C845 Practice Questions 4
Username - answer Which one of the following tools is most often used for identification
purposes and is not suitable for use as an authenticator?
Password
Retinal scan
Username
Token
Separation of duties - answer Theresa is implementing a new access control system
and wants to ensure that developers do not have the ability to move code from
development systems into the production environment.
What information security principle is she most directly enforcing?
Separation of duties
Two-person control
Least privilege
Job rotation
Implement a SIEM. - answerNIST Special Publication 800-92, the Guide to Computer
Security Log Management, describes four types of common challenges to log
management:
Many log sources
Inconsistent log content
Inconsistent timestamps
Inconsistent log formats
Which of the following solutions is best suited to solving these issues?
Implement SNMP for all logging devices.
Implement a SIEM.
Standardize on the Windows event log format for all devices and use NTP.
Ensure that logging is enabled on all endpoints using their native logging formats and
set their local time correctly.
Secondary response procedures for first responders - answerWhich one of the following
components should be included in an organization's emergency response guidelines?
Secondary response procedures for first responders
Long-term business continuity protocols
Activation procedures for the organization's cold sites
, Contact information for ordering equipment
Repudiation - answerGary is analyzing a security incident and, during his investigation,
encounters a user who denies having performed an action that Gary believes he did
perform.
What type of threat has taken place under the STRIDE model?
Repudiation
Information disclosure
Tampering
Elevation of privilege
Retire or replace the device. - answerAfter scanning all the systems on his wireless
network, Mike notices that one system is identified as an iOS device running a
massively out-of-date version of Apple's mobile operating system.
When he investigates further, he discovers that the device is an original iPad and that it
cannot be updated to a current secure version of the operating system.
What should Mike recommend?
Retire or replace the device.
Isolate the device on a dedicated wireless network.
Install a firewall on the tablet.
Reinstall the OS.
PaaS - answerRick is an application developer who works primarily in Python.
He recently decided to evaluate a new service where he provides his Python code to a
vendor who then executes it on their server environment.
What type of cloud computing environment is this service?
SaaS
PaaS
IaaS
CaaS
A rainbow table attack - answerDuring a penetration test, Chris recovers a file
containing hashed passwords for the system he is attempting to access.
What type of attack is most likely to succeed against the hashed passwords?
A brute-force attack
A pass-the-hash attack
A rainbow table attack
A salt recovery attack
Blacklist - answerKay is selecting an application management approach for her
organization.
Username - answer Which one of the following tools is most often used for identification
purposes and is not suitable for use as an authenticator?
Password
Retinal scan
Username
Token
Separation of duties - answer Theresa is implementing a new access control system
and wants to ensure that developers do not have the ability to move code from
development systems into the production environment.
What information security principle is she most directly enforcing?
Separation of duties
Two-person control
Least privilege
Job rotation
Implement a SIEM. - answerNIST Special Publication 800-92, the Guide to Computer
Security Log Management, describes four types of common challenges to log
management:
Many log sources
Inconsistent log content
Inconsistent timestamps
Inconsistent log formats
Which of the following solutions is best suited to solving these issues?
Implement SNMP for all logging devices.
Implement a SIEM.
Standardize on the Windows event log format for all devices and use NTP.
Ensure that logging is enabled on all endpoints using their native logging formats and
set their local time correctly.
Secondary response procedures for first responders - answerWhich one of the following
components should be included in an organization's emergency response guidelines?
Secondary response procedures for first responders
Long-term business continuity protocols
Activation procedures for the organization's cold sites
, Contact information for ordering equipment
Repudiation - answerGary is analyzing a security incident and, during his investigation,
encounters a user who denies having performed an action that Gary believes he did
perform.
What type of threat has taken place under the STRIDE model?
Repudiation
Information disclosure
Tampering
Elevation of privilege
Retire or replace the device. - answerAfter scanning all the systems on his wireless
network, Mike notices that one system is identified as an iOS device running a
massively out-of-date version of Apple's mobile operating system.
When he investigates further, he discovers that the device is an original iPad and that it
cannot be updated to a current secure version of the operating system.
What should Mike recommend?
Retire or replace the device.
Isolate the device on a dedicated wireless network.
Install a firewall on the tablet.
Reinstall the OS.
PaaS - answerRick is an application developer who works primarily in Python.
He recently decided to evaluate a new service where he provides his Python code to a
vendor who then executes it on their server environment.
What type of cloud computing environment is this service?
SaaS
PaaS
IaaS
CaaS
A rainbow table attack - answerDuring a penetration test, Chris recovers a file
containing hashed passwords for the system he is attempting to access.
What type of attack is most likely to succeed against the hashed passwords?
A brute-force attack
A pass-the-hash attack
A rainbow table attack
A salt recovery attack
Blacklist - answerKay is selecting an application management approach for her
organization.
