D488 - Cybersecurity Architecture &
Engineering: Questions and Answers | Grade
A | 100% Correct (Verified Solutions)
,The security operations center (SOC) team just received a notification that multiple
vulnerabilities are present in the codebase of a corporate application. Which threat type
is most likely in this scenario?
A - Advanced persistent threat
B - Insider threat
C - Supply chain
D - Organized crime - correct answer-C - Supply chain
The security operations center (SOC) team for a global company is planning an initiative
to defend against security breaches. Leadership wants the team to monitor for threats
against the organization's data, credentials, and brand reputation by scanning networks
that can not be accessed via search engines. Which type of network should be scanned
based on the requirements?
A - Wireless fidelity
B - Intranet
C - Deep web
D - Supervisory control and data acquisition - correct answer-C - Deep web
An electric power and water utility company has recently added a cybersecurity division.
The security operations center (SOC) team has been tasked with leveraging an
investigative framework that can accurately assess the motives, means, and
opportunities associated with common security attacks. Which framework should be
implemented?
A - National Institute of Standards and Technology (NIST)
B - Diamond Model of Intrusion Analysis
C - Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for industrial
control systems (ICS)
D - Cyber kill chain - correct answer-C - Adversarial Tactics, Techniques, and Common
Knowledge (ATT&CK) for industrial control systems (ICS)
,A company operates a customer service call center with over one hundred agents
taking inbound sales calls. After a recent security breach, the security team believes
that one or more agents have been stealing customer credit card details. Which solution
will defend against this issue?
A - Security information and event management (SIEM)
B - File integrity monitoring (FIM)
C - Data loss prevention (DLP)
D - Intrusion detection system (IDS) - correct answer-C - Data loss prevention (DLP)
The security team has noticed that several endpoints on the network have been infected
with malware. Leadership has tasked the security team with identifying these attacks in
the future. Which solution will notify the team automatically in the event of future
malware variants invading the network?
A - Security information and event management (SIEM) alerts
B - Data loss prevention (DLP) alerts
C - Antivirus alerts
D - Syslog alerts - correct answer-C - Antivirus alerts
An engineer has noticed a degradation in system performance and alerts regarding high
central processing unit (CPU) usage on multiple virtual machines in the environment.
Further investigation shows that several unknown processes are running on the affected
systems. What is the explanation for the degradation in system performance and alerts
regarding high central processing unit (CPU) usage?
A -Misconfigured firewall
B - Overly permissive web application firewall (WAF) rules
C - Outdated anti-malware signatures
D - Incorrect file permissions - correct answer-C - Outdated anti-malware signatures
A financial services company has experienced several incidents of data breaches in
recent months. The company has analyzed the indicators of compromise and
determined that the data breaches were caused by insider threats. The company has
, decided to implement hardening techniques and endpoint security controls to mitigate
the risk. What should be used to prevent data breaches caused by insider threats based
on the indicators of compromise?
A - Network monitoring
B - Intrusion detection systems (IDS)
C - Data loss prevention (DLP)
D - Access control systems (ACS) - correct answer-C - Data loss prevention (DLP)
The cybersecurity analyst at a software company conducted a vulnerability assessment
to identify potential security risks to the organization and discovered multiple
vulnerabilities on the company's webpage. The analyst then provided the results to the
chief information security officer (CISO), who then decided not to fix the discrepancies
due to the vulnerabilities being outside of the organization's resources. Which risk
mitigation strategy is demonstrated in this scenario?
A - Accept
B - Mitigate
C - Avoid
D - Transfer - correct answer-A - Accept
A company wants to implement a policy to reduce the risk of unauthorized access to
sensitive information. Which policy should be implemented?
A - Least privilege
B - Separation of duties
C - Job rotation
D - Data encryption - correct answer-A - Least privilege
A company is developing a cybersecurity risk management program and wants to
establish metrics to measure the program's effectiveness. What should the company
consider?
A - Key performance indicators (KPIs)
B - Key risk indicators (KRIs)
Engineering: Questions and Answers | Grade
A | 100% Correct (Verified Solutions)
,The security operations center (SOC) team just received a notification that multiple
vulnerabilities are present in the codebase of a corporate application. Which threat type
is most likely in this scenario?
A - Advanced persistent threat
B - Insider threat
C - Supply chain
D - Organized crime - correct answer-C - Supply chain
The security operations center (SOC) team for a global company is planning an initiative
to defend against security breaches. Leadership wants the team to monitor for threats
against the organization's data, credentials, and brand reputation by scanning networks
that can not be accessed via search engines. Which type of network should be scanned
based on the requirements?
A - Wireless fidelity
B - Intranet
C - Deep web
D - Supervisory control and data acquisition - correct answer-C - Deep web
An electric power and water utility company has recently added a cybersecurity division.
The security operations center (SOC) team has been tasked with leveraging an
investigative framework that can accurately assess the motives, means, and
opportunities associated with common security attacks. Which framework should be
implemented?
A - National Institute of Standards and Technology (NIST)
B - Diamond Model of Intrusion Analysis
C - Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for industrial
control systems (ICS)
D - Cyber kill chain - correct answer-C - Adversarial Tactics, Techniques, and Common
Knowledge (ATT&CK) for industrial control systems (ICS)
,A company operates a customer service call center with over one hundred agents
taking inbound sales calls. After a recent security breach, the security team believes
that one or more agents have been stealing customer credit card details. Which solution
will defend against this issue?
A - Security information and event management (SIEM)
B - File integrity monitoring (FIM)
C - Data loss prevention (DLP)
D - Intrusion detection system (IDS) - correct answer-C - Data loss prevention (DLP)
The security team has noticed that several endpoints on the network have been infected
with malware. Leadership has tasked the security team with identifying these attacks in
the future. Which solution will notify the team automatically in the event of future
malware variants invading the network?
A - Security information and event management (SIEM) alerts
B - Data loss prevention (DLP) alerts
C - Antivirus alerts
D - Syslog alerts - correct answer-C - Antivirus alerts
An engineer has noticed a degradation in system performance and alerts regarding high
central processing unit (CPU) usage on multiple virtual machines in the environment.
Further investigation shows that several unknown processes are running on the affected
systems. What is the explanation for the degradation in system performance and alerts
regarding high central processing unit (CPU) usage?
A -Misconfigured firewall
B - Overly permissive web application firewall (WAF) rules
C - Outdated anti-malware signatures
D - Incorrect file permissions - correct answer-C - Outdated anti-malware signatures
A financial services company has experienced several incidents of data breaches in
recent months. The company has analyzed the indicators of compromise and
determined that the data breaches were caused by insider threats. The company has
, decided to implement hardening techniques and endpoint security controls to mitigate
the risk. What should be used to prevent data breaches caused by insider threats based
on the indicators of compromise?
A - Network monitoring
B - Intrusion detection systems (IDS)
C - Data loss prevention (DLP)
D - Access control systems (ACS) - correct answer-C - Data loss prevention (DLP)
The cybersecurity analyst at a software company conducted a vulnerability assessment
to identify potential security risks to the organization and discovered multiple
vulnerabilities on the company's webpage. The analyst then provided the results to the
chief information security officer (CISO), who then decided not to fix the discrepancies
due to the vulnerabilities being outside of the organization's resources. Which risk
mitigation strategy is demonstrated in this scenario?
A - Accept
B - Mitigate
C - Avoid
D - Transfer - correct answer-A - Accept
A company wants to implement a policy to reduce the risk of unauthorized access to
sensitive information. Which policy should be implemented?
A - Least privilege
B - Separation of duties
C - Job rotation
D - Data encryption - correct answer-A - Least privilege
A company is developing a cybersecurity risk management program and wants to
establish metrics to measure the program's effectiveness. What should the company
consider?
A - Key performance indicators (KPIs)
B - Key risk indicators (KRIs)
