A company's IT department considers different approaches to obtaining digital certificates for its internal network infrastructure. The IT department evaluated the use of a Certificate Signing Request (CSR) and third-party Certificate Authorities (CAs) to meet their security requirements. What is the primary advantage of using a CSR and a third-party CA for obtaining digital certificates compared to other methods?

Digital certificates obtained through a Certificate Signing Request and a third-party Certificate Authority have a higher level of trust and recognition within the industry.

Using a Certificate Signing Request and a third-party Certificate Authority allows for faster deployment of digital certificates within the network.

Using a Certificate Signing Request and a third-party Certificate Authority eliminates the need for regular certificate renewals and maintenance.

Digital certificates obtained through a Certificate Signing Request and a third-party Certificate Authority provide stronger encryption algorithms and key lengths.

CloudSecure is facing a cybersecurity challenge where some of its critical software applications are no longer supported by vendors, making them vulnerable to potential exploits. The IT team is exploring various strategies to mitigate the risk posed by these unsupported apps. What’s the MOST effective approach to enhance the security posture?

Isolating the unsupported apps from other systems to reduce the attack surface.

Ignoring the vulnerability as it can only be exploited in specific circumstances.

Consolidating all operating systems and applications into one product.

Implementing regular patch management to fix the faulty code.

A global financial institution with a vast network of offices and data centers has faced increasing cybersecurity threats. The organization's IT team realizes that privileged accounts are a prime target for hackers, and manually managing them poses a significant risk. The company implemented a Privileged Access Management (PAM) solution to strengthen its security posture. As part of the implementation, the IT team focuses on password vaulting, a critical component of PAM. As part of the advanced PAM implementation, which of the following options depicts the primary purpose of password vaulting?

Securely store and manage privileged account credentials

Enforcing strong password policies

Automatically generate and assign passwords for all users

Complying with regulatory requirements

A multinational corporation operates in several countries with diverse regulations regarding data privacy and security. What is the primary responsibility of the security team concerning the multitude of governmental and regulatory entities influencing the corporation's operations?

Ensuring compliance with all applicable regulations and laws

Shaping internal policies independently from external regulations

Avoiding any interaction with regulatory entities to maintain operational secrets

Lobbying governmental entities for favorable policies

A tech company is in the process of decommissioning a fleet of old servers. It wants to ensure that sensitive data stored on these servers is fully eliminated and are not accesible in the event of unauthorized attempts. What primary process should the company implement before disposing or repurposing these servers?

Moving the servers to a secure storage location

Selling the servers immediately

Deleting all the files on the servers

Which disinformation/misinformation tactics create convincing brand impersonation for phishing attacks or pharming websites? (Select the two best options.)

By accurately duplicating a company's logos and formatting, such as fonts, colors, and styles, to make the fake site visually compelling.

By mimicking the style or tone of email communications or website copy to create a convincing fake.

Using disinformation to purposefully deceive individuals by spreading false claims and rumors with the intention of causing confusion and harm.

Repeating false claims or rumors without the intention to deceive others but aiming to get those false facts amplified by others.

A company is evaluating different vulnerability scanning methods to automate its discovery of software vulnerabilities. They specifically want to understand the difference between client-based and agentless vulnerability scanning. Which statements correctly distinguish these two approaches? (Select the two best options.)

Agentless is preferred for threat actor reconnaissance due to its non-intrusive nature, while client-based involves direct interaction with the target system.

Client-based scanning requires installing scanning agents on each host, while agentless scanning does not need any installation.

Agentless scanning provides higher accuracy for on-premises servers, and client-based is more suitable for cloud-based services.

Both methods are equally effective in reducing disruptions during vulnerability scanning.

An organization wants to enhance its cybersecurity by implementing web filtering. The company needs a solution that provides granular control over web traffic, ensures policy enforcement even when employees are off the corporate network, and can log and analyze Internet usage patterns. Which of the following strategies BEST meets these requirements?

Manual uniform resource locators (URLs) blocking

A cyber team holds a conference to discuss newly designed requirements for compliance reporting and monitoring after experiencing a recent breach of sensitive information. What are the characteristics of compliance monitoring? (Select the best two options.)

It conducts thorough investigations and assessments of third parties.

It uses automation to improve accuracy and streamlines observation activities.

It aims to access and disclose an organization's compliance status.

It promotes accountability, transparency, and effective compliance management.

The security team in a financial organization identified a zero-day vulnerability that enables cross-site scripting (XSS) attacks on its internal web portal. The chief information security officer (CISO) instructs the team to take immediate action. Which action most effectively minimizes the threat from the zero-day vulnerability and the potential XSS attacks?

Implement a web application firewall (WAF).

Restrict the number of login attempts.

Upgrade the hardware of the server.

Encourage staff to change their passwords.

An organization's IT security team has discovered that a recent software update, unknowingly deployed, contained a zero-day exploit. This vulnerability has now made the company's systems susceptible to potential unauthorized access. Which of the following immediate actions should the security team execute to manage this zero-day exploit situation?

Isolate the impacted systems and apply a patch or remediation strategy.

Contact all clients and inform them about the security breach.

Reformat all affected systems and restore data from backup.

Disconnect the company's entire network from the internet.

A medium-sized organization is designing a new network infrastructure. The IT manager wants to minimize the attack surface without sacrificing connectivity. Which of the following measures would be MOST effective in achieving this goal?

Applying port security measures to control network access

Implementing a Web Application Firewall (WAF)

Deploying network appliances in different security zones

Setting up a Software-Defined Wide Area Network (SD-WAN)

A cyber group is reviewing its web filtering capabilities after a recent breach. Which centralized web-filtering technique groups websites into categories such as social networking, gambling, and webmail?

Uniform resource locators (URL) scanning

A network security administrator for a mid-sized enterprise must enhance the company’s security posture. The existing infrastructure includes a network with several connected devices, a firewall, and a virtual private network (VPN) for remote access. People have raised concerns about the potential attack surface, especially from inside threats. The enterprise recently shifted toward a hybrid working model, amplifying the need for secure remote access. The task requires implementing a solution that secures the enterprise infrastructure and ensures secure communication and access. Which approach should the network security administrator take to meet the company's needs?

Replace the current firewall with a Next Generation Firewall (NGFW).

Implement 802.1X for port security.

Establish a jump server for secure communication.

Configure an intrusion prevention system (IPS).

A network administrator at a large tech company has the task of enhancing the visibility into network traffic patterns in a distributed enterprise network. The administrator wants to implement a solution that captures metadata and statistics about network traffic without recording each frame, with the goal of improving the company’s security measures. Which tool should the administrator consider implementing?

A simple network management protocol (SNMP) trap

In the following scenarios apply common security techniques to computing resources.

Security Engineer – The CIO authorized a system that isolates enterprise mobile apps, enforces storage segmentation, requires a VPN, and assists in preventing mobile data loss.

CEO- Since hardware that is a common issue, we need to implant a solution that helps us recover, lost or stolen devices.

CTO- We want to limit on-site and off-site functionality, with greater restrictions applied to sensitive documents when the users are off site.

In the following scenarios apply common security techniques to computing resources.

Infrastructure Manager- It would be helpful to have the ability to share my phone’s friends Internet connection with my laptop.

DevOps – I share proprietary data with my engineering team daily. I need our android devices to have the strongest encryption possible.

Accountant- Someone stole my backpack while I was traveling abroad that had my company issued phone inside.

CompTIA Security + (Part 1)

12th Grade

•

34 Qs

Similar activities

Excel Unit Review

6th - 12th Grade

•

31 Qs

Bài tập 5,6_Tin 12

12th Grade

•

34 Qs

2.6 Adapter Cards

12th Grade - University

•

30 Qs

Quiz 2: Introduction to ICT

12th Grade

•

32 Qs

OXFORD - A LEVEL - NETWORKS

12th Grade

•

30 Qs

Câu hỏi trắc nghiệm về thông tin

4th Grade - University

•

36 Qs

Komunikasi Nirkabel Pita Lebar

12th Grade

•

35 Qs

một số dịch vụ cơ bản của internet

12th Grade

•

36 Qs

CompTIA Security + (Part 1)

Quiz

•

Computers

•

12th Grade

•

Practice Problem

•

Hard

Naquai Roundtree

Used 4+ times

FREE Resource

34 questions

Show all answers

MULTIPLE SELECT QUESTION

1 min • 3 pts

Upon receiving the findings from a recent inspection, a senior technician must identify the various parties needed to implement change management solutions. Based on those impacted by the change, who is a stakeholder within the change management spectrum? (Select the three best options.)

Project manager

Partners

Vendors

Change Advisory Board (CAB)

Answer explanation

The stakeholders in change management include those directly impacted. Partners, Vendors, and the Change Advisory Board (CAB) are essential as they provide support, resources, and guidance for implementing changes effectively.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A financial services company is decommissioning many servers that contain highly sensitive financial information. The company's data protection policy stipulates the need to use the MOST secure data destruction methods and comply with strict regulatory requirements. The company also has a significant environmental sustainability commitment and seeks to minimize waste wherever possible. What should the company's primary course of action be during this process?

Degaussing the servers, rendering the data irretrievable, followed by reselling or recycling the servers after certification

Overwriting the data on the servers multiple times, then disposing of the servers without any certification

Incinerating the servers, as it's the most effective method of data destruction

Storing the servers indefinitely in a secure location to avoid any risk of data leakage

Answer explanation

Degaussing effectively destroys data by demagnetizing the drives, ensuring irretrievability. This method aligns with the company's data protection policy and allows for environmentally responsible reselling or recycling after certification.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A group of threat actors disrupts the online services of an oil company due to their disagreement with the company's environmental policies. They believe their actions can force the company to change its practices. This type of threat actor is primarily driven by what kind of motivation?

Political/philosophical beliefs

Espionage

Financial gain

Service disruption

Answer explanation

The threat actors are motivated by their political/philosophical beliefs regarding environmental policies, aiming to influence the company's practices through disruption.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An educational institution plans to transition from a traditional to a digital learning system. The school's administration has assembled a Change Management Board (CMB) to ensure smooth and secure execution. Within the scope of this educational institution's digital transformation project, what would be the primary role of the CMB?

Overseeing the daily operations of the school's IT department

Conducting cybersecurity awareness training for all school staff

Assessing, approving, and managing changes in the IT infrastructure

Developing and implementing the school's digital learning curriculum

Answer explanation

The primary role of the Change Management Board (CMB) is to assess, approve, and manage changes in the IT infrastructure, ensuring a smooth transition to the digital learning system.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An educational institution plans to transition from a traditional to a digital learning system. The school's administration has assembled a Change Management Board (CMB) to ensure smooth and secure execution. Within the scope of this educational institution's digital transformation project, what would be the primary role of the CMB?

Overseeing the daily operations of the school's IT department

Conducting cybersecurity awareness training for all school staff

Assessing, approving, and managing changes in the IT infrastructure

Developing and implementing the school's digital learning curriculum

Answer explanation

The primary role of the Change Management Board (CMB) is to assess, approve, and manage changes in the IT infrastructure, ensuring a smooth transition to the digital learning system.

MULTIPLE SELECT QUESTION

1 min • 3 pts

A system administrator implemented encryption across the organization's IT infrastructure. The infrastructure includes various types of data storage methods. Which of the following data storage methods can the system administrator encrypt to increase the security of data at rest? (Select the three best options.)

Volume

User interface

Partition

File

Answer explanation

Encrypting data at rest is crucial for security. The best options are Volume, Partition, and File, as these represent different storage methods that can be encrypted to protect sensitive information effectively.

MULTIPLE SELECT QUESTION

1 min • 2 pts

A system admin is reviewing the company's environmental variables as there have been several new additions to workstations and servers. One of the primary environmental factors is the organization's IT infrastructure. What are two other environmental factors? (Select the two best options.)

Risk tolerance

External threat landscape

Prioritization

Regulatory/compliance environment

Answer explanation

The external threat landscape refers to potential risks from outside the organization, while the regulatory/compliance environment encompasses laws and regulations that the organization must adhere to, both crucial for IT infrastructure.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

30 questions

Materiały cyfrowe

Quiz

•

9th - 12th Grade

30 questions

UJIAN SEMESTER 1 TIK KELAS 7

Quiz

•

7th Grade - University

30 questions

INTRODUCTION TO APPLICATION SOFTWARE

Quiz

•

1st Grade - University

35 questions

Microsoft Word

Quiz

•

6th - 12th Grade

30 questions

ULANGAN HARIAN DATA AWAL

Quiz

•

12th Grade

30 questions

EmTech_Lesson 1 & 2

Quiz

•

11th - 12th Grade

30 questions

Հեռահաղորդակցման տեխնոլոգիաներ

Quiz

•

12th Grade

30 questions

Komputer akuntansi WFH 2

Quiz

•

12th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

18 questions

[AP CSP] JavaScript Programming Lesson 2025-2026

Lesson

•

9th - 12th Grade

57 questions

[AP CSP] Unit 5 Review: Internet & Cybersecurity

Quiz

•

9th - 12th Grade

CompTIA Security + (Part 1)

34 questions

Upon receiving the findings from a recent inspection, a senior technician must identify the various parties needed to implement change management solutions. Based on those impacted by the change, who is a stakeholder within the change management spectrum? (Select the three best options.)

The stakeholders in change management include those directly impacted. Partners, Vendors, and the Change Advisory Board (CAB) are essential as they provide support, resources, and guidance for implementing changes effectively.

Degaussing effectively destroys data by demagnetizing the drives, ensuring irretrievability. This method aligns with the company's data protection policy and allows for environmentally responsible reselling or recycling after certification.

A group of threat actors disrupts the online services of an oil company due to their disagreement with the company's environmental policies. They believe their actions can force the company to change its practices. This type of threat actor is primarily driven by what kind of motivation?

The threat actors are motivated by their political/philosophical beliefs regarding environmental policies, aiming to influence the company's practices through disruption.

The primary role of the Change Management Board (CMB) is to assess, approve, and manage changes in the IT infrastructure, ensuring a smooth transition to the digital learning system.

The primary role of the Change Management Board (CMB) is to assess, approve, and manage changes in the IT infrastructure, ensuring a smooth transition to the digital learning system.

Encrypting data at rest is crucial for security. The best options are Volume, Partition, and File, as these represent different storage methods that can be encrypted to protect sensitive information effectively.

A system admin is reviewing the company's environmental variables as there have been several new additions to workstations and servers. One of the primary environmental factors is the organization's IT infrastructure. What are two other environmental factors? (Select the two best options.)

The external threat landscape refers to potential risks from outside the organization, while the regulatory/compliance environment encompasses laws and regulations that the organization must adhere to, both crucial for IT infrastructure.

A cyber intern implements new endpoint configurations after advisement of a data exfiltration that includes top-secret information. What configuration consideration can ensure that systems and devices within an organization's network adhere to mandatory security configurations?

Configuration enforcement ensures that all systems and devices comply with mandatory security settings, preventing unauthorized changes and maintaining security integrity, especially after a data exfiltration incident.

Digital certificates from a CSR and third-party CA are widely recognized and trusted, enhancing security and credibility within the industry compared to self-signed certificates or internal CAs.

Isolating the unsupported apps reduces their exposure to potential attacks, effectively minimizing the risk. This approach is more secure than ignoring vulnerabilities or consolidating systems, which could increase risk.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers