- (Exam Topic 1)
An organization discovered a disgruntled employee exfiltrated a large amount of PII data by uploading files Which of the following controls should the organization consider to mitigate this risk?
Correct Answer:
D
DLP stands for data loss prevention, which is a set of tools and processes that aim to prevent unauthorized access, use, or transfer of sensitive data. DLP can help mitigate the risk of data exfiltration by disgruntled employees or external attackers by monitoring and controlling data flows across endpoints, networks, and cloud services. DLP can also detect and block attempts to copy, print, email, upload, or download sensitive data based on predefined policies and rules.
References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.forcepoint.com/cyber-edu/data-loss-prevention-dlp
- (Exam Topic 2)
An air traffic controller receives a change in flight plan for an morning aircraft over the phone. The air traffic controller compares the change to what appears on radar and determines the information to be false. As a result, the air traffic controller is able to prevent an incident from occurring. Which of the following is this scenario an example of?
Correct Answer:
B
Vishing is a form of phishing that uses voice calls or voice messages to trick victims into revealing personal information, such as credit card numbers, bank details, or passwords. Vishing often uses spoofed phone numbers, voice-altering software, or social engineering techniques to impersonate legitimate organizations or authorities. In this scenario, the caller pretended to be someone who could change the flight plan of an aircraft, which could have caused a serious incident.
- (Exam Topic 2)
A company recently enhanced mobile device configuration by implementing a set of security controls: biometrics, context-aware authentication, and full device encryption. Even with these settings in place, an unattended phone was used by a malicious actor to access corporate data.
Which of the following additional controls should be put in place first?
Correct Answer:
C
According to NIST Special Publication 1800-4B1, some of the security controls that can be used to protect mobile devices include:
Root and jailbreak detection: ensures that the security architecture for a mobile device has not been compromised. Encryption: protects the data stored on the device and in transit from unauthorized access. Authentication: verifies the identity of the user and the device before granting access to enterprise resources. Remote wipe: allows the organization to erase the data on the device in case of loss or theft. Screen lock timer: sets a time limit for the device to lock itself after a period of inactivity.
- (Exam Topic 3)
Which of the following cloud models provides clients with servers, storage, and networks but nothing else?
Correct Answer:
C
laaS (Infrastructure as a Service) is a cloud model that provides clients with servers, storage, and networks but nothing else. It allows clients to have more control and flexibility over the configuration and management of their infrastructure resources, but also requires them to install and maintain their own operating systems, applications, etc.
- (Exam Topic 3)
An organization has hired a red team to simulate attacks on its security pos-ture, which Of following will the blue team do after detecting an IOC?
Correct Answer:
B
A runbook is a set of predefined procedures and steps that guide an incident response team through the process of handling a security incident. It can help the blue team respond quickly and effectively to an indicator of compromise (IOC) by following the best practices and predefined actions for containment, eradication, recovery and lessons learned.