1. Answer: d
Concept: When a computer or device is air gapped, it is not connected to the network.
2. Answer: b
Concept: A baseline is a list of installed applications, updates, and settings. If a baseline had been used, everyone would have the same settings.
3. Answer: b
Concept: A honeypot allows the security administrator to attract potential attackers and monitor the attack method being utilized.
4. Answer: c, e, and g
Concept: Screen savers should be implemented to ensure that when a phone is idle, it is logged out. Strong passwords, also known as complex passwords, should be used to secure access to the phone. FDE should also be used to encrypt the data at rest to protect it.
5. Answer: b
Concept: Infrastructure as a service is where you install, configure, and patch the operating system, therefore having more control over how it is set up and configured.
6. Answer: c and e
Concept: When you use additional storage on a device such as an SD card, this is known as containerization or storage segmentation. Also, an isolated guest virtual machine is known as containers.
7. Answer: c
Concept: Both the tablet and life support systems use integrated circuits known as chips. Apple watches, smartphones, and computer motherboards come under this category known as system on a chip (SoC).
8. Answer: b
Concept: VDI is a virtual desktop infrastructure where a pool of virtual desktops is created and each person has their own desktop that is accessed only by them. Note, the question did not say these workers were remote, therefore the VPN was ruled out.
9. Answer: d
Concept: Both RAID 5 and 6 can use four disks, however, RAID 5 has single parity and can only lose one disk. RAID 6 has dual parity and can lose two disks, making it more resilient. RAID 10 provides better redundancy than RAID 6.
10. Answer: a
Concept: Most MFD devices have a network interface enabling them to be accessed by everyone on the network. The network interface could be used by a remote attacker.
11. Answer: d
Concept: VM sprawl is where an unmanaged virtual machine is placed on your virtual network. Because the administrator does not know about its existence, it is never patched, making it vulnerable.
12. Answer: d
Concept: A Faraday cage acts as a force field to prevent electrical current and wireless emissions from coming into or leaving a network. The Faraday cage prevents electromagnetic radiation emanating from electronic equipment.
13. Answer: b, e, and f
Concept: All errors should be logged and the application must keep running. On the user side, the errors should be small and generic so an attacker has very little detail. On the system administrator side, the error should be long and very detailed so he can investigate it.
14. Answer: a
Concept: Agile and scrum are very similar where they can incrementally start different phases of the SDLC to provide faster delivery and customer satisfaction.
15. Answer: c
Concept: CSP can increase or decrease cloud resources at the drop of a hat. Therefore, as a new company increases its sales and number of employees, the CSP can provide them with the resources they need.
16. Answer: a
Concept: A private cloud is known as a single tenant where you have total control of the environment.
17. Answer: a
Concepts: Regulatory framework standards are legally enforceable whereas user guides are not. If we exceed the regulatory standards, we can prove to a court that we are very responsible and compliant with current regulations.
18. Answer: c
Concept: An intranet website sits on your LAN and has company sensitive data. An extranet is located in the DMZ, a boundary layer, and is accessed by username and password. This would be used to share information with distributors or suppliers.
19. Answer: d
Concept: A SIEM system is a real-time monitoring system that has a correlation engine. In this example, the attacker is attempting to only log in once to each machine, so he does not get locked out and records events in the security log. If a SIEM system provides a false positive, it will be due to using the wrong input filter.
20. Answer: d
Concept: Whitelists are used to control what software can be installed, therefore, if it is not on the whitelist, you can never install it. Blacklists are used to control banned applications.
21. Answer: a
Concept: A conduit is used to house and protect the cables that he is laying.
22. Answer: d
Concept: Non-persistent configuration allows you to roll back to a previous state and an example of this could be a snapshot of a virtual machine.
23. Answer: d
Concept: A community cloud is where people in the same industry share the cost and running of a cloud application. For example, a group of lawyers are not happy with the retail software so they contribute to have a cloud provider create a bespoke application that they all use.
24. Answer: a
Concept: A port mirror captures the traffic in and out of a port and stores it on another device. Sometimes this is known as a tap.
25. Answer: d
Concept: Placing any device into a VLAN separates it from the rest of the network. The administrator realized the legacy devices were vulnerable to attack as no updates were available.
26. Answer: d
Concept: An image can be created with least functionality and all of the latest security updates installed. This way, the security team knows what the security baseline of each computer is.
27. Answer: b
Concept: When attacks are being made, the first step is usually identifying the source of the attack, however, if it is a rapidly spreading virus, it is an exception and it must be quarantined, isolated, or contained to stop it spreading.
28. Answer: d
Concept: Data centers will normally have a HVAC system that consists of hot and cold aisles that regulate the air temperature by cold airflow inward and the hot airflow outward.
29. Answer: b
Concept: Although many of the selections could be implemented, the best method for securing the laptops is to introduce least functionality in this method—only the essentials applications and services are available.
30. Answer: d
Concept: Platform as a service is a cloud environment where applications can be developed. SaaS is bespoke software provided with the cloud provider and cannot be modified.
31. Answer: d
Concept: VM escape is where a guest machine is exploited so that the host can be attacked, taking down the virtual host. Pivoting is where an attacker (in a physical environment) gains access via a vulnerable computer to attack a computer on the network.
32. Answer: a
Concept: Cable locks can lock either laptops or tablets to a desktop to prevent theft. If you visit a store selling tablets, all of these tablets have cable locks so that the tablet can be picked up but not stolen.
33. Answer: d
Concept: Stored procedures are sealed SQL scripts and the BEST way to prevent SQL injection attacks. Another way is to use input validation.
34. Answer: a
Concept: A public cloud is when a CSP will host many different companies on the same hardware.
35. Answer: c
Concept: Staging is the process of testing an application with production data. SDLC is development—where an application is created. Testing—they test the functionality. Staging—test with production data. Production—it is rolled out.
36. Answer: d
Concept: When too much data is inserted into a data field, this is known as a buffer overflow attack.
37. Answer: a
Concept: An immutable system is where components are replaced rather than repaired.
38. Answer: a and e
Concept: A guest hotspot would allow visitors to access the internet. Employees may not have internet access when at work due to their personal devices being prohibited, therefore, they could use the guest Wi-Fi at lunchtime.
39. Answer: c
Concept: The only way to identify when a person's access level increases is by continuous monitoring. With permission auditing and review, you might only audit every 3 or 6 months and this is not immediate.
40. Answer: b
Concept: Obfuscation obscures source code so that it cannot be read by a third party. Expression OR (XOR) can swap values of distinct variables, making them obscure.
41. Answer: d
Concept: Sandboxing is an isolated virtual machine that can be used to test, patch, or isolate an application or operating system.
42. Answer: a
Concept: A site-to-site VPN in "always-on" mode is a permanent connection between two sites. It is much cheaper than purchasing a lease line or running a fiber cable.
43. Answer: b
Concept: The CEO has used an administrative control and the systems administrator has then implemented technical controls. As two controls were used, this should be deemed control diversity.
44. Answer: b
Concept: A camera can take pictures and capture video. They can be used in evidence in case of an investigation.
45. Answer: a, b
Concept: SCADA systems are used to control and monitor plant and equipment on an industrial basis. They have a control room with different stages of production.
46. Answer: b
Concept: BitLocker is an example of FDE and needs either a TPM chip or HSM to install the keys.
47. Answer: b, d
Concept: Guards check the identity of those people entering the data center. A mantrap ensures that only one person accesses the data center at a time and can be controlled by the guard.
48. Answer: b
Concept: When evidence is collected, they take the regional time known as the record time offset. They can use time normalization by converting it into the same time zone, such as GMT, to establish how data is moved between the criminals.
49. Answer: c
Concept: Waterfall is one of the oldest SDLC methodologies, where one stage of the project is finished before moving onto the next stage.
50. Answer: d
Concept: There are only two ways to isolate the mail server: put it in a VLAN or a DMZ. Air gapping it would mean that nobody could access any email.