CompTIA Cybersecurity Analyst (CySA+) - Module 4: Security Architecture and Tool Sets

CompTIA Cybersecurity Analyst (CySA+) - Module 4: Security Architecture and Tool Sets Which framework was designed to widen the focus of an organization to overall architecture? COBIT TOGAF SABSA ITIL Correct answer- TOGAF (The Open Group Architecture Framework) The procedures in place to test controls need to be examined only by internal parties to ensure security. True False Correct answer- False Which policies are responsible for securing employee profiles? Account Management Policy Acceptable Use Policy Data Ownership Policy Password Policy Correct answer- Account Management Policy & Password Policy Which type of control would a software in charge of managing who has access to the network be? Administrative Control Defined Parameters Logical Control Physical Control Correct answer- Logical Control Audits should be done by a third party to get a more accurate result. True False Correct answer- True What type of verification method is based on a judgement call? Assessments Audit Evaluation Certification Correct answer- Evaluation Which framework is distinguished by focusing exclusively on IT security? NIST TOGAF ISO ITIL Correct answer- NIST (National Institute of Standards and Technology) What procedure is responsible for supplementing a lack of controls? Patching Managing Exceptions Control Testing Procedures Compensation Control Development Correct answer- Compensation Control Development Which policy might govern how guests may use the companies WiFi? Data Retention Policy Account Management Policy Acceptable Use Policy Data Ownership Policy Correct answer- Acceptable Use Policy A guideline is an adamant step by step listing of actions to be completed for a given task. True False Correct answer- False In which procedure is everyone in the company told how to react and alert proper members of staff? Evidence Production Continuous Monitoring Remediation Plans Managing Exceptions Correct answer- Evidence Production Which framework is distinguished by providing information assurance and is driven by risk analysis? TOGAF ITIL NIST SABSA Correct answer- SABSA (Sherwood Applied Business Security Architecture) In which procedure do all factors need to be considered compared and tested before a decision is made? Managing Exceptions Remediation Plans Evidence Production Continuous Monitoring Correct answer- Remediation Plans What are reasons that data should be retained past it's first use? (Choose Several) Meeting legal and company policies Keeping the data from being abused Leverage Backups for frequently changed files Correct answer- Meeting legal and company policies & Backups for frequently changed files In which procedure are those involved given limited knowledge to develop from? Evidence Production Compensation Control Testing Procedures Managing Exceptions Correct answer- Testing Procedures An evaluation is scored against a benchmark or checklist. True False Correct answer- False Which procedure is typically put into place because it is virtually impossible to perfectly match an entire environment? Patching Continuous Monitoring Compensation Control Managing Exceptions Correct answer- Managing Exceptions Which of these frameworks are commercial and must be purchased? NIST ISO COBIT SABSA Correct answer- ISO (International Organization for Standardization) & COBIT (Control Objectives for Information and Related Technologies) The Data Ownership Policy includes both acquisition and destruction of data. True False Correct answer- False What policy determines how new users are provisioned/deprovisioned? Account Management Policy Data Ownership Policy Acceptable Use Policy Password Policy Correct answer- Account Management Policy What assesses how well developed an organization's security capabilities are? Audits Remediation Plans Maturity Model Correct answer- Maturity Model When attempting to provide defense in depth for personnel which of the following controls can be put into place? Choose all that apply. Dual Control Scheduled Review Training Cryptography Correct answer- Dual Control & Training Network segmentation can be used in addition to security appliances in order to protect a network. True False Correct answer- True Defense in depth is less of a necessity and more of a way for large companies who have extra funds to better secure their network True False Correct answer- False Any singular technology can fail which leads to the necessity of defense in depth True False Correct answer- True Which part of continual improvement is implemented to address old processes that are no longer efficient? Scheduled Review Manual Review Succession Planning Retirement of processes Correct answer- Retirement of processes Which of the following is the purpose of a mandatory vacation? To relieve employee stress To allow servers to be updated To prevent collusion between employees To audit employees while they are out of work Correct answer- To audit employees while they are out of work Job rotation and separation of duties should be paired with which of the following controls? Scheduled Review Mandatory Vacation Cross Training Dual Control Correct answer- Cross Training A good example of separation of duties is one person signing checks and another managing inventory. True False Correct answer- False Training should have a measurable metric to determine how effective it is such as certifications. True False Correct answer- True Which of the following situations call for proper succession planning to be implemented? Choose all that apply A new employee is hired An employee is unreachable during an incident An employee quits suddenly An employee is trying to move to a new project Correct answer- A new employee is hired & An employee quits suddenly In order to perform periodic reviews a company should wait until after an incident occurs to schedule a few follow up meetings. True False Correct answer- False Automated reporting can lead to some issues including: Leakage of sensitive information increased bandwidth increased data storage information overload Correct answer- Leakage of sensitive information SECaas is when another company comes in to a corporate location to install cameras locks etc. True False Correct answer- False Encryption is unbreakable which is why it is used to store password and other valuable sets of data. True False Correct answer- False Encryption is used for which of the following reasons? Choose all that apply To delay data exfiltration To protect data in motion To prevent access from authorized users To protect data on a hard drive stored as evidence Correct answer- To delay data exfiltration & To protect data in motion What type of analysis involves looking for patterns of incidents over time? Historical Analysis Data Correlation Manuel Review Trend Analysis Correct answer- Trend Analysis A scheduled review should have documentation of trends and analysis outside of the company as well. True False Correct answer- True Cross Training helps with which other defense that requires an employee to temporarily leave their role? Dual Control Separation of Duties Mandatory Vacation Succession Planning Correct answer- Mandatory Vacation Which type of analysis also involves staying up to date on current attacks and security solutions? Data Aggregation Trend Analysis Historical Analysis Manual Review Correct answer- Trend Analysis Which personnel defense involves a shared authority between users so no one employee has access? Cross Training Separation of Duties Third Party Dual Control Correct answer- Dual Control Which defense involves having at least part of the network come from somewhere else? Network Segmentation Remote Boxing Outsourcing Third Party Correct answer- Outsourcing A Manual Review is much less accurate and will miss threats detected by an automated solution. True False Correct answer- False Which of these ISN'T necessarily true about standard training as a personnel defense help prevent? Helps prevent social engineering attacks Needs to be measured Should be continuous Prevents insider leaks Correct answer- Prevents insider leaks What personnel defense prevents too much control by breaking up larger tasks into smaller ones? Succession Planning Dual Control Separation of duties Cross Training Correct answer- Separation of duties Though eventually capable of being bypassed with enough time and effort which defense delays an attacker access to specific data? Encryption Outsourcing Automated Reporting Network Segmentation Correct answer- Encryption Continual improvement should include both small and large changes over time. True False Correct answer- False Which defense prepares the company in the case of an employee suddenly quitting? Retirement of Processes Consultants Mandatory Vacations Succession Planning Correct answer- Succession Planning A SIEM suite helps manual review from being as resource intensive. True False Correct answer- True What personnel defense involves training employees in more than one area? Diversifying Succession Planning Cross Training Separation of Duties Correct answer- Cross Training OWASP (Open Web Application Security Project) is known for publishing the "top 20 critical security controls." True False Correct answer- False Which software development practice must be thoroughly tested either manually or througha program. Security Regression Stress Test Input Validation User Acceptance Correct answer- Input Validation Analysis software always must be compatible with the same language as the source code. True False Correct answer- True Which of these practices are non-profit? SANS OWASP NIST CIS Correct answer- OWASP (Open Web Application Security Project) & CIS (Center for Internet Security) Which practice should be conducted after most others and a considerable amount of testing has been done? Security Regression Testing Security Testing Security Requirement Definition User Acceptance Testing Correct answer- Security Regression Testing Analysis only records what happens after the fact when fuzzing causes an application to crash. True False Correct answer- False Which practice helps programmers from getting stuck in repeating patterns of their own design? Input Validation Redundancy Control User Acceptance Manual Peer Review Correct answer- Manual Peer Review Which security coding practices specialize in application development and training? CIS KARA SANS OWASP Correct answer- SANS (SysAdmin Network and Security)