D488 - Cybersecurity Architecture &
Engineering Questions with Correct
Answers
Which type of security should a business use on its layer 2 switch to isolate the finance
network from other departmental networks?
A - Virtual Private Network (VPN)
B - Internet Protocol Security (IPSec)
C - Virtual Local Area Network (VLAN)
D - Remotely Triggered Black Hole (RTBH) - ANSWERSC - Virtual Local Area Network
(VLAN)
VLANs allow companies to logically segment network traffic, ensuring devices on
different VLANs cannot communicate unless otherwise specified in a layer 3 device like
a router.
Which type of software testing should be used when there has been a change within the
existing environment?
A - Regression Testing
B - Penetration Testing
C - Requirements Testing
D - Release Testing - ANSWERSA - Regression Testing
Regression testing ensures that recent changes within the environment have not
introduced new defects or broken existing functionality.
Which security technique should be used to detect a weak password that may match
common dictionary words?
A - Password Spraying
B - Password Auditing
C - Password Guessing
D - Password History - ANSWERSB - Password Auditing
Password auditing allows for existing passwords to be compared against known weak
passwords to help determine the security of a credential.
What should an organization implement if it wants users of their site to provide a
password, memorable word, and pin?
A - Multi-factor authentication (MFA)
B - Two-factor authentication (2FA)
C - Two-step verification
,D - Single-factor authentication - ANSWERSA - Multi-factor authentication
MFA enhances security by requiring multiple forms of authentication, therefore reducing
the risk of unauthorized access.
A network technician is asked by their manager to update security to block several
known bad actor IP addresses.
A - Signature rules
B - Firewall rules
C - Behavior rules
D - Data loss prevention (DLP) rules - ANSWERSB - Firewall rules
Firewall rules can be set up to deny traffic coming from known malicious IP addresses.
On a shopping website, there is a 500-millisecond delay when the authorized payment
button is selected for purchases. Attackers have been running a script to alter the final
payment that takes 200 milliseconds. Which vulnerability on the website is being
targeted by the attackers?
A - Buffer Overflow
B - Integer Overflow
C - Broken Authentication
D - Race Condition - ANSWERSD - Race Condition
A race condition occurs when multiple processes or actions are executed
simultaneously, and the outcome depends on the sequence or timing of events.
A company wants to provide laptops to its employees so they can work remotely. What
should be implemented to ensure only work applications can be installed on company
laptops?
A - Containerization
B - Token-based access
C - Patch repository
D - Whitelisting - ANSWERSD - Whitelisting
Whitelisting ensures that only approved applications can be installed and executed on
company laptops.
What should a business use to provide non-repudiation for emails between employees?
A - TLS/SSL
B - AES-256
C - S/MIME
D - IPSec - ANSWERSC - S/MIME (Secure/Multipurpose Internet Mail Extensions)
S/MIME provides non-repudiation for emails by using digital signatures.
,Which strategy is appropriate for a risk management team to determine if a business
has insufficient security controls?
A - Qualitative assessment
B - Gap assessment
C - Quantitative risk assessment
D - Impact assessment - ANSWERSB - Gap assessment
A gap assessment identifies the gaps between the current security control and the
desired or required levels of security.
An organization has leased office space that is suitable for its computer equipment so
personnel and systems can be relocated if the main office location is unavailable. It
currently has some equipment. Which type of site is the organization using?
A - Cold site
B - Warm site
C - Hot site
D - Mobile site - ANSWERSB - Warm site
A warm site is a disaster recovery site that provides a partially equipped facility that can
be used to restore critical operations faster than having no equipment at all.
A risk assessment consultant is discussing segmentation options with a client. What are
a few standard options the consultant could offer? Select the best 2 answers.
A - VLANs
B - Transmission Control
C - Physical
D - Access control lists - ANSWERSA & C; VLANs & Physical
A network device can perform segmentation logically, for example, implementing virtual
local area networks (VLANs). A system can bypass VLANs if an attacker gains access
to a trunk port where all VLANs can talk.
Physical segmentation is another type of segmentation more commonly found in
industrial control systems (ICS) and supervisory control and data acquisition (SCADA)
networks. This is where, traditionally, there is an IT and OT (operational technology)
network.
Transmission control is not a type of segmentation. Transmission control defines how a
system protects communication channels from infiltration, exploitation, and interception.
Access control lists (ACLs) are used to define permissions on a network, file, or object.
While they can restrict access to resources, they do not segment a network in the same
way as VLANs or physical segmentation.
, A disaster recovery manager wants to perform a qualitative analysis on intangible
assets but is unsure how to perform the calculations. Which departments should the
manager bring on to help determine metrics? Select 3 answers.
A - Marketing
B - Sales
C - Human Resources
D - Communications - ANSWERSA, B & D; Marketing, Sales, and Communications
Marketing is one of the departments that should help the manager with the metrics.
Qualitative risk assessment is well-suited to the analysis of intangible assets, for
example, an organization's reputation or brand image.
Sales is another department brought on to assist the manager with metrics. These
groups are best-suited to provide input based on their unique insights.
Communications is another department that can help the manager assess the value of
many intangible business assets and the impacts that various risk events can have on
them.
The Human Resource department does not necessarily need to participate in an
intangible metric discussion.
A security analyst is performing a security assessment and is recommending ways to
manage risk relating to personnel. Which of the following should the analyst
recommend? Select 3 answers.
A - Mandatory vacation
B - Least privilege
C - Email protection
D - Auditing requirements - ANSWERSA, B & D; Mandatory Vacation, Least Privilege,
and Auditing Requirements
Mandatory vacation is one way of helping to manage personnel risk. An administrator
forces employees to take their vacation time, during which someone else fulfills their
duties.
The principle of least privilege is a practice in which an administrator only gives users
account privileges they need to perform their duties. This practice serves in various
capacities, such as helping against both insider threats and compromised accounts.
Auditing requirements describe the capability for auditing account creation, modification,
deletion, and account activity for all accounts. Auditing is a way to help manage
personnel risk.
Email protection is a technical control, although it does help to safeguard against
attacks against personnel.
Engineering Questions with Correct
Answers
Which type of security should a business use on its layer 2 switch to isolate the finance
network from other departmental networks?
A - Virtual Private Network (VPN)
B - Internet Protocol Security (IPSec)
C - Virtual Local Area Network (VLAN)
D - Remotely Triggered Black Hole (RTBH) - ANSWERSC - Virtual Local Area Network
(VLAN)
VLANs allow companies to logically segment network traffic, ensuring devices on
different VLANs cannot communicate unless otherwise specified in a layer 3 device like
a router.
Which type of software testing should be used when there has been a change within the
existing environment?
A - Regression Testing
B - Penetration Testing
C - Requirements Testing
D - Release Testing - ANSWERSA - Regression Testing
Regression testing ensures that recent changes within the environment have not
introduced new defects or broken existing functionality.
Which security technique should be used to detect a weak password that may match
common dictionary words?
A - Password Spraying
B - Password Auditing
C - Password Guessing
D - Password History - ANSWERSB - Password Auditing
Password auditing allows for existing passwords to be compared against known weak
passwords to help determine the security of a credential.
What should an organization implement if it wants users of their site to provide a
password, memorable word, and pin?
A - Multi-factor authentication (MFA)
B - Two-factor authentication (2FA)
C - Two-step verification
,D - Single-factor authentication - ANSWERSA - Multi-factor authentication
MFA enhances security by requiring multiple forms of authentication, therefore reducing
the risk of unauthorized access.
A network technician is asked by their manager to update security to block several
known bad actor IP addresses.
A - Signature rules
B - Firewall rules
C - Behavior rules
D - Data loss prevention (DLP) rules - ANSWERSB - Firewall rules
Firewall rules can be set up to deny traffic coming from known malicious IP addresses.
On a shopping website, there is a 500-millisecond delay when the authorized payment
button is selected for purchases. Attackers have been running a script to alter the final
payment that takes 200 milliseconds. Which vulnerability on the website is being
targeted by the attackers?
A - Buffer Overflow
B - Integer Overflow
C - Broken Authentication
D - Race Condition - ANSWERSD - Race Condition
A race condition occurs when multiple processes or actions are executed
simultaneously, and the outcome depends on the sequence or timing of events.
A company wants to provide laptops to its employees so they can work remotely. What
should be implemented to ensure only work applications can be installed on company
laptops?
A - Containerization
B - Token-based access
C - Patch repository
D - Whitelisting - ANSWERSD - Whitelisting
Whitelisting ensures that only approved applications can be installed and executed on
company laptops.
What should a business use to provide non-repudiation for emails between employees?
A - TLS/SSL
B - AES-256
C - S/MIME
D - IPSec - ANSWERSC - S/MIME (Secure/Multipurpose Internet Mail Extensions)
S/MIME provides non-repudiation for emails by using digital signatures.
,Which strategy is appropriate for a risk management team to determine if a business
has insufficient security controls?
A - Qualitative assessment
B - Gap assessment
C - Quantitative risk assessment
D - Impact assessment - ANSWERSB - Gap assessment
A gap assessment identifies the gaps between the current security control and the
desired or required levels of security.
An organization has leased office space that is suitable for its computer equipment so
personnel and systems can be relocated if the main office location is unavailable. It
currently has some equipment. Which type of site is the organization using?
A - Cold site
B - Warm site
C - Hot site
D - Mobile site - ANSWERSB - Warm site
A warm site is a disaster recovery site that provides a partially equipped facility that can
be used to restore critical operations faster than having no equipment at all.
A risk assessment consultant is discussing segmentation options with a client. What are
a few standard options the consultant could offer? Select the best 2 answers.
A - VLANs
B - Transmission Control
C - Physical
D - Access control lists - ANSWERSA & C; VLANs & Physical
A network device can perform segmentation logically, for example, implementing virtual
local area networks (VLANs). A system can bypass VLANs if an attacker gains access
to a trunk port where all VLANs can talk.
Physical segmentation is another type of segmentation more commonly found in
industrial control systems (ICS) and supervisory control and data acquisition (SCADA)
networks. This is where, traditionally, there is an IT and OT (operational technology)
network.
Transmission control is not a type of segmentation. Transmission control defines how a
system protects communication channels from infiltration, exploitation, and interception.
Access control lists (ACLs) are used to define permissions on a network, file, or object.
While they can restrict access to resources, they do not segment a network in the same
way as VLANs or physical segmentation.
, A disaster recovery manager wants to perform a qualitative analysis on intangible
assets but is unsure how to perform the calculations. Which departments should the
manager bring on to help determine metrics? Select 3 answers.
A - Marketing
B - Sales
C - Human Resources
D - Communications - ANSWERSA, B & D; Marketing, Sales, and Communications
Marketing is one of the departments that should help the manager with the metrics.
Qualitative risk assessment is well-suited to the analysis of intangible assets, for
example, an organization's reputation or brand image.
Sales is another department brought on to assist the manager with metrics. These
groups are best-suited to provide input based on their unique insights.
Communications is another department that can help the manager assess the value of
many intangible business assets and the impacts that various risk events can have on
them.
The Human Resource department does not necessarily need to participate in an
intangible metric discussion.
A security analyst is performing a security assessment and is recommending ways to
manage risk relating to personnel. Which of the following should the analyst
recommend? Select 3 answers.
A - Mandatory vacation
B - Least privilege
C - Email protection
D - Auditing requirements - ANSWERSA, B & D; Mandatory Vacation, Least Privilege,
and Auditing Requirements
Mandatory vacation is one way of helping to manage personnel risk. An administrator
forces employees to take their vacation time, during which someone else fulfills their
duties.
The principle of least privilege is a practice in which an administrator only gives users
account privileges they need to perform their duties. This practice serves in various
capacities, such as helping against both insider threats and compromised accounts.
Auditing requirements describe the capability for auditing account creation, modification,
deletion, and account activity for all accounts. Auditing is a way to help manage
personnel risk.
Email protection is a technical control, although it does help to safeguard against
attacks against personnel.
