D430 Scenario-Based Study
Questions with Verified Answers |
Latest Edition
1. A health company must comply with HIPAA regulations. It decides to
encrypt databases that contain HIPAA information. Which resource is the
health company directly trying to protect? - ANSWER Data
2. A small web development company has office space with an Internet
connection. It uses cloud providers for all its IT needs, except for the laptops
that are issued to its employees. The company always keeps its software up
to date, uses strong passwords, and employees bring their laptops home with
them when they leave, but recently the company has fallen prey to phishing
attacks. Which type of resource should the company focus on securing? -
ANSWER Human element
3. A security administrator is implementing a practice to regularly audit and
monitor user activities to detect and prevent unauthorized access. What is
this practice called? - ANSWER Auditing
4. A security administrator is implementing a practice to regularly audit and
monitor user activities to detect and prevent unauthorized access. What is
this practice called? - ANSWER Auditing
5. An organization wants to ensure that individuals with access to sensitive
information have undergone specific training on handling and protecting that
information. What is this policy called? - ANSWER Training and
Awareness Policy
,6. An organization wants to ensure that individuals with access to sensitive
information have undergone specific training on handling and protecting that
information. What is this policy called? - ANSWER Training and
Awareness Policy
7. A company is implementing a practice where individuals with administrative
privileges have a separate set of credentials for administrative tasks. What is
this practice called? - ANSWER Dual Control
8. A company is implementing a practice where individuals with administrative
privileges have a separate set of credentials for administrative tasks. What is
this practice called? - ANSWER Dual Control
9. An organization is implementing a method where individuals are granted
access based on their job roles and specific attributes, such as location and
time of day. What method is being described? - ANSWER Attribute-Based
Access Control (ABAC)
10.An attacker intercepts and alters the communication between a user and a
website, injecting malicious scripts. What type of attack is this? - ANSWER
Cross-Site Scripting (XSS)
11.A hacker gains access to a network by exploiting a vulnerability in the
wireless security protocols. What type of attack is this? - ANSWER Man-
in-the-Middle (MitM)
12.An organization wants to protect its network from external threats and
monitor and control internet usage. What technology should be implemented
for this purpose? - ANSWER Proxy Servers
,13.An organization wants to protect its network from external threats and
monitor and control internet usage. What technology should be implemented
for this purpose? - ANSWER Proxy Servers
14.An organization wants to ensure that employees only have access to the
information necessary for their roles. What principle should be implemented
to achieve this? - ANSWER Least Privilege
15.An organization wants to ensure that employees only have access to the
information necessary for their roles. What principle should be implemented
to achieve this? - ANSWER Least Privilege
16.A company is implementing a policy to define the acceptable use of
organizational resources and information systems. What is this policy
called? - ANSWER Acceptable Use Policy
17.A company is implementing a policy to define the acceptable use of
organizational resources and information systems. What is this policy
called? - ANSWER Acceptable Use Policy
18.An organization is implementing a policy to ensure that employees do not
share their login credentials. What is this policy called? - ANSWER
Password Policy
19.An organization is implementing a policy to ensure that employees do not
share their login credentials. What is this policy called? - ANSWER
Password Policy
, 20.A company is implementing a practice to regularly review and update user
access permissions. What is this practice called? - ANSWER Access
Review
21.A company is implementing a practice to regularly review and update user
access permissions. What is this practice called? - ANSWER Access
Review
22.An organization wants to ensure that employees only have access to specific
areas of a building based on their job responsibilities. What practice should
be implemented? - ANSWER Role-Based Access Control (RBAC)
23.An organization wants to ensure that employees only have access to specific
areas of a building based on their job responsibilities. What practice should
be implemented? - ANSWER Role-Based Access Control (RBAC)
24.A user runs an application that has been infected with malware that is less
than 24 hours old. The malware then infects the operating system. Which
safeguard should be implemented to prevent this type of attack? -
ANSWER Limit user account privileges.
25.A user runs an application that has been infected with malware. This
malware then performs a brute force attack on the built-in administrator
account on Windows systems. The malware successfully cracks the
password, and is used to compromise other systems in the environment.
Which safeguard should be implemented to prevent this type of attack? -
ANSWER Modify the default user accounts.
26.A team of students is working remotely on content for a course. Some
students experience an outage when the IP address is not safelisted. The
course project manager provides a secondary method for accessing the
Questions with Verified Answers |
Latest Edition
1. A health company must comply with HIPAA regulations. It decides to
encrypt databases that contain HIPAA information. Which resource is the
health company directly trying to protect? - ANSWER Data
2. A small web development company has office space with an Internet
connection. It uses cloud providers for all its IT needs, except for the laptops
that are issued to its employees. The company always keeps its software up
to date, uses strong passwords, and employees bring their laptops home with
them when they leave, but recently the company has fallen prey to phishing
attacks. Which type of resource should the company focus on securing? -
ANSWER Human element
3. A security administrator is implementing a practice to regularly audit and
monitor user activities to detect and prevent unauthorized access. What is
this practice called? - ANSWER Auditing
4. A security administrator is implementing a practice to regularly audit and
monitor user activities to detect and prevent unauthorized access. What is
this practice called? - ANSWER Auditing
5. An organization wants to ensure that individuals with access to sensitive
information have undergone specific training on handling and protecting that
information. What is this policy called? - ANSWER Training and
Awareness Policy
,6. An organization wants to ensure that individuals with access to sensitive
information have undergone specific training on handling and protecting that
information. What is this policy called? - ANSWER Training and
Awareness Policy
7. A company is implementing a practice where individuals with administrative
privileges have a separate set of credentials for administrative tasks. What is
this practice called? - ANSWER Dual Control
8. A company is implementing a practice where individuals with administrative
privileges have a separate set of credentials for administrative tasks. What is
this practice called? - ANSWER Dual Control
9. An organization is implementing a method where individuals are granted
access based on their job roles and specific attributes, such as location and
time of day. What method is being described? - ANSWER Attribute-Based
Access Control (ABAC)
10.An attacker intercepts and alters the communication between a user and a
website, injecting malicious scripts. What type of attack is this? - ANSWER
Cross-Site Scripting (XSS)
11.A hacker gains access to a network by exploiting a vulnerability in the
wireless security protocols. What type of attack is this? - ANSWER Man-
in-the-Middle (MitM)
12.An organization wants to protect its network from external threats and
monitor and control internet usage. What technology should be implemented
for this purpose? - ANSWER Proxy Servers
,13.An organization wants to protect its network from external threats and
monitor and control internet usage. What technology should be implemented
for this purpose? - ANSWER Proxy Servers
14.An organization wants to ensure that employees only have access to the
information necessary for their roles. What principle should be implemented
to achieve this? - ANSWER Least Privilege
15.An organization wants to ensure that employees only have access to the
information necessary for their roles. What principle should be implemented
to achieve this? - ANSWER Least Privilege
16.A company is implementing a policy to define the acceptable use of
organizational resources and information systems. What is this policy
called? - ANSWER Acceptable Use Policy
17.A company is implementing a policy to define the acceptable use of
organizational resources and information systems. What is this policy
called? - ANSWER Acceptable Use Policy
18.An organization is implementing a policy to ensure that employees do not
share their login credentials. What is this policy called? - ANSWER
Password Policy
19.An organization is implementing a policy to ensure that employees do not
share their login credentials. What is this policy called? - ANSWER
Password Policy
, 20.A company is implementing a practice to regularly review and update user
access permissions. What is this practice called? - ANSWER Access
Review
21.A company is implementing a practice to regularly review and update user
access permissions. What is this practice called? - ANSWER Access
Review
22.An organization wants to ensure that employees only have access to specific
areas of a building based on their job responsibilities. What practice should
be implemented? - ANSWER Role-Based Access Control (RBAC)
23.An organization wants to ensure that employees only have access to specific
areas of a building based on their job responsibilities. What practice should
be implemented? - ANSWER Role-Based Access Control (RBAC)
24.A user runs an application that has been infected with malware that is less
than 24 hours old. The malware then infects the operating system. Which
safeguard should be implemented to prevent this type of attack? -
ANSWER Limit user account privileges.
25.A user runs an application that has been infected with malware. This
malware then performs a brute force attack on the built-in administrator
account on Windows systems. The malware successfully cracks the
password, and is used to compromise other systems in the environment.
Which safeguard should be implemented to prevent this type of attack? -
ANSWER Modify the default user accounts.
26.A team of students is working remotely on content for a course. Some
students experience an outage when the IP address is not safelisted. The
course project manager provides a secondary method for accessing the
