1. The correct answer is option C. A honeypot is a decoy system or network with lower security to entice an attacker so that the attack methods can be monitored and then mitigated. Option A is incorrect because, while the MITRE ATT&CK framework has a database of adversaries, tactics, and techniques, it might not have the most recent attack information. Option B is incorrect as a honeyfile is set up as bait so that the SOC team is alerted as soon as the attacker opens the file. Option D is incorrect as a CVE list is a list of common vulnerabilities.
2. The correct answer is option D. RADIUS is a centralized authentication, authorization, and accounting server, providing a way to track and control access to a network. RADIUS clients could be VPN-, WAP-, or 802.1X-managed switches. When users have been authenticated, they are added to a SQL database that logs when they enter and exit a network. This allows users to be tracked....

1. The correct answer is option C. The approval process is a critical aspect of change management that ensures proposed changes are scrutinized before implementation. This step involves assessing the impact of changes on security operations, resource allocation, and potential risks. Option A is incorrect because ownership is important for accountability, as it designates an individual responsible for overseeing and executing changes. It doesn’t evaluate the potential impact on security operations. Option B is incorrect as test results ensure that security changes work as intended and will not introduce new problems, however, they do not measure how they affect new implementations. Option D is incorrect because a backout plan is a rollback option if the changes go wrong.
2. The correct answer is option B. An application allow list, formerly known as a whitelist, is a list of only those...

1. The correct answer is option D. Organized crime groups are motivated by financial gains and engage in cyber activities such as ransomware attacks, which involve stealing and leaking confidential trade secrets for monetary benefits. Option A is incorrect because nation-states have larger geopolitical objectives. Option B is incorrect because unskilled attackers lack the sophistication to carry out such targeted attacks. Option C is incorrect because hacktivists focus on ideological motives rather than corporate espionage.
2. The correct answer is option A. The scenario describes a situation where a cyber attacker extorts the victim by threatening to expose sensitive information unless a ransom is paid, which falls under the category of blackmail. Option B is incorrect because while there is a monetary aspect involved, the primary motivation is threat and extortion. Option C is incorrect because ransomware involves...

1. The correct answer is option B. A phishing attack is where attackers impersonate a trusted entity (the IRS) to deceive recipients into divulging sensitive information. Option A is incorrect because a spear phishing attack is an email attack that targets a group of users. Option C is incorrect as it refers to an SMS phishing attack. Option D is incorrect as it describes an attack carried out over a phone call or by leaving a voicemail.
2. The correct answer is option A. Steganography is the process of hiding secret information within seemingly ordinary files such as images or audio. It aims to prevent the detection of data by embedding it within the file itself. Option B is incorrect because malware injection involves inserting malicious code into software or systems, not hiding information within files. An example of malware injection could be the use of the following code: SELECT * FROM users WHERE username = ‘...

1. The correct answer is option C. The certificate must be added to the Certificate Revocation List (CRL). This invalidates the certificate and prevents its use. As this is for a payroll application, it must be done immediately. Option A is incorrect as you cannot revoke a certificate for one application; the certificate can only be revoked from all further use. Option B is incorrect as it is not a main priority. The priority is to deal with the incident and then take a statement. Option D is incorrect as it is not a main priority. The main problem is to deal with the incident and then report it to the user’s line manager later.
2. The correct answers are option B and option C. The attack described is known as a Virtual Machine (VM) sprawl. It could lead to leaving the company wide open to other attacks. Creating a policy on resource allocation followed by using an automated process will prevent VM sprawl. The policy will...

1. The correct answer is option A. A logic bomb is malicious code that is set to trigger an event (e.g., file deletion) at a specific time (e.g., Monday morning at 9 am). Option B is incorrect because a buffer overflow involves manipulating program memory, not scheduled file deletions. Option C is incorrect because a Trojan normally infiltrates systems with a download but doesn’t exhibit scheduled, recurring actions. Option D is incorrect because a rootkit conceals malicious activities but doesn’t trigger scheduled file deletions.
2. The correct answer is option C. Trojans are malicious programs that often disguise themselves as legitimate software and perform harmful actions when executed. They can provide unauthorized access to systems, steal data, or perform other malicious activities, as described in the scenario. Option A is incorrect because DDoS attacks involve overwhelming a system with traffic...

1. The correct answer is option A. Two separate VLANs can be created, one for HR and another for the IT department within the same physical network switch. This will allow both departments to communicate internally while remaining separate from the rest of the company’s network. Option B is incorrect because physical segmentation involves physically separating network devices, which may not be necessary in this scenario. The solution is using logical separation. Option C is incorrect because access control lists (ACLs) are used to control access to resources based on criteria such as IP addresses, but they cannot create isolation between departments. Option D is incorrect because a network address translation (NAT) is used for translating private IP addresses to public IP addresses and hiding the internal network from external attackers.
2. The correct answer is option C. Creating an application...

1. The correct answer is option C. The approval process is a critical aspect of change management that ensures proposed changes are scrutinized before implementation. This step involves assessing the impact of changes on customer support operations, resource allocation, and potential risks. Option A is incorrect because although ownership is important for accountability, as it designates an individual responsible for overseeing and executing changes, it does not evaluate potential security impacts. Option B is incorrect because although test results are crucial to ensuring that changes work as intended, they don’t introduce any unforeseen complications or security flaws. Option D is incorrect because a maintenance window refers to the period when changes to a system are implemented while causing minimal disruption.
2. The correct answer is option C. An allow list (formerly known as a whitelist...

1. The correct answer is option B. Stateful firewalls excel in analyzing traffic patterns and identifying unusual behavior, thereby providing enhanced security. Option A is incorrect because stateful firewalls offer more advanced capabilities beyond simple IP and port filtering. This answer describes a basic packet-filtering firewall. Option C is incorrect because caching is a function typically associated with proxy servers, not stateful firewalls. Option D is incorrect because a stateful firewall does not create a secure session between two network segments.
2. The correct answer is option A. Implementing a site-to-site VPN would secure communication between office locations, ensuring data confidentiality and integrity while accommodating the organization’s global reach and remote workforce. Option B is incorrect because while 802.1X authentication is essential for network access...

1. The correct answer is option A. Regulated data refers to information governed by specific laws and regulations, such as data protection and privacy laws. Personally identifiable data (PII) is regulated. Option B is incorrect because trade secrets relate to proprietary business information and not personal data. Option C is incorrect, as intellectual property includes patents, copyrights, and trademarks, not personal data. Option D is incorrect, as the data would be corporate confidential and not personal data.
2. The correct answer is option A. Geographic restrictions are used to limit data access based on the physical location of users. Salespeople visit different countries and stay in different hotels while on sales trips. This helps them comply with data privacy regulations by ensuring that only authorized users in specific geographic regions can access sensitive customer data. Option B is incorrect,...

1. The correct answer is option C. Load balancing is crucial in this scenario because it evenly distributes network traffic, preventing overloads, ensuring optimal performance and reliability, and maintaining server availability. Option A is incorrect because load balancing is not used for user authorization but, rather, for resource allocation. Option B is incorrect because while load balancing can provide redundancy, that will not directly optimize loading speeds in this scenario. Option D is incorrect because load balancing monitors traffic for performance optimization, not threat identification.
2. The correct answer is option D. Tabletop exercises are paper-based exercises in which the key stakeholders can evaluate each procedure with minimal setup and overhead. Option A is incorrect because failover is about system redundancy, not incident response. Option B is incorrect because parallel...

1. The correct answer is option A. Code signing serves the dual purpose of validating the software’s source and integrity, thereby assuring users of the trustworthiness of that software. This process further enhances the overall security posture of software systems by preventing tampering and ensuring authenticity. Option B is incorrect, as code signing does not directly impact code performance or execution speed. Its primary role is in security and trust, not optimization. Option C is incorrect, as while code signing may be part of the software installation process, its primary purpose is security-related. Option D is incorrect, as code signing does not ensure compatibility with legacy systems or reduce system resource overhead. Its focus is on security and trustworthiness.
2. The correct answer is option B. CIS benchmarks aim to establish industry-standard security configurations and best...

1. The correct answer is option A. Common vulnerability scoring system (CVSS) is a standardized framework used in cybersecurity to assess and prioritize vulnerabilities based on their impact and severity, Incorrect Answers: Option B is incorrect because CMS is a platform for creating and managing digital content on websites. Option C is incorrect. common vulnerabilities and exposure (CVE)is a list of vulnerabilities that incorporated by vulnerability scanners. Option D is incorrect because search engine optimization (SEO) is a set of techniques used to improve a website’s visibility on search engines.
2. The correct answer is option A. Bug bounties can be an effective way of testing security in an almost real-world scenario because third parties are incentivized to find issues that internal staff might overlook. Option B is incorrect as the focus is on cybersecurity, not product promotion or free...

1. Explanation: The correct answer is option D. A false negative happens when the antivirus software incorrectly identifies a file as clean when it actually contains malware. In this scenario, the antivirus software reported the file as malware-free, but it was later discovered to contain a previously unknown malware variant. This is a false negative. Option A is incorrect because a true positive indicates the correctly identified presence of malware. Option B is incorrect because a false positive occurs when the system incorrectly identifies a non-malicious file as malware. Option C is incorrect because a true negative occurs when the system correctly identifies non-malicious files as non-malicious.
2. Explanation: The correct answer is option C. Running a vulnerability scan helps security professionals identify potential vulnerabilities in the new system before it’s operational, allowing for timely...

1. The correct answers are option A, option B, and option G. Telnet is insecure, and its secure replacement is SSH (Secure Shell). These are used for remote administration. HTTP is used for insecure web browsing and can be replaced by HTTPS. FTP is insecure and can be replaced with SFTP. Option C is incorrect because POP3S is a secure email client, and HTTP for web browsing is insecure. Option D is incorrect because SMTP is used for transfer of mail between mail servers and should be replaced by SMTPS. POP3S is a mail client and is used to pull mail securely from the mail server. Option E is incorrect because HTTP should be replaced with HTTPS, not IMAPS, which is a secure mail client. Option F is incorrect because FTPS is a secure file transfer protocol, not insecure and SMTPS is for secure mail between mail servers.
2. The correct answer is option C. Domain-based Message Authentication Reporting and...

1. The correct answer is option A. Hard authentication tokens are physical devices, such as hardware tokens or smart cards, which generate authentication codes or keys for secure authentication. They are highly resistant to online attacks. Option B is incorrect; a soft authentication token uses passwords or PINs and does not rely on physical devices. Option C is incorrect; biometric tokens use physiological characteristics (e.g., fingerprints or facial recognition) for authentication, not physical devices. Option D is incorrect; hybrid tokens combine multiple authentication methods but do not inherently rely on physical devices.
2. The correct answer is option B. SSH keys provide a secure and passwordless method for accessing remote Linux servers. Apache is a Linux web server. Option A is incorrect; HTTPS with SSL/TLS provides secure communication between the client and the web server; they do not...

1. The correct answer is option A. User provisioning is a use case of automation and scripting related to secure operations. It involves automating the process of creating, configuring, and managing user accounts, enhancing security and efficiency. Option B is incorrect; automation and scripting can help with cost management in various ways, but it is not directly related to secure operations. Secure operations typically pertain to ensuring the security and integrity of data, systems, and access controls within an organization. Option C is incorrect; automation and scripting can be used in marketing automation for various tasks, but it is not related to secure operations. Secure operations focus on safeguarding an organization’s digital assets and minimizing security risks. Option D is incorrect; office space allocation is unrelated to secure operations or automation in this context...

1. The correct answer is option A. In the analysis phase, you should isolate the affected system to prevent further damage while conducting root cause analysis to understand the extent of the incident. Option B is incorrect because disconnecting the server from the network is containment and would be the right things to do, but when coupled with restoring from backups. It is incorrect as backup is part of the restore phase , it is not part of the analysis phase but recover phase. Option C is incorrect as reporting to legal authorities, if required, is done later in the incident response process. Option D is incorrect because a tabletop exercise is a paper-based preparation activity and not an immediate response to an incident.
2. The correct answer is option A. The primary objective during the Containment phase is to remove the infected critical system from the network. Option B is incorrect because eliminating malware...

1. The correct answer is option C. Firewall logs are designed to record events related to the firewall’s operation, including blocked and allowed traffic, intrusion attempts, and other security-related activities. They are crucial for monitoring and maintaining the security of a network and often provide valuable insights into system-level security events. Option A is incorrect as application logs are primarily used to record events related to a specific application or software running on a system. These logs are useful for troubleshooting application-specific issues but are not primarily concerned with system-level events and security. Option B is incorrect as network logs track data flow but do not specifically record system-level security events on an operating system. Option D is incorrect as NIDS (Network Intrusion Detection System) logs primarily capture suspicious network activity to detect intrusion...

1. The correct answer is option D. Government entities are most concerned with enforcing and ensuring compliance with industry regulations and standards, especially in areas such as healthcare. Option A is incorrect because boards provide internal oversight and may not be primarily focused on external regulatory compliance. Option B is incorrect because centralized refers to a type of governance structure, which is still internal and not as salient as government entities. Option C is incorrect because committees might make decisions but are not in charge of ensuring compliance with external regulations. It is an internal task force.
2. The correct answer is option D. PCI-DSS (Payment Card Industry Data Security Standard) is specifically designed to ensure the security of payment card data and is relevant for organizations handling credit card transactions. Option A is incorrect because ISO 27001 focuses on information...

1. The correct answer is option B. Risk Identification is the phase at which potential risks are determined and listed. Option A is incorrect because risk assessment involves evaluating risks that have already been determined. Option C is incorrect because risk mitigation involves implementing strategies to manage and minimize the impact of risks that have already been determined. Option D is incorrect because risk monitoring involves the ongoing process of tracking and monitoring the risks that have already been determined.
2. The correct answer is option C. Continuous risk assessment involves real-time, ongoing assessment of risks. Because it is constantly working, it is the type of assessment most like to give instantaneous detection. Option A is incorrect because ad hoc assessments are performed only as needed or in response to a specific incident. Option B is incorrect because scheduled risk assessments are performed...

1. The correct answer is option B. The organization may face the severe consequence of losing its license, which would hinder the organization’s ability to conduct business. Option A is incorrect though regulatory fines are significant, a loss of license would be more significant because it would cause the firm to stop operating. Option C is incorrect because reputational damage may occur, but it is not the most significant consequence the organization is likely to face. Option D is incorrect because data mismanagement is unrelated to the scenario and focuses on handling data assets, not compliance consequences
2. The correct answer is option C. A data processor is an entity or organization that processes personal data on behalf of (and according to the instructions of) the data controller. Option A is incorrect because this description is closer to that of a data controller, who determines the purposes and...

1. The correct answer is option D. Offensive penetration testing. Offensive penetration testing simulates real-world attacks and uses the tactics of malicious hackers to identify vulnerabilities. Option A is incorrect because defensive penetration testing focuses on assessing an organization’s readiness to defend against cyberattacks, and is not typically carried out through ethical hacking, Option B is incorrect because passive reconnaissance gathers initial data without direct interaction with the target and does not require ethical hackers. Option C is incorrect because active reconnaissance involves interacting with target systems to assess their configurations and vulnerabilities but does not require ethical hackers.
2. The correct answer is option B. Passive reconnaissance collects initial data without direct interaction with the target. Option A is incorrect because active reconnaissance entails direct...

1. The correct answer is option C. Complex passwords use a combination of at least three of the following four: uppercase, lowercase letters, numbers, and symbols. This practice enhances password security by making it more difficult for hackers to guess or crack passwords. Option A is incorrect because sharing passwords is a security risk and should be discouraged. Option B is incorrect because using the same password across multiple accounts is a security vulnerability that leads to credential stuffing. Option D is incorrect because advising employees to use passwords consisting of only uppercase letters and numbers is incorrect because such passwords may lack the complexity provided by symbols and a mix of uppercase and lowercase letters.
2. The correct answer is option C. MFA adds an extra layer of security by requiring employees to provide multiple forms of identification before gaining access to sensitive...

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
• Improve your learning with Skill Plans built especially for you
• Get a free eBook or video every month
• Fully searchable for easy access to vital information
• Copy and paste, print, and bookmark content

At www.packtpub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

1. The correct answer is option D. Offensive penetration testing. Offensive penetration testing simulates real-world attacks and uses the tactics of malicious hackers to identify vulnerabilities. Option A is incorrect because defensive penetration testing focuses on assessing an organization’s readiness to defend against cyberattacks, and is not typically carried out through ethical hacking, Option B is incorrect because passive reconnaissance gathers initial data without direct interaction with the target and does not require ethical hackers. Option C is incorrect because active reconnaissance involves interacting with target systems to assess their configurations and vulnerabilities but does not require ethical hackers.
2. The correct answer is option B. Passive reconnaissance collects initial data without direct interaction with the target. Option A is incorrect because active reconnaissance entails direct...

1. The correct answer is option C. Complex passwords use a combination of at least three of the following four: uppercase, lowercase letters, numbers, and symbols. This practice enhances password security by making it more difficult for hackers to guess or crack passwords. Option A is incorrect because sharing passwords is a security risk and should be discouraged. Option B is incorrect because using the same password across multiple accounts is a security vulnerability that leads to credential stuffing. Option D is incorrect because advising employees to use passwords consisting of only uppercase letters and numbers is incorrect because such passwords may lack the complexity provided by symbols and a mix of uppercase and lowercase letters.
2. The correct answer is option C. MFA adds an extra layer of security by requiring employees to provide multiple forms of identification before gaining access to sensitive...

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
• Improve your learning with Skill Plans built especially for you
• Get a free eBook or video every month
• Fully searchable for easy access to vital information
• Copy and paste, print, and bookmark content

At www.packtpub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
• Improve your learning with Skill Plans built especially for you
• Get a free eBook or video every month
• Fully searchable for easy access to vital information
• Copy and paste, print, and bookmark content

At www.packtpub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.