Exam 10: Security Structures and Identity and Access Management

Abdul has just discovered a successful brute force attack against one of the systems in his company's network that lasted for almost five months undetected. Which of the following might have prevented this attack from being successful?

Jan has just finished upgrading the physical and administrative controls in his organization and is about to start planning the upgrade of logical controls. Which of the following is not a manufacturer to consider when looking at options for new firewalls?

Dharma has just been hired to create the new cybersecurity team in a growing organization. Which of the following might be one of the first things she does?

Ilya is having an audit performed by a third-party consultant to find vulnerabilities in his organization. As part of the audit, several tools have been brought in to detect weaknesses in the organization's infrastructure. Which of the following vulnerability scanners might be used to perform this task?

Toria's manager has asked her to implement a new system that uses X.500. She knows the information that is looked up needs to be stored somewhere. What is the name of the part of the setup that stores the information?

Maya has just been hired as the first cybersecurity engineer at a growing company in an effort to focus more resources on hardening the company's infrastructure. Which of the following might she use to identify applications that users log into with unencrypted passwords?

Lakia has been hired as a penetration tester for a large organization. She finds that one of the branch offices is still running WEP and quickly cracks the key to gain access to the network. As she is capturing network packets while sitting in the company's parking lot, she sees a couple of tokens that users send to an HTTP-based website to log in. Which of the following types of attacks might she be able to perform with this information?

Araya has been tasked with implementing a new set of procedures for the onboarding and offboarding of employees. Which of the following types of controls does this new task fall into?

Hattie has just been promoted to the cybersecurity team within her organization. Her new manager recommends reading up on cybersecurity guidelines that have been published by theU.S.government. Which of the following should she become familiar with?

Craig has been asked to implement the ISO standards for cybersecurity in his organization. Which of the following families of standards should he become familiar with?

Tabitha has just contracted with a large company to perform a penetration test against it. Which of the following might help her with part of the reconnaissance process?

Janos works for a large regional hospital system. The system has data retention policies that have necessitated the backup of certain types of information. As such, he decides that in addition to the standard daily and weekly backups, he would like to create a byte-by-byte copy of data on a particular server's drive to be stored off-site. Which of the following tools might help him perform this action?

Monica wants to implement more security around the login function that her company's website uses to allow customers to interact with the organization. One of the tasks on her to-do list is to prevent brute force attacks. Which of the following might help Monica achieve this goal?

Tara has just discovered the John the Ripper tool on a workstation on her company's network, which is a direct violation of an existing policy that defines what users are allowed and not allowed to do on the network. She believes that if other instances of this tool are installed, the current policy protecting against attacks from such tools needs to be strengthened properly. Which of the following policies might she choose to update as a result?

Penelope has just been hired as a cybersecurity manager for an organization. She has done an initial analysis of the organization's policies and sees there is no document outlining the duties and responsibilities of data custodians. Which of the following policies might she consider creating?

Gabe, a penetration tester, has gained physical access to a company's facilities and planted devices behind several printers that will send him copies of all documents sent to those printers. Which of the following has Gabe executed?

Raja wants to require network administrators to log into the company's Cisco routers and switches. Which of the following is the most likely choice to implement for this configuration?