WGU OA Prep 2 C795 Questions and Answers

Document Content and Description Below

A chief information officer (CIO) recently read an article involving a similar company that was hit with ransomware due to ineffective patch-management practices. The CIO tasks a security profession ... al with gathering metrics on the effectiveness of the company's patch-management program to avoid a similar incident. Which method enables the security professional to gather current, accurate metrics? ---Answer: Review authenticated vulnerability scan reports A combined mail server and calendaring server environment contains no secure sockets layer (SSL) certificate.Which security principle of the CIA triad is affected by the lack of an SSL certificate? ---Answer: Confidentiality A company develops a business continuity plan in addition to an emergency communication plan. What should be included in the company's emergency communication plan? Choose 2 answers. ---Answer: Alternate means of contact Backup people for each role A company does not have a disaster recovery plan (DRP) and suffers a multiday power outage. Which provisioning should the company perform to provide stable power for a long period of time? ---Answer: Purchase generators A company has identified a massive security breach in its healthcare records department. Over 50% of customers' personally identifiable information (PII) has been stolen. The customers are aware of the breach, and the company is taking actions to protect customer assets through the personal security policy, which addresses PII data.Which preventive measure should the company pursue to protect against future attacks? ---Answer: Use network-based and host-based firewalls A company has signed a contract with a third-party vendor to use the vendor's inventory management system hosted in a cloud. For convenience, the vendor set up the application to use Lightweight Directory Access Protocol (LDAP) queries but did not enable secure LDAP queries or implement a secure sockets layer (SSL) on the application's web server. The vendor does not have the ability to secure the system, and company management insists on using the application. Which defense-in-depth practices should the company implement to minimize the likelihood of an account compromise due to insecure setup by the vendor? ---Answer: Location-based access control and multifactor authentication A company has user credentials compromised through a phishing attack. Which defense-in-depth practice will reduce the likelihood of misuse of the user's credentials? ---Answer: Deploy multifactor authentication A company hires several contractors each year to augment its IT workforce. The contractors are granted access to the internal corporate network, but they are not provided laptops containing the corporate image. Instead, they are required to bring their own equipment. Which defense-in-depth practice should be required for contractor laptops to ensure that contractors do not connect infected laptops to the internal corporate network? ---Answer: Ensure antimalware software and signatures are updated A company is concerned about loss of data on removable media when media are lost or stolen. Which standard should this company implement on all flash drives? ---Answer: Encryption A company is concerned about securing its corporate network, including its wireless network, to limit security risks. Which defense-in-depth practice represents an application of least privilege? ---Answer: Disable wireless access to users who do not need it A company is concerned about unauthorized network traffic. Which procedure should the company implement to block FTP traffic? ---Answer: Filter ports 20 and 21 at the firewall A company is concerned about unauthorized programs being used on network devices. Which defense-in-depth strategy would help eliminate unauthorized This study source was downloaded by 100000831988016 from CourseHero.com on 08-10-2022 04:20:40 GMT -05:00 https://www.coursehero.com/file/92939885/OA-Prep-2-C795txt/ software on network devices? ---Answer: Use application controls tools and update AppLocker group policies A company is concerned about unneeded network protocols being available on the network. Which two defense-in-depth practices should the company implement to detect whether FTP is being used? Choose 2 answers. ---Answer: Perform automated packet scanning Implement application firewalls A company is concerned that disgruntled employees are sending sensitive data to its competitors. Which defense-in-depth practices assist a company in identifying an insider threat? ---Answer: Data loss prevention (DLP) and audit logs A company is hit with a number of ransomware attacks. These attacks are causing a significant amount of downtime and data loss since users with access to sensitive company documents are being targeted. These attacks have prompted management to invest in new technical controls to prevent ransomware. Which defense-in-depth practices should this company implement? ---Answer: Spam filtering and antimalware A company is implementing a defense-in-depth approach that includes capturing audit logs. The audit logs need to be written in a manner that provides integrity. Which defense-in-depth strategy should be applied? ---Answer: Write the data to a write-once, read-many (WORM) drive A company is moving its database backups from an off-site location to an alternate processing site warehouse using bulk transfers. Which type of database recovery is this company employing? ---Answer: Electronic vaulting A company is terminating several employees with high levels of access. The company wants to protect itself from possible disgruntled employees who could become potential insider threats. Which defense-in-depth practices should be applied? ---Answer: Account revocation and conducting a vulnerability assessment A company needs to improve its ability to detect and investigate rogue WAPs. Which defense-in-depth practice should be used? ---Answer: Install a wireless IDS to monitor irregular behavior A company notices that someone keeps trying to access its system using different passwords and usernames.What can help mitigate the success of this attack? ---Answer: Require a CAPTCHA A company performs a data audit on its critical information every six months. Company policy states that the audit cannot be conducted by the same employee within a two-year timeframe. Which principle is this company following? ---Answer: Job rotation A company presents team members with a disaster recovery scenario, asks members to develop an appropriate response, and then tests some of the technical responses without shutting down operations at the primary site. Which type of disaster recovery test is being performed? ---Answer: Simulation A company relies exclusively on a system for critical functions. An audit is performed, and the report notes that there is no log review performed on the system. Management has been tasked with selecting the appropriate person to perform the log reviews in order to correct the deficiency. Which role is responsible for reviewing and auditing logs in order to detect any malicious behavior? ---Answer: Security administrator A company wants to monitor the inbound and outbound flow of packets and not the content. Which defense-in-depth strategy should be implemented? ---Answer: Traffic and trend analyses should be installed on the router. This study source was downloaded by 100000831988016 from CourseHero.com on 08-10-2022 04:20:40 GMT -05:00 https://www.coursehero.com/file/92939885/OA-Prep-2-C795txt/ A company wants to prevent cybercriminals from gaining easy access into its email server. The company wants to know which user is accessing which resources and to prevent hackers from easily gaining access to the server. Which defensein-depth strategy should be used? ---Answer: Authenticate users and devices and log events within the network A company wants to reduce the risk of an employee with internal knowledge committing an act of sabotage once that employee is no longer with the company. Which control should the company implement to mitigate this risk? ---Answer: Enable an access termination procedure A company's business operations are disrupted due to a flash flood. Which consequences to business continuity should be addressed in the disaster recovery plan? ---Answer: Evaluation of risk from possible flood damage A company's database administrator requires access to a database server to perform maintenance. The director of information technology will provide the database administrator access to the database server but will not provide the database administrator access to all the data within the server's database. Which defense-in-depth practice enhances the company's need-to-know data access strategy? ---Answer: Using compartmented mode systems and least privilege A company's main asset is a physical working prototype stored in the research and development department. The prototype is not currently connected to the company's network. Which privileged user activity should be monitored? ---Answer: Accessing camera logs A company's main asset is its client list stored in the company database, which is accessible to only specific users. The client list contains Health Insurance Portability and Accountability Act (HIPAA) protected data. Which user activity should be monitored? ---Answer: Privilege escalation A company's vulnerability management policy requires assessing a vulnerability based on its severity. Which standard should this company use to prioritize vulnerabilities? ---Answer: Common Vulnerability Scoring System (CVSS) A company's vulnerability management policy requires internet-facing applications to be scanned weekly.Which vulnerability scanning technique meets this policy requirement? ---Answer: Web A government agency is at risk of attack from malicious nation-state actors. Which defense should the agency put on the boundary of its network to stop attacks? ---Answer: Employ an intrusion prevention system A hacker is sitting between a corporate user and the email server that the user is currently accessing. The hacker is trying to intercept and capture any data the user is sending through the email application. How should a system administrator protect the company's email server from this attack? ---Answer: Encrypt network traffic with VPNs A malicious employee installs a network protocol scanner on a computer and is attempting to capture coworkers' credentials. Which policy, procedure, standard, or guideline would solve this issue? ---Answer: Encrypt all sensitive information in transit A member of a sales team receives a phone call from someone pretending to be a member of the IT department. The salesperson provides security information to the caller. Later, the salesperson's user account is compromised. Which strategy should be used by the company to mitigate accounts being compromised in the future? ---Answer: Provide training to all users on social engineering threats A penetration tester identifies a SQL injection vulnerability in a businesscritical web application. The security administrator discusses this finding with This study source was downloaded by 100000831988016 from CourseHero.com on 08-10-2022 04:20:40 GMT -05:00 https://www.coursehero.com/file/92939885/OA-Prep-2-C795txt/ the application developer, and the developer insists that the issue would take two months to remediate. Which defense-in-depth practice should the security administrator use to prevent an attacker from exploiting this weakness before the developer can implement a fix? ---Answer: Implement a web-application firewall A security analyst observes that an unauthorized user has logged in to the network and tried to access an application with failed password attempts. Which defense-in-depth tactic should the security analyst use to see other activities this user has attempted? ---Answer: Use SIEM to collect logs and look at the aggregate data A security professional for a midsize company is tasked with helping the organization write new corporate security procedures. One of the policies includes the use of multifactor authentication. Which defense-in-depth practice should the security professional apply? ---Answer: Create a unique administrator account for each person and configure a security token that provides a passcode every 60 seconds A technician notifies her supervisor that the nightly backup of a critical system failed during the previous night's run. Because the system is critical to the organization, the technician raised the issue in order to make management aware of the missing backup. The technician is looking for guidance on whether additional actions should be taken on the single backup failure. Which role is responsible for making the final decision on how to handle the incomplete backup? ---Answer: Data owner A web server is at near 100% utilization, and it is suggested that several web servers run the same site, sharing traffic from the internet.Which system resilience method would this be? ---Answer: Network load balancing An attacker compromises the credentials that a system administrator uses for managing a user directory. The attacker uses these credentials to create a rogue administrator account. Which defense-in-depth practice would have helped a security administrator identify this compromise? ---Answer: Log and alert when changes to administrative group membership take place An employee is transferring data onto removable media. The company wants to reduce the likelihood of fraud, and transferring data onto removable media is limited to special cases.Which security principle should the company execute as a policy to reduce fraud? ---Answer: Two-person control An executive is using a personal cell phone to view sensitive data. Which control would protect the sensitive data stored on the phone from being exposed due to loss or theft? ---Answer: Encryption An organization is creating a security policy that will be able to audit the use of administrative credentials. The company has decided to use multifactor authentication to allow for the accountability of administrative actions.Which multifactor authentication policy should be applied? ---Answer: Assign administrators individual accounts that require a password and a physical smart card An organization is deploying a number of internet-enabled warehouse cameras to assist with loss prevention. A plan is put in place to implement automated patching. Which defense-in-depth measure will ensure that the patch images are as expected? ---Answer: All remotely installed software must be signed. An organization needs to control the flow of traffic through intranet borders by looking for attacks and evidence of compromised machines. What should be implemented to enhance boundary protection so unwanted intranet traffic can be detected and prevented? ---Answer: Network-based intrusion prevention system (NIPS) This study source was downloaded by 100000831988016 from CourseHero.com on 08-10-2022 04:20:40 GMT -05:00 https://www.coursehero.com/file/92939885/OA-Prep-2-C795txt/ An organization needs to improve the securit [Show More]

Last updated: 3 years ago

Preview 1 out of 6 pages