Match the security control type to the appropriate description. They involve hardware and/or software implemented to manage risk and provide protection ==> Technical controls They are mechanisms such as fences…
What type of activity occurs during the deployment phase of the asset lifecycle? An asset is moved from inventory to in-use. An asset is added to the inventory of the…
What is an example of a business continuity plan? Identifying and analyzing potential events that may negatively impact an organization’s assets Identifying critical business processes, resources and relationships between systems…
Which of the following is the simplest exercise to use for training employees and testing an organization’s disaster recovery plan? Tabletop exercise A simulation A full operational exercise Functional test…
A cybersecurity team needs to investigate several incidents. In which step of the NIST incident response life cycle are the tools and assets, required to do this investigation, acquired and…
Which control should an organization use to restore a system back to its normal state? Detective Preventive Corrective Compensative Explanation & Hint: Corrective controls restore the system after a disaster…
Forensic procedures must be followed exactly to ensure the integrity of data obtained in an investigation. When making copies of data from a machine that is being examined, which of…
What procedure should be avoided in a digital forensics investigation? Make a copy of the hard drive. Reboot the affected system upon arrival. Recover deleted files. Secure physical access to…
What tool is used to lure an attacker so that an administrator can capture, log and analyze the behavior of the attack? Nmap NetFlow IDS Honeypot Explanation & Hint: Administrators can…
The IT security team of an organization is charged with cybersecurity threat assessment and risk management. Which Cisco service would assist the task by providing information about security incident detection…
Match the criteria for the Base Metric Group Exploitability metrics with its description. This is a metric that expresses the number of components, software, hardware, or networks, that are beyond…
When using a CVSS risk assessment tool, what must be completed first in order for a score to be calculated for the Temporal Metric Group? Base Metric Group Redemption level…
What security tool allows an organization to collect data about security threats from various sources, and respond to low-level events without human intervention? Nessus SIEM SOAR GFI LanGaurd Explanation &…
A penetration tester wants to collect preliminary knowledge about systems, software, networks, or people without directly engaging the target or its assets. What is this process called? non-intrusive scan credentialed…
A cloud service company provides web service to clients. The company is assessing the risk of service disruption due to hardware failure. The company decides to add another data center…
A Linux administrator creates new user accounts using the useradd command. Which two files on the system contain the new user account information? (Choose two.) /etc/users/groups /etc/ passwd /users/account /etc/users /etc/ shadow…
An e-commerce website encourages users to authenticate using their individual social media account credentials. What type of a security solution enables users to use the same credentials to login to…
A network technician is assigned the task of hardening a Cisco switch before placing it into the LAN. The technician configures and encrypts the user and privilege mode passwords, creates…
A network technician is preparing a number of laptops to be loaned to employees while they are traveling. These employees will not be logging into the corporate directory server when…
What is a benefit of a Type 1 hypervisor implementation over a Type 2 hypervisor environment? Type 1 hypervisor systems are immune to hacker attacks and VM escape exploits. Type…