A company is developing a critical system for the government and storing project information on a file share. Which of the following describes how this data will most likely be classified? (Select two).
Government projects often involve sensitive information that requires protection. The data is likely to be classified as Restricted and Confidential, indicating its sensitivity and the need for access controls to prevent unauthorized disclosure.
Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?
Masking replaces some digits with symbols to hide sensitive data while showing part of the information, such as the last four digits of a credit card.
An administrator is installing an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?
The root certificate must be installed to complete the chain of trust. If it's missing, the system will not recognize the certificate as trusted.
Which of the following provides the STRONGEST protection for stored passwords?
Salted hashing provides the strongest protection for stored passwords by making rainbow table attacks ineffective and ensuring each hash is unique.
A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?
A Certificate Revocation List (CRL) is used by certificate authorities to publish expired or revoked certificates.
A company installed cameras and added signs to alert visitors that they are being recorded. Which of the following controls did the company implement? (Choose two.)
The company implemented deterrent controls by using cameras and signage to discourage undesirable behavior and detective controls by recording visitor activities.
A company wants to secure its wireless network from unauthorized devices. Which of the following methods would be most effective for identifying and managing wireless devices on the network?
MAC filtering allows a network administrator to specify which devices are allowed to connect to the network based on their unique MAC addresses, helping prevent unauthorized access.
Which of the following most securely protects data at rest?
AES-256 is a symmetric encryption standard renowned for its strength and performance in protecting stored data. It encrypts all information at the block level using a 256-bit key, making brute-force attacks computationally infeasible. Unlike masking or salting, which serve other purposes, AES-256 ensures confidentiality of data at rest in full.
A company must ensure sensitive data at rest is protected. Which of the following will the company most likely use?
Encryption converts data into a ciphertext, making it unreadable without the decryption key. This is a standard method for protecting data at rest, ensuring its confidentiality even if unauthorized access occurs.
Which of the following would an organization most likely use to minimize the loss of data on a file server in the event data needs to be restored due to loss of the primary server?
Journaling records every change to the file system in real time, creating a sequential log that can be replayed to rebuild lost or corrupted data. This continuous write-ahead logging ensures minimal data loss during recovery operations.
Which of the following is the best security reason for closing service ports that are not needed?
Closing unused service ports reduces the number of entry points that attackers can exploit. This practice minimizes the system's attack surface and strengthens overall security.
Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device's drive if the device is lost?
Full Disk Encryption encrypts all data stored on the device. Without the decryption key, an attacker cannot access any files even if they have the physical drive.
A company uses a cloud-based server for file storage and wants to ensure the security of its data in transit. Which of the following should the company use to secure this type of communication? (Select two)
TLS certificates enable strong encryption of network sessions, and HTTPS leverages TLS to secure HTTP traffic. Together they protect data as it moves between the client and the cloud server.
A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?
A Certificate Revocation List (CRL) is used to publish information about expired or revoked certificates.
A security administrator is implementing encryption on all hard drives in an organization. Which of the following security concepts is the administrator applying?
Encryption is a technique used to ensure the confidentiality of data by making it unreadable to unauthorized users.
Quiz Complete!
Domain 1: General Security Concepts