crucial to ensure:
Athe timeframe has been determined.
Bprice has been estimated.
Cscope is defined.
Dauthorized consent is obtained.
An organization has received complaints from a number of its customers that their data has been breached. However, after an investigation, the organization cannot detect any indicators of compromise. The breach was MOST likely due to which type of attack?
ASupply chain attack
BSQL injection attack
CMan-in-the-middle attack
DZero-day attack
Which of the following is the PRIMARY reason for tracking the effectiveness of vulnerability remediation processes within an organization?
ATo reduce the likelihood of a threat actor successfully exploiting vulnerabilities in the organization's systems
BTo provide reports to senior management so that they can justify the expense of vulnerability management tools
CTo identify executives who are responsible for delaying patching and report them to the board
DTo ensure employees responsible for patching vulnerabilities are actually doing their job correctly
As part of a penetration testing program, which team facilitates education and training of architects and developers to encourage better security and awareness?
AGreen team
BRed team
COrange team
DYellow team
An organization uses containerization for its business application deployments, and all containers run on the same host, so they MUST share the same:
Adatabase.
Buser data.
Coperating system.
Dapplication.
Which of the following would BEST enable an organization to prioritize remediation activities when multiple vulnerabilities are identified?
ARisk assessment
BBusiness impact analysis (BIA)
CVulnerability exception process
DExecutive reporting process
Which of the following is the PRIMARY security-related reason to use a tree network topology rather than a bus network topology?
AIt enables easier network expansion and scalability.
BIt is more resilient and stable to network failures.
CIt is less susceptible to data interception and eavesdropping.
DIt enables better network performance and bandwidth utilization.
After an organization's financial system was moved to a cloud-hosted solution that allows single sign-on (SSO) for authentication purposes, data was compromised by an individual logged onto the local network using a compromised username and password. What authentication control would have MOST effectively prevented this situation?
AChallenge handshake
BSingle-factor
CMulti-factor
DToken-based
Which of the following is the MOST common output of a vulnerability assessment?
AA detailed report on the overall vulnerability posture, including physical security measures
BA list of potential attackers along with their IP addresses and geolocation data
CA list of identified vulnerabilities along with a severity level for each
DA list of authorized users and their access levels for each system and application
After identified weaknesses have been remediated, which of the following should be completed NEXT?
APerform a software quality assurance (QA) activity.
BMove the fixed system directly to production.
CPerform software code testing.
DPerform a validation scan before moving to production.
Target discovery and service enumeration would MOST likely be used by an attacker who has the initial objective of:
Adeploying and maintaining backdoor system access.
Bcorrupting process memory, likely resulting in system instability.
Cgaining privileged access in a complex network environment.
Dport scanning to identify potential attack vectors.
Which of the following risks is MOST relevant to cloud auto-scaling?
AUnforeseen expenses
BData breaches
CLoss of confidentiality
DLoss of integrity
Which of the following should be the ULTIMATE outcome of adopting enterprise governance of information and technology in cybersecurity?
AResource optimization
BValue creation
CRisk optimization
DBusiness resilience
How can port security protect systems on a segmented network?
ABy requiring multi-factor authentication
BBy establishing a Transport Layer Security (TLS) handshake
CBy preventing unauthorized access to the network
DBy enforcing encryption of data on the network
When identifying vulnerabilities, which of the following should a cybersecurity analyst determine FIRST?
AThe number of vulnerabilities identifiable by the scanning tool
BThe number of tested asset types included in the assessment
CThe vulnerability categories possible for the tested asset types
DThe vulnerability categories identifiable by the scanning tool
Which of the following is the PRIMARY benefit of implementing logical access controls on a need-to-know basis?
AReducing the complexity of access control policies and procedures
BLimiting access to sensitive data and resources
CProviding a consistent user experience across different applications
DEnsuring users can access all resources on the network
Which of the following is a type of middleware used to manage distributed transactions?
ATransaction processing monitor
BMessage-oriented middleware
CObject request broker
DRemote procedure call
Which of the following controls would BEST prevent an attacker from accessing sensitive data from files or disk images that have been obtained either physically or via the network?
AEncryption of data at rest
BNext generation antivirus
CEndpoint detection and response (EDR)
DData loss prevention (DLP)
Which of the following is a network port for service message block (SMB)?
A22
B143
C389
D445
Which type of middleware is used for connecting software components that are written in different programming languages?
