Certmaster CE Security+ Domain 4.0 Security
Operations
Save
Students also studied
Flashcard sets Study guides
Certmaster CE Security+ Domain 4.0... Epic ClinDoc INP402 Project Manager (Qu
86 terms Teacher 20 terms Teacher 34 terms
Abu_Rabbi Preview Max_Millian9 Preview john_mungai7
The chief information officer A. Network vulnerability scanner
(CIO) wants to expand the
company's ability to accurately
identify vulnerabilities across the
company. The CIO wants to be
able to scan client PCs, mobile
devices, servers, routers, and
switches. What type of scanner
are they looking to institute?
A financial services company is D. Degaussing the servers, rendering the data irretrievable,
decommissioning many servers followed by reselling or recycling the servers after certification
that contain highly sensitive
financial information. The
company's data protection
policy stipulates the need to use
the most secure data
destruction methods and
comply with strict regulatory
requirements. The company also
has a significant environmental
sustainability commitment and
seeks to minimize waste
wherever possible. What should
the company's primary course of
action be during this process?
A cyber technician pulls logs on B. Operating system-specific security logs
the new Apple iMacs to ensure
the company's employees
adhere to the policy. What log
can provide the technician with
the computer's attempted logins
or denial when an employee
attempts to access a file?
,A large multinational company C. Attribute-based access control
uses a cloud-based document
storage system. The system
provides access to documents
by considering a combination of
factors: the user's department,
geographic location, the
document's sensitivity level, and
the current date and time. For
example, only the finance
department of a specific region
can access its financial reports,
and they can do so only during
business hours. Which access
control model does the
company MOST likely use to
manage this complex access
control
The IT team at a medium-sized C .To enhance wireless network security with the latest
company is upgrading its encryption standards
wireless network security to
protect sensitive data and
ensure secure communication
between devices. They have
decided to implement Wi-Fi
Protected Access 3 (WPA3).
What is the primary purpose of
implementing WPA3 on the
company's wireless network?
A security specialist is drafting a B. It refers to the documentation and verification of the data
memorandum on secure data sanitization or destruction process.
destruction for the organization
after a recent breach. What
benefit does the certification
concept offer when evaluating
appropriate
disposal/decommissioning?
The IT security team at a large C. Biometrics
company is implementing more
robust authentication measures
to safeguard sensitive data and
systems. The team is exploring
multifactor authentication (MFA)
options to bolster security. The
company deals with highly
confidential information and
requires a robust solution. The
team has narrowed the choices
and is evaluating which aligns
BEST with their security needs.
Which multi-factor
authentication method utilizes
unique physical characteristics
of individuals to
, Following an incident in which a D. Walkthrough
company's incident response
plan (IRP) failed, the response
team made several updates and
changes to the IRP. The CEO
wants to test the IRP with a
realistic incident that allows for
hands-on demonstrations
without engaging in a full-blown
simulation and that doesn't
require extensive investment
and planning. Which IRP
exercise is the BEST option for
this company?
A technology firm's network B. System-specific security logs, which track system-level
security specialist notices a operations; logs generated by applications running on hosts; and
sudden increase in unidentified real-time reports from the SIEM solution, summarizing incidents.
activities on the firm's Security
Event and Incident Management
(SIEM) incident tracking system.
An unknown entity or process
also increases the number of
reported incidents. The
specialist decides to investigate
these incidents. Which
combination of data sources
would provide a balanced
perspective to support the
investigation?
A proprietary software remains A. Network segmentation
mission-critical ten years after its C. Compensating controls
in-house creation. The software
requires an exception to the
rules as it cannot use the latest
in-use operating system (OS)
version. How can the IT
department protect this mission-
critical software and reduce its
exposure factor? (Select the two
best options.)
A system administrator has seen A. Review logs
repeated positive vulnerability B. Use different scanners
messages only to discover that
no vulnerability exists. The
vulnerability messages repeat
daily for several days, causing
the system administrators to
ignore them. What can the
system administrator do to
combat false positives? (Select
the two best options.)
Operations
Save
Students also studied
Flashcard sets Study guides
Certmaster CE Security+ Domain 4.0... Epic ClinDoc INP402 Project Manager (Qu
86 terms Teacher 20 terms Teacher 34 terms
Abu_Rabbi Preview Max_Millian9 Preview john_mungai7
The chief information officer A. Network vulnerability scanner
(CIO) wants to expand the
company's ability to accurately
identify vulnerabilities across the
company. The CIO wants to be
able to scan client PCs, mobile
devices, servers, routers, and
switches. What type of scanner
are they looking to institute?
A financial services company is D. Degaussing the servers, rendering the data irretrievable,
decommissioning many servers followed by reselling or recycling the servers after certification
that contain highly sensitive
financial information. The
company's data protection
policy stipulates the need to use
the most secure data
destruction methods and
comply with strict regulatory
requirements. The company also
has a significant environmental
sustainability commitment and
seeks to minimize waste
wherever possible. What should
the company's primary course of
action be during this process?
A cyber technician pulls logs on B. Operating system-specific security logs
the new Apple iMacs to ensure
the company's employees
adhere to the policy. What log
can provide the technician with
the computer's attempted logins
or denial when an employee
attempts to access a file?
,A large multinational company C. Attribute-based access control
uses a cloud-based document
storage system. The system
provides access to documents
by considering a combination of
factors: the user's department,
geographic location, the
document's sensitivity level, and
the current date and time. For
example, only the finance
department of a specific region
can access its financial reports,
and they can do so only during
business hours. Which access
control model does the
company MOST likely use to
manage this complex access
control
The IT team at a medium-sized C .To enhance wireless network security with the latest
company is upgrading its encryption standards
wireless network security to
protect sensitive data and
ensure secure communication
between devices. They have
decided to implement Wi-Fi
Protected Access 3 (WPA3).
What is the primary purpose of
implementing WPA3 on the
company's wireless network?
A security specialist is drafting a B. It refers to the documentation and verification of the data
memorandum on secure data sanitization or destruction process.
destruction for the organization
after a recent breach. What
benefit does the certification
concept offer when evaluating
appropriate
disposal/decommissioning?
The IT security team at a large C. Biometrics
company is implementing more
robust authentication measures
to safeguard sensitive data and
systems. The team is exploring
multifactor authentication (MFA)
options to bolster security. The
company deals with highly
confidential information and
requires a robust solution. The
team has narrowed the choices
and is evaluating which aligns
BEST with their security needs.
Which multi-factor
authentication method utilizes
unique physical characteristics
of individuals to
, Following an incident in which a D. Walkthrough
company's incident response
plan (IRP) failed, the response
team made several updates and
changes to the IRP. The CEO
wants to test the IRP with a
realistic incident that allows for
hands-on demonstrations
without engaging in a full-blown
simulation and that doesn't
require extensive investment
and planning. Which IRP
exercise is the BEST option for
this company?
A technology firm's network B. System-specific security logs, which track system-level
security specialist notices a operations; logs generated by applications running on hosts; and
sudden increase in unidentified real-time reports from the SIEM solution, summarizing incidents.
activities on the firm's Security
Event and Incident Management
(SIEM) incident tracking system.
An unknown entity or process
also increases the number of
reported incidents. The
specialist decides to investigate
these incidents. Which
combination of data sources
would provide a balanced
perspective to support the
investigation?
A proprietary software remains A. Network segmentation
mission-critical ten years after its C. Compensating controls
in-house creation. The software
requires an exception to the
rules as it cannot use the latest
in-use operating system (OS)
version. How can the IT
department protect this mission-
critical software and reduce its
exposure factor? (Select the two
best options.)
A system administrator has seen A. Review logs
repeated positive vulnerability B. Use different scanners
messages only to discover that
no vulnerability exists. The
vulnerability messages repeat
daily for several days, causing
the system administrators to
ignore them. What can the
system administrator do to
combat false positives? (Select
the two best options.)
