A contractor has been hired to conduct penetration testing on a company's network. They have used the company's website to identify employees. They have found several of the employees' Facebook pages ... and have found a popular restaurant the employees like to go to after work for a drink. A member of the team goes to the restaurant and starts small talk with the employees. The member discovers that several key positions are vacant in the IT department and that there are shortfalls in terms of information security. What reconnaissance phase techniques has the contractor used? (Select all that apply.) A. Open Source Intelligence (OSINT) B. Scanning C. Social engineering D. Persistence - ANSWER A. Open Source Intelligence (OSINT) C. Social engineering Which security related phrase relates to the integrity of data? A. Accessibility is authorized B. Modification is authorized C. Knowledge is authorized D. Non-repudiation is authorized - ANSWER Modification is authorized An engineer looks to implement security measures by following the five functions in the National Institute of Standards and Technology (NIST) framework. When documenting the "detect" function, what does the engineer focus on? A. Evaluate risks and threats B. Install, operate, and decommission assets C. Ongoing proactive monitoring D. Restoration of systems and data - ANSWER C. Ongoing proactive monitoring How might the goals of a basic network management not be well-aligned with the goals of security? A. Management focuses on confidentiality and availability. B. Management focuses on confidentiality over availability. C. Management focuses on integrity and confidentiality. D. Management focuses on availability over confidentiality. - ANSWER D. Management focuses on availability over confidentiality. Any external responsibility for an organization's security lies mainly with which individuals? A. The owner B. Tech staff C. Management D. Public relations - ANSWER A. The owner What distinguishes DevSecOps from a traditional SOC? A. Software code is the responsibility of a programming or development team. B. Identification as a single point-of-contact for the notification of security incidents. C. A cultural shift within an organization to encourage much more collaboration. D. Security is a primary consideration at every stage of software development. - ANSWER D. Security is a primary consideration at every stage of software development. A company has an annual contract with an outside firm to perform a security audit on their network. The purpose of the annual audit is to determine if the company is in compliance with their internal directives and policies for security control. Select the broad class of security control that accurately demonstrates the purpose of the audit. A. Managerial B. Technical C. Physical D. Compensating - ANSWER A. Managerial The _____ requires federal agencies to develop security policies for computer systems that process confidential information. A. Sarbanes-Oxley Act (SOX) B. Computer Security Act C. Federal information Security Management Act (FISMA) D. Gramm-Leach-Bliley Act (GLBA) - ANSWER B. Computer Security Act After a poorly handled security breach, a company updates its security policy to include an improved incident response plan. Which of the following security controls does this update address? A. Compensating B. Deterrent C. Corrective D. Detective - ANSWER C. Corrective The IT department head returns from an industry conference feeling inspired by a presentation on the topic of defense in depth. A meeting is scheduled with IT staff to brainstorm ideas for implementing defense in depth throughout the organization. Which of the following ideas are consistent with this industry best practice? (Select all that apply.) A. Provide user training on identifying cyber threats. B. Adopt a vendor-specific stance. C. Align administrative and technical controls with control functions. D. Move endpoint security to the firewall. - ANSWER A. Provide user training on identifying cyber threats. C. Align administrative and technical controls with control functions. Which of the following focuses exclusively on IT security, rather than IT service delivery? A. National Institute of Standards and Technology (NIST) B. International Organization for Standardization (ISO) C. Control Objectives for Information and Related Technologies (COBIT) D. Sherwood Applied Business Security Architecture (SABSA) - ANSWER A. National Institute of Standards and Technology (NIST) A company has one technician that is solely responsible for applying and testing software and firmware patches. The technician goes on a two-week vacation, and no one is tasked to perform the patching duties during this time. A critical patch is released and not installed due to the absence. According to the National Institute of Standards and Technology (NIST), what has the delay in applying the patch caused? A. Control B. Risk C. Threat D. Vulnerability - ANSWER D. Vulnerability Any part of the World Wide Web that is accessed through non-standard methods and is intentionally not indexed and hidden from a search engine is called a _____. A. Dark net B. Cyber threat actor C. Deep web D. Dark web - ANSWER C. Deep web Which of the following could represent an insider threat? (Select all the apply.) A. Former employee B. Contractor C. Customer D. White box hacker - ANSWER A. Former employee B. Contractor One aspect of threat modeling is to identify potential threat actors and the risks associated with each one. When assessing the risk that any one type of threat actor poses to an organization, what are the critical factors to profile? (Select all that apply.) A. Education B. Socioeconomic status C. Intent D. Motivation - ANSWER C. Intent D. Motivation A user with authorized access to systems in a software development firm installs a seemingly harmless, yet unauthorized program on a workstation without the IT department's sanction. Identify the type of threat that is a result of this user's action. A. Unintentional insider threat B. Malicious insider threat C. Intentional attack vector D. Shadow IT - ANSWER A. Unintentional insider threat What is Open Source Intelligence (OSINT)? A. Obtaining information, physical access to premises, or even access to a user account through the art of persuasion B. The means the organization will take to protect the confidentiality, availability, and integrity of sensitive data and resources C. Using web search tools and social media to obtain information about the target D. Using software tools to obtain information about a host or network topology - ANSWER C. Using web search tools and social media to obtain information about the target By searching through a company's postings on a job board, a hacker is able to determine from the job requirement descriptions that it uses Windows Server 2008 R2, Windows 7, PostgreSQL 9, and XenApp 6. What stage of the kill chain does this represent? A. Reconnaissance B. Data exfiltration C. Active scanning D. Scoping - ANSWER A. Reconnaissance An IT manager in the aviation sector checks the industry's threat intelligence feed to keep up on the latest threats and ensure the work center implements the best practices [Show More]
Last updated: 1 year ago
Preview 1 out of 44 pages
Education> EXAM > Driver' License Written Test Practice Questions and answers – California verified graded A+ (All)
Driver' License Written Test Practice Questions and answers – California verified graded A+
By MARKALLAN , Uploaded: Jun 24, 2022
Education> EXAM > Florida DMV Learner's Permit Test Latest Update (All)
Florida DMV Learner's Permit Test Latest Update
By Axeldee , Uploaded: Feb 26, 2023
Education> EXAM > CREST CPSA Exam Questions and Answers (All)
Name all OSI layers - THE CORRECT ANSWER IS Application, Presentation, Session, Transport, Network, Data Link, Physical. Name all TCP/IP layers - THE CORRECT ANSWER IS Application, Transport, inter...
By MARKALLAN , Uploaded: Sep 19, 2022
Education> EXAM > Learn2Serve TABC Final Assessment 100% Correct (All)
Learn2Serve TABC Final Assessment 100% Correct
By Axeldee , Uploaded: Feb 26, 2023
Education> EXAM > NCCAP Sample Final Exam Questions And Answers Latest Update (All)
NCCAP Sample Final Exam Questions And Answers Latest Update
By Advanced Level Expert , Uploaded: Mar 17, 2023
Education> EXAM > ACAMS Certification Exam Questions And Answers (All)
ACAMS Certification Exam Questions And Answers
By Axeldee , Uploaded: Jan 22, 2023
Education> EXAM > NLN Practice Test Science Pax Exam All 227 Questions with Answers 2023,100% CORRECT (All)
NLN Practice Test Science Pax Exam All 227 Questions with Answers 2023 An organism with chloroplast in its cell is probably a - CORRECT ANSWER autotroph autotrophs - CORRECT ANSWER are organ...
By Nolan19 , Uploaded: Aug 07, 2023
Education> EXAM > Understanding medical surgical nursing, chapter 6 (All)
Understanding medical surgical nursing, chapter 6
By topmaster , Uploaded: Dec 01, 2022
Education> EXAM > Michigan Basic Driver Improvement Course Test Bank Answers 2023 (All)
Michigan Basic Driver Improvement Course Test Bank Answers 2023
By Tutor Charles , Uploaded: Jul 31, 2023
Education> EXAM > HAZWOPER 40 Section 3 100% Correct (All)
HAZWOPER 40 Section 3 100% Correct
By Academicminds , Uploaded: Aug 07, 2023
Connected school, study & course
About the document
Jul 10, 2022
Number of pages
This document has been written for:
Jul 10, 2022
Avoid resits and achieve higher grades with the best study guides, textbook notes, and class notes written by your fellow students
Your fellow students know the appropriate material to use to deliver high quality content. With this great service and assistance from fellow students, you can become well prepared and avoid having to resits exams.
Your fellow student knows the best materials to research on and use. This guarantee you the best grades in your examination. Your fellow students use high quality materials, textbooks and notes to ensure high quality
Get paid by selling your notes and study materials to other students. Earn alot of cash and help other students in study by providing them with appropriate and high quality study materials.
Florida State University
Great way to get paid for all of the hard work!.
It is an excellent site to post assignment.
Florida State University
Awesome and a great way to make money!.
Thank you so much for this nice platform.
University Of South Florida
Great! It is a good place to share knowledge.
University of Windsor
G D Goenka University
It is helpful Platform for offering the notes
Louisiana State University
I love this site, they make everything so easy
Florida State University
Great tool for learning! I wish you success.
In Browsegrades, a student can earn by offering help to other student. Students can help other students with materials by upploading their notes and earn money.
Copyright © Browsegrades · High quality services·