PRACTICE EXAM - 116 QUESTIONS

The attack vector most likely being used is Social Engineering.

This scenario suggests a phishing attempt, where an attacker is trying to deceive the new employee by sending a fake onboarding email with malicious links that do not correspond to legitimate company links.

The best type of site for this company is Hot.

A hot site is a fully operational, ready-to-go site with all the necessary hardware, software, and data backups. It allows a company to immediately continue operations with minimal downtime, which is crucial for a company in a hurricane-prone area.

4o

The bank should use File Integrity Monitoring.

File Integrity Monitoring (FIM) is designed to ensure that sensitive data, such as customers' Personally Identifiable Information (PII), is not modified without authorization. It continuously monitors and alerts on any changes to critical files, ensuring data integrity.

The security team is most likely to recommend Hashing.

Hashing is a cryptographic technique that converts passwords into a fixed-size string of characters, which is irreversible. This means that even if the login database is breached, the actual passwords are not exposed in plaintext. Proper hashing techniques, combined with salting, significantly enhance the security of stored passwords, reducing the impact of a potential breach.

The security concept that best describes this scenario is Confidentiality.

Confidentiality ensures that sensitive information is only accessible to those who are authorized to view it, based on their roles and need-to-know basis. This prevents unauthorized access to client files and protects sensitive data

The CISO should use Attestation.

Attestation involves obtaining a formal statement or certification from an external party, often an auditor, that the company’s security policies and controls meet the requirements imposed by external regulators. This process provides assurance that the organization is compliant with regulatory standards.

The analyst would most likely look at Firewall logs next.

Firewall logs provide detailed records of inbound and outbound network traffic. They can help the analyst identify if the workstation is communicating with known or suspected command-and-control servers, which is crucial for detecting and mitigating potential threats.

The best option for the company to confirm that the software came from the vendor is Validate the code signature.

Code signing ensures that the software has not been altered or tampered with and confirms the identity of the vendor who provided the software. By validating the code signature, the company can verify the authenticity of the software and ensure it is from the trusted vendor.

The security engineer should Install endpoint management software on all systems.

Endpoint management software allows for centralized monitoring and management of workstations and servers. It can track and report unauthorized changes, software installations, and other critical security events across all systems, ensuring they are properly monitored.

The example best mitigated by input sanitization is <script>alert("Warning!") ;</script>.

Input sanitization helps prevent cross-site scripting (XSS) attacks by removing or encoding potentially malicious input before it is processed or displayed. In this case, sanitizing the input would prevent the execution of the script tag and any JavaScript code it contains.