A chief information officer (CIO) recently read an article involving a similar company that was hit with ransomware due to ineffective patch-management practices. The CIO tasks a security profession... al with gathering metrics on the effectiveness of the company's patch-management program to avoid a similar incident. Which method enables the security professional to gather current, accurate metrics? a. Review authenticated vulnerability scan reports b. Review reports from Windows Update c. Review patch history on nonproduction systems d. Review patch tickets in the change control system,a A combined mail server and calendaring server environment contains no secure sockets layer (SSL) certificate. Which security principle of the CIA triad is affected by the lack of an SSL certificate? a. Confidentiality b. Integrity c. Authentication d. Availability,a A company develops a business continuity plan in addition to an emergency communication plan. What should be included in the company's emergency communication plan? Choose 2 answers. a. Alternate means of contact b. Backup people for each role c. The best time to call each person d. Employee's phone service providers,a, b A company does not have a disaster recovery plan (DRP) and suffers a multiday power outage. Which provisioning should the company perform to provide stable power for a long period of time? a. Purchase generators b. Purchase additional servers c. Create a RAID array d. Create a failover cluster,a A company has identified a massive security breach in its healthcare records department. Over 50% of customers' personally identifiable information (PII) has been stolen. The customers are aware of the breach, and the company is taking actions to protect customer assets through the personal security policy, which addresses PII data. Which preventive measure should the company pursue to protect against future attacks? a. Require cognitive passwords b. Employ password tokens c. Use network-based and host-based firewalls d. Install auditing tools,c A company has signed a contract with a third-party vendor to use the vendor's inventory management system hosted in a cloud. For convenience, the vendor set up the application to use Lightweight Directory Access Protocol (LDAP) queries but did not enable secure LDAP queries or implement a secure sockets layer (SSL) on the application's web server. The vendor does not have the ability to secure the system, and company management insists on using the application. Which defense-in-depth practices should the company implement to minimize the likelihood of an account compromise due to insecure setup by the vendor? a. Location-based access control and multifactor authentication b. Intrusion prevention system (IPS) and honeypot systems c. Antivirus and intrusion detection system (IDS) d. Password hashing and authentication encryption,a A company has user credentials compromised through a phishing attack. Which defense-in-depth practice will reduce the likelihood of misuse of the user's credentials? a. Configure firewall rules b. Deploy multifactor authentication c. Deploy RADIUS authentication d. Configure encryption protocols,b A company hires several contractors each year to augment its IT workforce. The contractors are granted access to the internal corporate network, but they are not provided laptops containing the corporate image. Instead, they are required to bring their own equipment. Which defense-in-depth practice should be required for contractor laptops to ensure that contractors do not connect infected laptops to the internal corporate network? a. Enable command-line audit logging on contractor laptops b. Configure devices to not autorun content c. Configure antimalware scanning of removable devices d. Ensure antimalware software and signatures are updated,d A company is concerned about loss of data on removable media when media are lost or stolen. Which standard should this company implement on all flash drives? a. Maximum password age b. Encryption c. Awareness training d. Layer 2 tunneling protocol,b A company is concerned about securing its corporate network, including its wireless network, to limit security risks. Which defense-in-depth practice represents an application of least privilege? a. Implement mutual multifactor authentication b. Configure Wi-Fi-Protected Access for encrypted communication c. Disable wireless access to users who do not need it d. Implement an intrusion detection system,c A company is concerned about unauthorized network traffic. Which procedure should the company implement to block FTP traffic? a. Install a packet filter b. Update the DNS c. Filter ports 20 and 21 at the firewall d. Decrease the network bandwidth,c A company is concerned about unauthorized programs being used on network devices. Which defense-in-depth strategy would help eliminate unauthorized software on network devices? a. Develop an acceptable use policy and update all network device firmware b. Use application controls tools and update AppLocker group policies c. Limit administrative access to devices and create DHCP scope options d. Upgrade to a 64-bit operating system and install an antimalware application,b A company is concerned about unneeded network protocols being available on the network. Which two defense-in-depth practices should the company implement to detect whether FTP is being used? Choose 2 answers. a. Install BIOS firmware updates b. Perform automated packet scanning c. Implement application firewalls d. Physically segment the network,b, c A company is concerned that disgruntled employees are sending sensitive data to its competitors. Which defense-in-depth practices assist a company in identifying an insider threat? a. Data loss prevention (DLP) and audit logs b. Antivirus and intrusions detection systems (IDS) c. Data loss prevention (DLP) and instusion detection systems (IDS) d. Antivirus and audit logs,a A company is hit with a number of ransomware attacks. These attacks are causing a significant amount of downtime and data loss since users with access to sensitive company documents are being targeted. These attacks have prompted management to invest in new technical controls to prevent ransomware. Which defense-in-depth practices should this company implement? a. Password resets and a log review b. Mandatory vacation and job rotation c. Spam filtering and anti-malware d. Encryption and an internal firewall,c A company is implementing a defense-in-depth approach that includes capturing audit logs. The audit logs need to be written in a manner that provides integrity. Which defense-in-depth strategy should be applied? a. Write the data to a write-once, read-many (WORM) drive b. Write the data to an encrypted hard drive c. Write the data to an encrypted flash drive d. Write the data to an SD card and store the SD card in a safe,a A company is moving its database backups from an off-site location to an alternate processing site warehouse using bulk transfers. Which type of database recovery is this company employing? a. Electronic vaulting b. Remote jounailing c. Remote mirroring d. Mutual assistance,a A company is terminating several employees with high levels of access. The company wants to protect itself from possible disgruntled employees who could become potential insider threats. Which defense-in-depth practices should be applied? a. Account revocation and conducting a vulnerability assessment b. Account revocation and conducting a full backup of critical data c. A mandatory 90-day password change and conducting a full backup of critical data d. A mandatory 90-day password change and conducting a vulnerability assessment,a A company needs to improve its ability to detect and investigate rogue WAPs. Which defense-in-depth practice should be used? a. Configure a captive portal to request information b. Configure MAC address filtering to control access c. Install a wireless IDS to monitor irregular behavior d. Install a stateful firewall to block network connections,c A company notices that someone keeps trying to access its system using different passwords and usernames. What can help mitigate the success of this attack? a. Require a CAPTCHA b. Block the IP address of the user c. Use the user sessions after authentication d. Use cookie authentication,a A company performs a data audit on its critical information every six months. Company policy states that the audit cannot be conducted by the same employee within a two-year time frame. Which principle is this company following? a. Job rotation b. Two person control c. Least privilege d. Need to know,a A company presents team members with a disaster recovery scenario, asks members to develop an appropriate response, and then tests some of the technical responses without shutting down operations at the primary site. Which type of disaster recovery test is being performed? a. Read-through b. Structured walk-through c. Simulation d. Full-interruption,c A company relies exclusively on a system for critical functions. An audit is performed, and the report notes that there is no log review performed on the system. Management has been tasked with selecting the appropriate person to perform the log reviews in order to correct the deficiency. Which role is responsible for reviewing and auditing logs in order to detect any malicious behavior? a. Security Administrator b. System user c. Database administrator d. Senior management,a A company wants to monitor the inbound and outbound flow of packets and not the content. Which defense-in-depth strategy should be implemented? a. The organization should use egress filtering on the network. b. Traffic and trend analyses should be installed on the router. c. The administrator should configure network data loss prevention. d. RADIUS authentication should be used on the bastion host.,b A company wants to prevent cybercriminals from gaining easy access into its email server. The company wants to know which user is accessing which resources and to prevent hackers from easily gaining access to the server. Which defense-in-depth strategy should be used? a. Authenticate users and devices and log events within the network b. Deploy VLANs for traffic separation and coarse-grained security c. Place encryption throughout the network to ensure privacy d. Use stateful firewall technology at the port level and log firewall activity,a A company wants to reduce the risk of an employee with internal knowledge committing an act of sabotage once that employee is no longer with the company. Which control should the company implement to mitigate this risk? a. Deploy an intrusion detection system b. Monitor email for blackmail attempts c. Perform annual employee credit checks d. Enable an access termination procedure,d A company's business operations are disrupted due to a flash flood. Which consequences to business continuity should be addressed in the disaster recovery plan? a. Evaluation of risk from possible flood damage b. Identify essential personnel and decision makers c. Provide flood-response training to the disaster recovery team d. Provision additional backup power sources,a A company's database administrator requires access to a database server to perform maintenance. The director of information technology will provide the database administrator access to the database server but will not provide the database administrator access to all the data within the server's database. Which defense-in-depth practice enhances the company's need-to-know data access strategy? a. Using compartmented mode systems and least privilege b. Using compartmented mode systems and two-person control c. Using dedicated mode systems and least privilege d. Using dedicated mode systems and two-person control,a A company's main asset is a physical working prototype stored in the research and development department. The prototype is not currently connected to the company's network. Which privileged user activity should be monitored? a. Accessing camera logs b. Adding accounts to the administrator group c. Running scripts in PowerShell d. Disabling host firewall,a A company's main asset is its client list stored in the company database, which is accessible to only specific users. The client list contains Health Insurance Portability and Accountability Act (HIPAA) protected data. Which user activity should be monitored? [Show More]
Last updated: 1 year ago
Preview 1 out of 11 pages
Information Technology> QUESTIONS & ANSWERS > PCNSA Questions and Answers with Complete Solutions (All)
1. The Palo Alto Networks Cybersecurity Portfolio focuses on which three principle technologies? (Choose three.) A. securing operations response B. securing the enterprise C. securing third-party...
By keisha , Uploaded: Oct 29, 2022
Information Technology> QUESTIONS & ANSWERS > IT Security: Defense against the digital dark arts latest 2022 graded A+ (All)
IT Security: Defense against the digital dark arts latest 2022 graded A+ What are the dangers of a man-in-the-middle attack? Check all that apply. ✔✔An attacker can modify traffic in transit An at...
By Nutmegs , Uploaded: Oct 03, 2022
Information Technology> QUESTIONS & ANSWERS > CySA Exam Questions with Answers, 100% Accurate answers. Graded A (All)
CySA Exam Questions with Answers Which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations aga...
By bundleHub Solution guider , Uploaded: Sep 23, 2022
Information Technology> QUESTIONS & ANSWERS > Chapter 9—Database Management Systems ( ALL ANSWERS CORRECT ) (All)
Chapter 9—Database Management Systems TRUE/FALSE 1. The database approach to data management is sometimes called the flat file approach. ANS: F PTS: 1 2. The Database Management System provides a...
By Cheryshev , Uploaded: May 29, 2021
Information Technology> QUESTIONS & ANSWERS > C727 - Cybersecurity Management I – Strategic Questions and Answers Latest Updated 2022 (All)
C727 - Cybersecurity Management I – Strategic Questions and Answers Latest Updated 2022 COBIT 5 enablers (CH1) Correct Answer-COBIT 5 is an information security management system (ISMS) backed by...
By Nutmegs , Uploaded: Aug 08, 2022
Information Technology> QUESTIONS & ANSWERS > WGU C207 OA Questions and Answers Latest Updated 2022 Already Graded A (All)
Prescriptive ✔✔Analytics is a broad term that refers to a variety of tools that inform managerial decisions. Which term can be used to describe managerial decisions Relatively lower cost of compute...
By AMAZING GRACE , Uploaded: Sep 30, 2022
Information Technology> QUESTIONS & ANSWERS > WGU C175 OBJECTIVE ASSESSMENT PRACTICE TEST ANSWERS| IT CIS111 TEST BANK 1 (All)
C175 Practice Test Multiple Choice 1. The Entity-Relationship (E-R) model is _____. a. a diagramming technique that describes record structures (i.e. the fields that make up the records of a file)...
By Nutmegs , Uploaded: Sep 28, 2021
Information Technology> QUESTIONS & ANSWERS > DIT Exam Questions and answers, 100% Accurate, rated A (All)
DIT Exam Questions and answers, 100% Accurate, rated A+ You see dark purple nodules on the skin in an HIV patient. You think? - ✔✔-Kaposi Sarcoma HIV Patient: Large cells with owl's eye inclusions...
By Topmark , Uploaded: Mar 15, 2023
Information Technology> QUESTIONS & ANSWERS > WGU C207 Final Exam Questions and Answers Already Passed (All)
cord cutting ✔✔refers to the pattern of viewers cancelling their subscriptions to multichannel subscription television services available over cable, dropping pay television channels or reducing the...
By AMAZING GRACE , Uploaded: Sep 30, 2022
Information Technology> QUESTIONS & ANSWERS > CSA-ServiceNow Exam Questions 2022 ( with 100% verified correct answers) (All)
CSA-ServiceNow Exam Questions 2022 ( with 100% verified correct answers)NO.1 Which would NOT appear in the History section of the Application Navigator? A. Records B. UI Pages C. Lists D. Forms -...
By A-LEVEL GURU , Uploaded: Sep 10, 2022
Connected school, study & course
About the document
Aug 10, 2022
Number of pages
This document has been written for:
Aug 10, 2022
Avoid resits and achieve higher grades with the best study guides, textbook notes, and class notes written by your fellow students
Your fellow students know the appropriate material to use to deliver high quality content. With this great service and assistance from fellow students, you can become well prepared and avoid having to resits exams.
Your fellow student knows the best materials to research on and use. This guarantee you the best grades in your examination. Your fellow students use high quality materials, textbooks and notes to ensure high quality
Get paid by selling your notes and study materials to other students. Earn alot of cash and help other students in study by providing them with appropriate and high quality study materials.
Florida State University
Great way to get paid for all of the hard work!.
It is an excellent site to post assignment.
Florida State University
Awesome and a great way to make money!.
Thank you so much for this nice platform.
University Of South Florida
Great! It is a good place to share knowledge.
University of Windsor
G D Goenka University
It is helpful Platform for offering the notes
Louisiana State University
I love this site, they make everything so easy
Florida State University
Great tool for learning! I wish you success.
In Browsegrades, a student can earn by offering help to other student. Students can help other students with materials by upploading their notes and earn money.
Copyright © Browsegrades · High quality services·