Employees in R&D receive extensive training to protect company data. Which type of data are they most likely handling daily?
R&D teams primarily handle intellectual property, which must be safeguarded due to its competitive value.
Which of the following is the main concern when a legacy system that is a critical part of a business cannot be upgraded?
A legacy system that cannot be upgraded poses a single point of failure, which could disrupt business operations if it fails.
Which of the following is an effective method for detecting unauthorized devices attempting to connect to a corporate network?
A Network Intrusion Detection System (NIDS) monitors network traffic and identifies unauthorized devices attempting to access the network, helping to detect potential security threats.
Which of the following steps is performed with the goal of improving the incident response process?
The 'Lessons Learned' phase of incident response focuses on reviewing and improving the incident handling process. It involves analyzing the incident, identifying areas for improvement, and updating procedures to enhance future responses.
A systems administrator wants to use a technical solution to explicitly define file permissions for the entire team. Which of the following should the administrator implement?
Access Control Lists (ACLs) allow fine-grained specification of which users or groups can access specific files and folders. They enforce permissions directly at the file system level for consistent security.
Which of the following activities is included in the post-incident review phase?
The post-incident review focuses on understanding what happened, determining the root cause, and identifying improvements to prevent recurrence. Recovery tasks like restoring configurations occur earlier, not in the review stage.
While reviewing incoming tickets, a security analyst notices that endpoint protection is out of date on several systems. Which of the following should the analyst confirm has been updated prior to marking the issue as resolved?
The engine version of the endpoint protection software should be updated to ensure the latest security protections.
Which of the following activities should be performed first to compile a list of vulnerabilities in an environment?
Automated scanning provides a fast, repeatable method to identify known vulnerabilities across many systems. It establishes a baseline inventory of issues before any deeper manual testing or threat-hunting exercises.
While reviewing a recent compromise, a forensics team discovers there are hard-coded credentials in the database connection strings. Which of the following assessment types should be performed during software development to prevent this from reoccurring?
Static code analysis scans source files for insecure coding practices, like hard-coded credentials, before the application is compiled or deployed. This helps catch credential leaks early in the development lifecycle.
Which of the following activities is the first stage in the incident response process?
Detection is the first step in incident response, where the security team identifies potential security events or incidents.
A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?
Active reconnaissance involves directly engaging with the target system, such as by scanning ports and services.
Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?
A Security Information and Event Management (SIEM) system aggregates and analyzes log data from various sources, providing a centralized view of security events and helping detect and respond to threats.
An IT manager is improving the security of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk?
DLP (Data Loss Prevention) solutions help mitigate the risk of data exfiltration by monitoring and controlling data transfer.
Which of the following provides the details about the terms of a test with a third-party penetration tester?
Rules of engagement (ROE) outline the scope, objectives, and limitations of a penetration test, including timelines, targets, and permitted activities. This document ensures both parties are aligned on the testing parameters and expectations.
A company is concerned about theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?
Wiping is the most cost-effective method to erase all data from decommissioned laptops, preventing data theft.
Quiz Complete!
Domain 4: Security Operations