Which of the following is the act of proving to a customer that software developers are trained on secure coding?
Attestation involves providing evidence that software developers are trained in secure coding practices, ensuring the customer of the software's security.
A security analyst developed a script to automate a repeatable task. What is the main benefit of ensuring that other team members understand how the script works?
If only one person knows how the script works, it creates a single point of failure for the team. Sharing knowledge ensures continuity of operations even if that individual is unavailable.
Which of the following data types best describes an AI tool developed by a company to automate the ticketing system under a specific contract?
An internally developed AI tool is proprietary intellectual property, as it includes custom algorithms and business logic owned by the company. It is not publicly available or subject to external licensing.
Which of the following phases of an incident response involves generating reports?
The lessons learned phase of incident response involves documenting the incident, analyzing the response, and generating reports to identify areas for improvement and prevent future incidents.
Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?
A Security Information and Event Management (SIEM) system aggregates and analyzes log data from various sources, providing a centralized view of security events and helping detect and respond to threats.
An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device to the vendor. Which of the following best describes this kind of penetration test?
A partially known environment penetration test involves providing the tester with limited information about the target. In this case, the organization has given basic information about the device, making it a partially known environment test.
A security architect wants to prevent employees from receiving malicious attachments by email. Which of the following functions should the chosen solution do?
Inline email scanning inspects attachments and links in real time as emails pass through the gateway. It can detect malware signatures, sandbox suspicious files, and block delivery before they reach inboxes. This proactive control is essential to stop malicious content at the point of entry.
Which of the following is the most important element when defining effective security governance?
Assigning clear roles and responsibilities ensures accountability in managing security practices and governance.
Which of the following activities are associated with vulnerability management? (Choose two.)
Vulnerability management involves reporting vulnerabilities and prioritizing them to ensure the most critical ones are addressed first.
A security manager wants to reduce the number of steps required to identify and contain basic threats. Which of the following will help achieve this goal?
SOAR platforms automate detection workflows and orchestrate response actions, streamlining repetitive tasks and accelerating containment. This reduces manual effort and shortens response times for basic incidents.
Which of the following steps is performed with the goal of improving the incident response process?
The 'Lessons Learned' phase of incident response focuses on reviewing and improving the incident handling process. It involves analyzing the incident, identifying areas for improvement, and updating procedures to enhance future responses.
Which of the following is a feature of a next-generation SIEM system?
Next-generation SIEM platforms provide automated response actions, such as isolating a host or blocking an IP address. This reduces response time and minimizes damage compared to traditional monitoring-only SIEMs.
The management team reports that employees are missing features on company-provided tablets, which is causing productivity issues. The management team directs the IT team to resolve the issue within 48 hours. Which of the following would be the best solution for the IT team to leverage in this scenario?
Mobile Device Management (MDM) allows IT to remotely push configuration updates and install missing applications on corporate tablets. It streamlines deployment and ensures uniform feature availability across devices.
A company wants to track modifications to the code that is used to build new virtual servers. Which of the following will the company most likely deploy?
A version control tool helps track changes to code and allows for rollback and collaboration in software development.
A company is concerned about theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?
Wiping is the most cost-effective method to erase all data from decommissioned laptops, preventing data theft.
Quiz Complete!
Domain 4: Security Operations