A company has retained the services of a consultant to perform a security assessment. As part of the assessment, the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks. Which of the following would BEST enable this activity?
- A. ISAC
- B. OSINT
- C. CVSS
- D. Threat modeling
A law firm experienced a breach in which access was gained to a secure server. During an investigation to determine how the breach occurred, an employee admitted to clicking on a spear-phishing link. A security analyst reviewed the event logs and found the following:
• PAM had not been bypassed.
• DLP did not trigger any alerts.
• The antivirus was updated to the most current signatures.
Which of the following MOST likely occurred?
- A. Exploitation
- B. Exfiltration
- C. Privilege escalation
- D. Lateral movement
A company processes sensitive cardholder information that is stored in an internal production database and accessed by internet-facing web servers. The company’s Chief Information Security Officer (CISO) is concerned with the risks related to sensitive data exposure and wants to implement tokenization of sensitive information at the record level. The company implements a one-to-many mapping of primary credit card numbers to temporary credit card numbers.
Which of the following should the CISO consider in a tokenization system?
- A. Data field watermarking
- B. Field tagging
- C. Single-use translation
- D. Salted hashing
A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed. Which of the following is the MOST likely cause of the error?
- A. Lockout of privileged access account
- B. Duration of the BitLocker lockout period
- C. Failure of the Kerberos time drift sync
- D. Failure of TPM authentication
A security engineer is concerned about the threat of side-channel attacks. The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from its normal operating range. As a result, the part deteriorated more quickly than the mean time to failure. A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the part failed. Which of the following solutions would be BEST to prevent a side-channel attack in the future?
- A. Installing online hardware sensors
- B. Air gapping important ICS and machines
- C. Implementing a HIDS
- D. Installing a SIEM agent on the endpoint
Which of the following is the primary reason that a risk practitioner determines the security boundary prior to conducting a risk assessment?
- A. To determine the scope of the risk assessment
- B. To determine the business owner(s) of the system
- C. To decide between conducting a quantitative or qualitative analysis
- D. To determine which laws and regulations apply
A security architect must mitigate the risks from what is suspected to be an exposed, private cryptographic key. Which of the following is the BEST step to take?
- A. Revoke the certificate.
- B. Inform all the users of the certificate.
- C. Contact the company’s Chief Information Security Officer.
- D. Disable the website using the suspected certificate.
- E. Alert the root CA.
An employee’s device was missing for 96 hours before being reported. The employee called the help desk to ask for another device. Which of the following phases of the incident response cycle needs improvement?
- A. Containment
- B. Preparation
- C. Resolution
- D. Investigation
A security consultant has been asked to recommend a secure network design that would:
• Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.
• Limit operational disruptions.
Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?
- A. Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.
- B. Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.
- C. Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.
- D. Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.
A company is designing a new system that must have high security. This new system has the following requirements:
• Permissions must be assigned based on role.
• Fraud from a single person must be prevented.
• A single entity must not have full access control.
Which of the following can the company use to meet these requirements?
- A. Dual responsibility
- B. Separation of duties
- C. Need to know
- D. Least privilege