Practice Questions (8 Questions-One Per Each Domain)

Here are 8 questions (One Per domain) for your weekend study. I hope you like them 😇. Please, try to provide explanation for your answers.

Domain 1: Security and Risk Management

A global financial institution is expanding its operations into a new country with significantly different data privacy laws than its home country. The company processes large volumes of personally identifiable information (PII) of its customers. During the risk assessment for this expansion, several potential risks were identified, including data breaches, regulatory fines, and reputational damage. Which of the following risk responses BEST addresses the potential impact of regulatory fines due to non-compliance with the new country's data privacy laws?

a) Risk Avoidance: Deciding not to expand operations into the new country.

b) Risk Transference: Purchasing cyber insurance to cover potential fines.

c) Risk Mitigation: Implementing robust data protection controls and compliance programs.

d) Risk Acceptance: Acknowledging the risk and budgeting for potential fines.

-------------------------------------------------------------------------------------------------------------------------------------------------

Domain 2: Asset Security

A company is implementing a new cloud-based storage solution for its sensitive intellectual property. The data includes trade secrets, patent applications, and proprietary algorithms. The company's security policy mandates strict access control and data encryption. Which of the following is the MOST effective approach to protect the confidentiality of this data in the cloud environment?

a) Relying solely on the cloud provider's default security settings.

b) Implementing client-side encryption before uploading data to the cloud.

c) Implementing server-side encryption managed by the cloud provider.

d) Implementing access control lists based on user roles within the company.

------------------------------------------------------------------------------------------------------------------------------------------------------

Domain 3: Security Architecture and Engineering

An organization is designing a new e-commerce platform that will handle a high volume of transactions and store sensitive customer data, including credit card information. The platform must be highly available, scalable, and secure. Which of the following security architectures BEST addresses the need for high availability and protection against distributed denial-of-service (DDoS) attacks?

a) A single server architecture with a basic firewall.

b) A DMZ with a single web server and a database server.

c) A multi-tiered architecture with load balancers, web application firewalls (WAFs), and intrusion prevention systems (IPS).

d) A cloud-based architecture with a single virtual machine instance.

------------------------------------------------------------------------------------------------------------------------------------------------------

Domain 4: Communication and Network Security

A company's network is experiencing intermittent slowdowns and connectivity issues. Network analysis reveals a high volume of broadcast traffic originating from an unknown source. Which of the following is the MOST likely cause of this issue?

a) A smurf attack.

b) A SYN flood attack.

c) A broadcast storm.

d) A man-in-the-middle attack.

-----------------------------------------------------------------------------------------------------------------------------------------------------

Domain 5: Identity and Access Management (IAM)

A company wants to implement a strong authentication solution for its remote workforce. The solution must provide strong security, be user-friendly, and be cost-effective. Which of the following authentication methods BEST meets these requirements?

a) Single-factor authentication with complex passwords.

b) Biometric authentication with fingerprint scanners on all devices.

c) Multi-factor authentication (MFA) using time-based one-time passwords (TOTP).

d) Certificate-based authentication with smart cards.

------------------------------------------------------------------------------------------------------------------------------------------------

Domain 6: Security Assessment and Testing

During a penetration test, a security tester discovers a vulnerability in a web application that allows an attacker to execute arbitrary code on the server. Which of the following BEST describes the severity of this vulnerability?

a) Information Disclosure.

b) Denial of Service.

c) Remote Code Execution.

d) Cross-Site Scripting.

------------------------------------------------------------------------------------------------------------------------------------------------------

Domain 7: Security Operations

A company's security operations center (SOC) receives an alert indicating a potential malware infection on a critical server. The SOC analyst follows the incident response plan and isolates the affected server from the network. Which of the following is the NEXT critical step in the incident response process?

a) Eradication: Removing the malware from the server.

b) Containment: Isolating the affected server.

c) Identification: Determining the type of malware and its impact.

d) Recovery: Restoring the server to its previous state.

--------------------------------------------------------------------------------------------------------------------------------------------------

Domain 8: Software Development Security

A development team is building a web application that handles sensitive user data. The security team recommends implementing input validation to prevent common web application attacks. Which of the following attacks is BEST mitigated by input validation?

a) Denial-of-service (DoS) attacks.

b) SQL injection attacks.

c) Distributed denial-of-service (DDoS) attacks.

d) Man-in-the-middle (MitM) attacks.

5 comments