Security+ Practice Assessment #2

You are a cybersecurity analyst for a government agency that handles classified information. One of your colleagues accidentally sent an email containing sensitive documents to an unintended recipient outside the agency. What aspect of the CIA triad is most directly affected by this incident?

Which of the following is commonly implemented to support non-repudiation in email communication?

You are the system administrator for a large organization that uses various operating systems across its network. You receive a security advisory indicating that a critical vulnerability has been discovered in the operating system used on your organization's servers. The vulnerability allows remote attackers to execute arbitrary code with elevated privileges. What is the appropriate course of action to mitigate this operating system vulnerability?

Which of the following techniques includes a fraudulent caller manipulating a recipient into revealing sensitive information, such as passwords or financial details?

You are the IT administrator for a medium-sized company. Your company's file server contains sensitive financial data that should only be accessible to finance department members and authorized executives. You are tasked with implementing access controls to enforce this policy. Which of the following is the most appropriate next step?

You are the IT security manager for a manufacturing company that relies on IoT devices to monitor and control critical industrial processes. Recently, you discovered that some IoT devices have become part of a botnet and are participating in distributed denial-of-service (DDoS) attacks against external targets. What is the most likely security issue that led to this situation, and how can you mitigate it?

Which of the following tools or techniques is associated with passive monitoring?

What is a common security measure used to protect data at rest?

You are the security analyst for a small software development company and have identified multiple vulnerabilities in the company's internally developed software. You assess these vulnerabilities based on their impact, ease of exploitation, and the components they affect. One of the vulnerabilities allows remote code execution vulnerability, potentially resulting in a significant sensitive data breach. However, the vulnerability is complex and would require a skilled attacker to exploit. Another vulnerability allows unauthorized access to a non-critical system component but is relatively easy to exploit. Your team has limited resources to address these vulnerabilities promptly. How should you proceed?

What distinguishes a Risk Register from Key Risk Indicators (KRIs)?

ABC Corporation operates a data center that houses critical servers and infrastructure. They have identified the risk of a server outage due to various factors, such as hardware failures and natural disasters. The estimated cost of a single server outage is $50,000, and the annual probability of a server outage is 10%. What is the Annualized Loss Expectancy (ALE) for the risk of a server outage at ABC Corporation's data center?

XYZ Retail is concerned about potential financial losses resulting from credit card fraud. They estimate that the average financial impact of a credit card fraud incident is $20,000. The likelihood of a credit card fraud incident occurring in any year is 5%. What is the Annualized Loss Expectancy (ALE) for the risk of credit card fraud at XYZ Retail?

You are a security administrator for a healthcare organization, and you need to securely share a patient's medical records with a partner clinic across town. The partner clinic has provided you with their public key. What asymmetric encryption concept should you use to protect the patient's data, and why?

Which of the following is a common challenge when dealing with legacy applications in change management?

Which of the following is a potential benefit of key escrow?