5/20/24, 11:58 AM CC1 – CertPreps

Home Practice Exams Exam Concepts Storified (Videos) Contact Logout

Congratulations!
You passed!

Your score is 89%

 Restart quiz

1. A multinational corporation is assessing its cybersecurity posture in light of recent changes to data
protection laws in multiple countries where it operates. The corporation's legal team is tasked with
ensuring compliance across different jurisdictions. Which of the following actions is MOST effective in
achieving global compliance?

A. Implementing the strictest privacy standards globally based on the European Union's GDPR.

B. Customizing cybersecurity policies to meet the specific laws of each country.

C. Focusing solely on compliance with the United States' California Consumer Privacy Act (CCPA).

D. Adhering only to international standards like ISO/IEC 27001, ignoring local regulations.

Implementing the strictest privacy standards globally based on the European Union's General Data
Protection Regulation (GDPR) is the most effective action for the multinational corporation to achieve
global compliance. GDPR is recognized as one of the most stringent privacy and security laws in the
world, imposing obligations onto organizations anywhere, so long as they target or collect data related
to people in the EU. By adopting GDPR's standards as the baseline for their global operations, the
corporation ensures a high level of data protection that is likely to meet or exceed the requirements of
most other jurisdictions. This approach not only simplifies the corporation's compliance efforts by
reducing the complexity associated with managing multiple sets of regulations but also enhances the
corporation's reputation by demonstrating a strong commitment to data protection. While customizing Privacy - Terms

https://certpreps.com/cc1/?login=success 1/61
5/20/24, 11:58 AM CC1 – CertPreps

policies for each country (Option B) can ensure compliance, it may lead to operational inefficiencies and
increased costs. Focusing solely on CCPA (Option C) would neglect the requirements of other
jurisdictions, and adhering only to ISO/IEC 27001 (Option D) might not fully address specific legal
obligations under local data protection laws. Therefore, adopting GDPR's comprehensive approach to
privacy and data protection as a universal standard offers a pragmatic and effective strategy to navigate
the complex landscape of international cybersecurity regulations.

2. An enterprise is planning to deploy a new application that requires high availability and resilience
within its on-premises data center. The application will handle critical business operations and must
sustain minimal downtime. To support these requirements, which of the following architectural
decisions would BEST ensure the application's availability and resilience?

A. Implement a single-instance deployment on a high-performance server with regular backups.

B. Deploy the application across multiple servers in a cluster with load balancing and failover capabilities.

C. Use a virtualized environment for the application with snapshots taken at regular intervals.

D. Place the application on a dedicated server with a UPS (Uninterruptible Power Supply) and a diesel

generator backup.

Deploying the application across multiple servers in a cluster with load balancing and failover
capabilities is the best architectural decision to ensure high availability and resilience for critical
business operations. This approach distributes the application's workload across several servers, which
not only enhances performance by efficiently managing the traffic but also ensures that if one server
fails, the others can take over (failover) without disrupting the application's availability. Load balancing
effectively distributes incoming network traffic across the cluster of servers, preventing any single
server from becoming a bottleneck, thereby maximizing speed and capacity utilization and ensuring no
single point of failure. While implementing a single-instance deployment on a high-performance server
with regular backups (Option A) and using a virtualized environment with snapshots (Option C) can
contribute to data recovery, they do not offer real-time failover capabilities necessary for sustaining
minimal downtime. Similarly, placing the application on a dedicated server with a UPS and diesel
generator backup (Option D) provides power redundancy but does not address server failure or the
need for distributed workload management. Thus, a clustered deployment with load balancing and
failover capabilities directly addresses the need for continuous operation and resilience against server
failures, making it the most appropriate choice for supporting critical business applications requiring
high availability.

3. After configuring a new NIDS, the IT department notices an unusual pattern of encrypted traffic
passing through the corporate network to unfamiliar destinations. The traffic does not trigger any of
the predefined rules in the NIDS but is consistent in volume and timing. What does this pattern MOST
likely suggest, and what action should IT take to further investigate?

A. Unauthorized Data Transfer; Enable SSL/TLS inspection to decrypt and analyze the traffic.

https://certpreps.com/cc1/?login=success 2/61
5/20/24, 11:58 AM CC1 – CertPreps

B. Legitimate Business Application; Update the NIDS configuration to whitelist the traffic.

C. Encrypted Malware Communication; Adjust the NIDS to monitor for anomalies in encrypted traffic

patterns.

D. Routine Network Maintenance; No action needed unless further anomalies are detected.

The unusual pattern of encrypted traffic to unfamiliar destinations, not matching predefined rules but
consistent in volume and timing, most likely suggests encrypted malware communication. This scenario
indicates that malware within the network might be using encryption to hide its communication with
external control servers. The appropriate action for the IT department is to adjust the Network
Intrusion Detection System (NIDS) to specifically monitor for anomalies in encrypted traffic patterns.
This could involve employing advanced detection techniques that can analyze encrypted traffic
behavior without necessarily decrypting it, looking for signs of malware communication such as
regularity in timing, destination patterns, or volume anomalies. Enabling SSL/TLS inspection is another
approach to decrypt and analyze the traffic, but it requires careful consideration of privacy laws and
encryption policies. Whitelisting the traffic without further investigation could inadvertently allow
malicious activity to continue, and assuming the activity is related to routine network maintenance
without thorough analysis might overlook a serious security threat.

4. An organization is reviewing its user account management practices. It discovers that some
employees have accumulated access rights beyond their current job requirements due to role changes
over the years. What is the most effective way to realign their access rights with the principle of least
privilege?

A. Conduct a comprehensive audit of all user accounts and remove any access rights that are not justified

by the user's current role.

B. Reset all user accounts to default settings and require users to request access rights as needed.

C. Increase the frequency of access rights reviews to prevent future accumulation of unnecessary

privileges.

D. Implement role-based access control (RBAC) without reviewing individual user access rights, assuming

roles are properly defined.

The most effective way to realign employees' access rights with the principle of least privilege, given
the discovery that some have accumulated unnecessary access rights, is to conduct a comprehensive
audit of all user accounts and remove any access rights that are not justified by the user's current role
(A). This direct approach ensures that access rights are immediately adjusted to reflect only what is
necessary for each employee's current job functions, effectively mitigating the risk of unauthorized
access or insider threats. Resetting all user accounts to default settings (B) could disrupt operations and
unnecessarily hinder employees who currently have appropriate access levels. Increasing the frequency
of reviews (C) is beneficial for future maintenance but does not address the current excess of privileges.
Implementing RBAC (D) is a strong strategic move for future access control but does not directly

https://certpreps.com/cc1/?login=success 3/61
5/20/24, 11:58 AM CC1 – CertPreps

address the issue of existing users with overly broad access. The audit and adjustment process (A) not
only corrects current misalignments but also reinforces the organization's commitment to security and
compliance by ensuring that all employees operate under the principle of least privilege.

5. A small business is enhancing its cybersecurity posture by focusing on internal threats and the
potential for insider attacks. The business already has basic network security measures in place. Which
defense-in-depth strategy should be implemented NEXT to mitigate the risk of insider threats?

A. Conducting regular employee cybersecurity awareness training.

B. Installing additional firewalls between each department's network segment.

C. Centralizing all data storage to a single, highly-secured server.

D. Increasing the complexity and frequency of required password changes.

Conducting regular employee cybersecurity awareness training should be implemented next as part of
a defense-in-depth strategy to mitigate the risk of insider threats. This strategy focuses on the human
element of cybersecurity, educating employees about the various forms of insider threats, how to
recognize suspicious behavior, and the importance of adhering to security policies. Awareness training
empowers employees to act as a proactive layer of security, reducing the likelihood of accidental or
intentional actions that could compromise the business's security. While installing additional firewalls
(Option B) can enhance perimeter defense and network segmentation, it does not address threats
originating from within. Centralizing data storage (Option C) may simplify security management but
creates a single point of failure and does not specifically counteract insider threats. Increasing
password complexity and change frequency (Option D) strengthens access control but does not fully
address the broader scope of insider threats, including those not related to password compromise.
Therefore, cybersecurity awareness training addresses the root cause by fostering a culture of security
and vigilance among employees, making it a crucial next step in strengthening the business's defense-
in-depth strategy against internal threats.

6. A technology company's new campus is designed with security in mind, featuring a perimeter fence,
strategically placed lighting, and a layout that encourages interaction among employees while providing
clear views of the surrounding area. The campus design also includes emergency call boxes and a
centralized security office with views of the entire campus. Which of the following environmental
design concepts does this scenario MOST closely align with?

A. Natural surveillance

B. Territorial reinforcement

C. Space Management

D. Defensible space

https://certpreps.com/cc1/?login=success 4/61
5/20/24, 11:58 AM CC1 – CertPreps

The correct answer is D) Defensible space, a concept that focuses on creating environments that are
inherently resistant to crime through the use of physical design to promote social control. The scenario
describes a campus designed with features that enhance visibility and social interaction, such as
strategic lighting and an open layout, which align with the principles of natural surveillance (A) by
making it easy to observe activities on the campus. The inclusion of a perimeter fence and emergency
call boxes also supports the idea of territorial reinforcement (B) by delineating private property and
providing means for individuals to report suspicious activities. However, the comprehensive approach
to security, which integrates physical security measures (like perimeter fencing), surveillance (through
strategic lighting and layout), and social mechanisms (encouraging interaction among employees), best
embodies the principles of defensible space. This concept aims to make spaces safer by designing
environments that enable residents or users to naturally monitor and protect their surroundings,
making defensible space the most applicable concept in this scenario.

7. A cybersecurity analyst is reviewing the network topology of an organization that operates a flat
network architecture. The organization has experienced several security incidents recently, including a
ransomware attack that spread rapidly across the network. The analyst is tasked with recommending a
network design change to enhance security and contain future attacks. Which of the following
recommendations is MOST appropriate?

A. Implement network segmentation using subnets.

B. Deploy a single, organization-wide firewall.

C. Consolidate all servers into a central data center.

D. Increase the encryption level on all data transmitted over the network.

Implementing network segmentation using subnets is the most appropriate recommendation to

enhance security and contain future attacks in an organization operating a flat network architecture.
Network segmentation divides the network into smaller, manageable pieces or segments, often through
the use of subnets. This approach limits the lateral movement of attackers within the network, making
it more difficult for malware, such as ransomware, to spread rapidly across the entire network.
Segmentation also allows for more granular security policies, enabling the organization to apply stricter
access controls and monitoring on sensitive segments, reducing the overall risk exposure. Deploying a
single, organization-wide firewall (Option B) would provide a perimeter defense but would not
effectively contain the spread of an attack once the perimeter is breached. Consolidating all servers into
a central data center (Option C) might improve manageability but does not inherently improve security
or prevent the spread of attacks within the network. Increasing the encryption level on all data
transmitted over the network (Option D) enhances data confidentiality but does not address the issue
of lateral movement or the containment of attacks within the network. Therefore, network
segmentation using subnets directly addresses the core issue by creating barriers within the network
that can help prevent the spread of attacks and enhance overall network security.

8. A legal firm is required to securely dispose of case files and documents that are no longer needed and
contain sensitive client information. Considering environmental sustainability alongside the need for
confidentiality, which data destruction method would be most appropriate for paper documents?

https://certpreps.com/cc1/?login=success 5/61
5/20/24, 11:58 AM CC1 – CertPreps

A. Incinerating the documents to ensure complete destruction.

B. Shredding the documents using a micro-cut shredder and then recycling the shredded material.

C. Dumping the documents in a secure landfill designated for sensitive waste.

D. Leaving the documents in a secure room for natural degradation over time.

Considering the need for confidentiality and environmental sustainability, the most appropriate method
for securely disposing of case files and documents containing sensitive client information is B)
shredding the documents using a micro-cut shredder and then recycling the shredded material. Micro-
cut shredding reduces the documents to very small pieces, making it virtually impossible to reconstruct
the documents or retrieve the sensitive information. This method satisfies the requirement for
confidentiality by ensuring the secure destruction of the documents. Following shredding, recycling the
shredded material addresses environmental sustainability concerns by allowing the paper to be
repurposed, reducing waste and the environmental impact associated with document disposal.
Incineration (A) ensures complete destruction but has a higher environmental impact due to emissions.
Dumping documents in a landfill (C), even if designated for sensitive waste, poses a risk of unauthorized
access and is less environmentally friendly. Leaving documents to degrade naturally (D) is not secure
and does not adequately protect sensitive information within a reasonable timeframe.

9. During a routine compliance check, it was discovered that a number of endpoints in an organization
did not meet the required security configuration baseline. Which of the following actions would be
MOST effective in preventing such non-compliance in the future?

A. Increasing the frequency of manual compliance checks.

B. Implementing a centralized management tool that enforces security configurations across endpoints.

C. Offering training sessions for IT staff on the importance of maintaining security configurations.

D. Publishing a monthly newsletter highlighting common compliance issues and how to avoid them.

Implementing a centralized management tool that enforces security configurations across endpoints is
the most effective action to prevent future non-compliance with security configuration baselines. Such
tools can automatically apply the required security settings, ensuring that all endpoints are configured
according to the organization's predefined security standards. This approach not only standardizes
security configurations across the IT environment but also significantly reduces the risk of human error
and the oversight that can occur with manual configuration processes. Centralized management tools
provide scalability and consistency, allowing for the swift enforcement of security configurations as
new endpoints are added to the network. While increasing the frequency of manual compliance checks
(Option A), offering training (Option C), and publishing newsletters (Option D) can support a culture of
compliance and awareness, they do not address the root cause of non-compliance as effectively as
automated enforcement tools. These measures are reactive and educational in nature, whereas a

https://certpreps.com/cc1/?login=success 6/61
5/20/24, 11:58 AM CC1 – CertPreps

centralized management tool proactively ensures compliance and enhances the organization's overall
security posture.

10. An IT department identifies that several encrypted files across the network are suddenly renamed
with a ".locky" extension, and a ransom note appears in each affected directory demanding payment in
cryptocurrency for decryption keys. What type of threat has occurred?

A. Trojan Horse

B. Ransomware

C. Spyware

D. Adware

The scenario clearly describes a ransomware attack, a type of malicious software designed to block
access to a computer system or files until a sum of money is paid, usually in cryptocurrency. The
".locky" extension is a known identifier for files encrypted by Locky ransomware, and the presence of a
ransom note in affected directories demanding payment for decryption keys is a hallmark of
ransomware attacks. Unlike a Trojan Horse, which is a type of malware that disguises itself as legitimate
software but performs malicious operations, ransomware explicitly announces its presence to the
victim to extort payment. Spyware and adware, respectively, are designed for covert surveillance and
unwanted advertising; neither involves encrypting files or demanding ransoms, which distinguishes
ransomware as the correct type of threat in this scenario.

11. A financial institution is performing a risk assessment on its online banking platform after noticing
an uptick in phishing attempts. Which area should be the primary focus to mitigate this specific risk?

A. Expanding the customer service team to handle inquiries

B. Upgrading the physical security of bank branches

C. Enhancing customer awareness and education on phishing

D. Increasing the interest rates on savings accounts

When a financial institution performs a risk assessment on its online banking platform due to an uptick
in phishing attempts, the primary focus should be on enhancing customer awareness and education on
phishing. This focus is essential because phishing attacks target customers directly, attempting to
deceive them into divulging sensitive information such as login credentials and personal identification
numbers. By prioritizing customer education, the institution can empower its users to recognize, avoid,
and report phishing attempts, thereby significantly reducing the risk of successful attacks. Effective
communication strategies, such as regular security alerts, educational materials, and training sessions,
can inform customers about the latest phishing techniques and preventive measures. This proactive
approach not only mitigates the immediate risk of information theft and financial loss due to phishing
but also strengthens the overall security culture among customers, contributing to the long-term
https://certpreps.com/cc1/?login=success 7/61
5/20/24, 11:58 AM CC1 – CertPreps

resilience of the online banking platform. While expanding the customer service team, upgrading
physical security, and increasing interest rates might address other aspects of banking operations, they
do not directly confront the challenge posed by phishing attacks in the digital domain.

12. To enhance security, a financial institution requires that all data transmission between its mobile
banking application and its servers be encrypted. Which of the following should be implemented to
meet this requirement?

A. SSL/TLS encryption

B. API key authentication

C. Data obfuscation

D. MAC address filtering

SSL/TLS encryption is the standard security technology for establishing an encrypted link between a
web server and a client, such as a mobile banking application and its server. This encryption ensures
that all data transmitted between the client and server is encrypted, protecting sensitive financial
transactions and personal information from being intercepted by unauthorized parties. API key
authentication (Option B) is used to control access to the server and verify the identity of the
requesting application but does not encrypt the data in transit. Data obfuscation (Option C) can protect
information by making it difficult to understand without the proper technique to de-obfuscate, but it
does not encrypt the data during transmission. MAC address filtering (Option D) is a security measure
that allows or denies network access based on the physical hardware address but does not pertain to
the encryption of data transmitted between applications and servers. Therefore, to ensure that all data
transmission between the mobile banking application and its servers is encrypted, SSL/TLS encryption
is the necessary and most appropriate implementation.

13. An online retailer processes large volumes of customer transactions daily, including sensitive
payment information. The retailer is implementing a new payment processing system and wants to
ensure the highest level of confidentiality for transaction data. Which of the following techniques would
most effectively safeguard this data?

A. Utilizing a third-party payment processor with PCI DSS compliance.

B. Implementing strict password policies for all systems handling payment information.

C. Deploying end-to-end encryption for all online transactions.

D. Conducting regular security audits of the payment processing system.

Deploying end-to-end encryption for all online transactions most effectively safeguards the
confidentiality of customer transaction data by ensuring that sensitive payment information is
encrypted from the point of entry until it reaches its final destination. This method prevents
unauthorized access to the data as it travels across networks, making it unreadable to anyone other
https://certpreps.com/cc1/?login=success 8/61
5/20/24, 11:58 AM CC1 – CertPreps

than the intended recipient. While utilizing a third-party payment processor with PCI DSS compliance
(Option A) is important for ensuring that payment processes adhere to industry standards, it does not
directly encrypt transaction data. Implementing strict password policies (Option B) enhances the
security of the systems involved but does not protect the data during transmission. Conducting regular
security audits (Option D) is crucial for identifying and mitigating vulnerabilities within the payment
processing system but does not provide a mechanism for securing the data itself during transactions.
End-to-end encryption addresses the core concern of maintaining the confidentiality of sensitive
payment information throughout the transaction process, making it the most direct and effective
technique for safeguarding customer data in an online retail environment.

14. A technology company with multiple office locations has identified the need to secure physical
documents and devices within their premises due to recent incidents of information theft. Which
physical control is most crucial for safeguarding these assets?

A. Locking file cabinets and secure storage for sensitive documents.

B. Increasing the number of security personnel during off-hours.

C. Installing motion detectors in all office areas.

D. Implementing a clean desk policy for all employees.

Locking file cabinets and secure storage for sensitive documents and devices are the most crucial
physical controls for safeguarding these assets against information theft. This control directly
addresses the need to protect physical documents and devices by providing a secure environment that
limits access to authorized personnel only. Locking file cabinets and secure storage areas prevent
unauthorized individuals from accessing sensitive information, thus significantly reducing the risk of
information theft. This measure is practical and directly impacts the protection of tangible assets,
unlike other controls that may provide broader security but do not specifically target the protection of
physical documents and devices. While increasing security personnel, installing motion detectors, and
implementing a clean desk policy are beneficial for overall security, they do not offer the same level of
targeted protection for documents and devices as the use of locking mechanisms and secure storage
solutions.

15. An IT administrator receives notifications of failed login attempts to the company's VPN from
geographically distant locations in a short time frame, suggesting a potential credential stuffing attack.
Which monitoring feature is PRIMARILY responsible for alerting the administrator to this suspicious
activity?

A. Geolocation analysis

B. Account lockout policies

C. Encryption protocols

D. Two-factor authentication (2FA) requirements

https://certpreps.com/cc1/?login=success 9/61
5/20/24, 11:58 AM CC1 – CertPreps

Geolocation analysis is the primary monitoring feature responsible for alerting the IT administrator to
the suspicious activity of failed login attempts from geographically distant locations in a short time
frame, suggesting a credential stuffing attack. Geolocation analysis involves examining the geographic
origin of access attempts to identify patterns or activities that deviate from expected norms, such as
login attempts from countries or regions where the company does not operate or where the legitimate
user is not known to travel. This capability allows security systems to flag and alert administrators to
potentially malicious activities based on the geographic inconsistency of access attempts. While
account lockout policies (B) help mitigate unauthorized access by disabling accounts after several failed
login attempts, they do not directly alert administrators to the geolocation aspect of the suspicious
activity. Encryption protocols (C) secure data in transit and at rest but do not play a role in monitoring
or alerting based on access attempt locations. Two-factor authentication (2FA) requirements (D) add an
additional layer of security but, similar to account lockout policies, do not specifically alert to the
geolocation characteristics of access attempts. Geolocation analysis stands out as the key feature
enabling the detection of credential stuffing attacks by identifying and alerting based on the unusual
geographical origins of the login attempts.

16. In a financial institution implementing RBAC, how should access be configured to ensure compliance
officers can perform periodic audits without compromising the security of customer data?

A. Grant compliance officers full access to all customer accounts and transaction records for

comprehensive auditing.

B. Provide compliance officers with the ability to generate reports on customer accounts and transactions

without direct access to the records.

C. Allow compliance officers to modify customer transaction records to correct any discrepancies they find

during audits.

D. Limit compliance officers' access to viewing only the transaction records of high-profile customers for

targeted auditing.

In a financial institution implementing Role-Based Access Control (RBAC), providing compliance officers
with the ability to generate reports on customer accounts and transactions without direct access to the
records (B) best ensures that they can perform their periodic audits effectively without compromising
the security of customer data. This approach aligns with the principle of least privilege by granting
access only to the information necessary for the compliance officers to fulfill their auditing duties,
without exposing sensitive customer details or allowing them to modify any records, which could
potentially lead to unauthorized changes or data breaches. Granting full access to all customer
accounts and transaction records (A) would unnecessarily increase the risk of sensitive information
exposure. Allowing compliance officers to modify customer transaction records (C) is beyond the scope
of their role and violates the integrity of the financial records. Limiting access to only high-profile
customers (D) could neglect the broader requirement for comprehensive auditing across all customer
accounts. By enabling compliance officers to generate and review reports, the institution ensures that
audits are conducted efficiently and securely, maintaining the integrity of the financial records and
complying with regulatory standards that protect customer information.

https://certpreps.com/cc1/?login=success 10/61
5/20/24, 11:58 AM CC1 – CertPreps

17. An IT security team implements an antivirus solution that includes a feature for automatically
updating its virus definition database. However, the team is concerned about zero-day exploits that
could potentially compromise the system before a corresponding virus definition is available. Which
antivirus feature would best complement the existing setup to mitigate the risk of zero-day exploits?

A. Heuristic analysis

B. Firewall integration

C. Cloud-based scanning

D. Data encryption

In the context of concerns about zero-day exploits, which are new and previously unknown
vulnerabilities that could be exploited before a corresponding virus definition is available, the best
antivirus feature to complement an automatic update setup is heuristic analysis. Heuristic analysis is a
technique used by antivirus software to identify new or unknown malware based on characteristics and
behaviors that are suspicious or deviate from the norm, rather than relying solely on a database of
known virus signatures. This method enables the antivirus to detect and potentially block malware that
exploits zero-day vulnerabilities by analyzing the actions of files and applications for malicious intent,
even if the specific threat has not yet been identified and added to the virus definition database. While
firewall integration, cloud-based scanning, and data encryption are valuable security measures, they do
not specifically address the capability to proactively detect and mitigate malware associated with zero-
day exploits. Heuristic analysis, with its focus on behavior rather than signatures, provides a critical
layer of defense against emerging threats that have not been previously cataloged.

18. A cybersecurity professional is tasked with encrypting highly confidential emails sent between the
executive team using asymmetric encryption. What is the most secure way to encrypt these emails to
ensure that only the intended recipient can decrypt them?

A. Encrypting the email with the sender's public key.

B. Encrypting the email with the sender's private key.

C. Encrypting the email with the recipient's public key.

D. Encrypting the email with the recipient's private key.

The most secure way to ensure that only the intended recipient can decrypt the emails is C, encrypting
the email with the recipient's public key. Asymmetric encryption uses a pair of keys: a public key, which
can be shared with anyone, and a private key, which is kept secret by the owner. To ensure
confidentiality in email communication, the sender should use the recipient's public key for encryption.
This approach ensures that only the recipient, who possesses the corresponding private key, can
decrypt the email. This method safeguards the email content from being accessed by unauthorized
parties, as the decryption key (the recipient's private key) is not accessible to anyone other than the
https://certpreps.com/cc1/?login=success 11/61
5/20/24, 11:58 AM CC1 – CertPreps

recipient. Encrypting with the sender's keys (Options A and B) would not achieve the desired security
objective, as the sender's public key does not secure the message for exclusive access by the recipient,
and the sender's private key is used for digital signatures, not confidentiality. Encrypting with the
recipient's private key (Option D) is not practical or secure, as private keys are never used for
encryption and are meant to remain confidential to their owner.

19. A multi-tenant office building has experienced tailgating incidents where unauthorized individuals
followed employees through the main entrance without being stopped by security guards. What is the
MOST effective strategy to minimize this risk?

A. Conducting regular security awareness training for tenants on the importance of not allowing strangers

to follow them into the building.

B. Installing mantrap entry systems at all entrances to control individual access.

C. Increasing the number of security guards at each entrance to physically check each individual entering

the building.

D. Implementing a policy that requires employees to wear visible ID badges and guests to check in for a

visitor badge.

Installing mantrap entry systems at all entrances is the most effective strategy to minimize the risk of
tailgating, where unauthorized individuals gain access by following authorized personnel. Mantrap
systems control access by ensuring that only one person can pass through the entry point at a time,
requiring verification of authorization before allowing access to the next area. This physical barrier
effectively prevents tailgating by design, as it does not allow for multiple people to pass simultaneously
without individual verification. While security awareness training (A) is critical for promoting a culture
of security among tenants, it relies on individual compliance and may not prevent determined
attackers. Increasing the number of security guards (C) can help, but guards may not always be able to
physically stop every instance of tailgating without causing delays or confrontations. Requiring visible
ID badges (D) helps identify authorized individuals but does not physically prevent tailgating. The
implementation of mantrap systems addresses the root cause of the problem by enforcing controlled
access, making it a direct and effective solution to the issue of tailgating in a multi-tenant office
environment.

20. During a security review, it is noticed that the HIDS on a critical endpoint has repeatedly logged
attempts to execute shell commands that are not part of the regular operations. These attempts were
blocked by the HIDS policies. What kind of attack is MOST likely being attempted, and what additional
security measure could enhance protection against this threat?

A. Brute force attack; Implement account lockout policies.

B. Command Injection; Employ application whitelisting.

C. Buffer Overflow; Apply the principle of least privilege to user accounts.

https://certpreps.com/cc1/?login=success 12/61
5/20/24, 11:58 AM CC1 – CertPreps

D. Phishing; Conduct regular security awareness training.

The repeated logging of attempts to execute unauthorized shell commands on a critical endpoint, as
detected and blocked by the Host-based Intrusion Detection System (HIDS), suggests an attempt at
command injection. Command injection attacks involve the execution of unauthorized commands on a
host system, typically through the exploitation of vulnerable applications. The most effective additional
security measure to protect against this type of threat is to employ application whitelisting. Application
whitelisting allows only pre-approved software to execute on the system, effectively blocking
unauthorized applications or scripts, including those used in command injection attacks, from running.
This approach directly mitigates the threat by ensuring that only known, trusted applications can
operate, thereby preventing attackers from executing malicious commands. Implementing account
lockout policies and applying the principle of least privilege are important security practices, but they
address different aspects of security. Regular security awareness training is critical for defending
against phishing but does not directly counteract the technical challenge posed by command injection
attempts detected by the HIDS.

21. An enterprise is in the process of digital transformation and is seeking an MSP to manage its cloud
migration and ongoing cloud infrastructure management. The company requires an MSP that can offer
both strategic guidance for cloud adoption and operational support for cloud environments. What key
capability should the enterprise look for in an MSP for this purpose?

A. Specialization in cloud-native application development

B. Expertise in multi-cloud and hybrid cloud environments

C. Exclusive partnership with a single cloud service provider

D. Focus on legacy system maintenance and on-premise solutions

The enterprise should look for an MSP with expertise in multi-cloud and hybrid cloud environments for
its cloud migration and ongoing cloud infrastructure management. This capability is crucial as it
ensures the MSP can provide strategic guidance tailored to the enterprise's specific needs, whether
that involves leveraging the strengths of multiple cloud service providers (multi-cloud strategy) or
integrating cloud services with existing on-premise infrastructure (hybrid cloud strategy). Such
expertise allows for a more flexible and customized approach to cloud adoption, addressing both
current and future operational requirements while optimizing performance, cost, and security. Unlike
specialization in cloud-native application development (Option A), which is valuable but doesn't cover
the full spectrum of strategic and operational cloud support, or an exclusive partnership with a single
cloud service provider (Option C), which might limit the enterprise's options and flexibility, expertise in
multi-cloud and hybrid environments offers a comprehensive and adaptable framework for successful
cloud migration and management. A focus on legacy system maintenance and on-premise solutions
(Option D) is counter to the enterprise's goal of digital transformation and cloud adoption, making
expertise in multi-cloud and hybrid cloud environments the most critical capability for the enterprise's
needs.

https://certpreps.com/cc1/?login=success 13/61
5/20/24, 11:58 AM CC1 – CertPreps

22. A software development company utilizes IaaS for its development and testing environments. The
company frequently spins up and tears down resources based on project needs. To manage costs
effectively while ensuring development agility, what IaaS management feature should be emphasized?

A. Automated resource scaling based on load.

B. Detailed billing and cost management tools.

C. Advanced networking features for connectivity.

D. Support for containerized applications.

Emphasizing detailed billing and cost management tools is crucial for a software development company
that utilizes Infrastructure as a Service (IaaS) for its development and testing environments and
frequently adjusts resources based on project needs. These tools enable the company to track and
manage its cloud spending in real-time, identify cost-saving opportunities, and allocate costs
accurately across different projects and departments. By providing visibility into how resources are
used and how much they cost, detailed billing and cost management tools help the company avoid
unnecessary expenses and optimize its investment in cloud resources. This focus on cost management
supports the company's need for development agility by allowing it to quickly adapt resource usage to
project requirements without losing control over the budget. While automated resource scaling (Option
A) enhances efficiency, advanced networking features (Option C) improve connectivity, and support for
containerized applications (Option D) offers deployment flexibility, none of these features directly
address the challenge of managing costs as effectively as detailed billing and cost management tools do,
making this feature the most critical for the company's objectives.

23. An organization's network intrusion detection system (NIDS) has been effective in identifying
potential threats, but the security team is concerned about zero-day exploits. Which proactive
prevention strategy would BEST safeguard against zero-day exploits?

A. Regularly updating antivirus definitions on all endpoints.

B. Implementing a security patch management program to apply vendor-released patches promptly.

C. Utilizing threat intelligence services to stay informed about emerging threats.

D. Adopting a defense-in-depth strategy, including the use of next-generation firewalls (NGFWs) and

intrusion prevention systems (IPS).

While zero-day exploits pose a significant challenge due to their nature of exploiting previously
unknown vulnerabilities, adopting a defense-in-depth strategy, including the use of next-generation
firewalls (NGFWs) and intrusion prevention systems (IPS), offers the best proactive prevention. This
comprehensive approach layers multiple security mechanisms to protect against a wide range of
threats, including those that are not yet known or have no specific signature. NGFWs and IPS can

https://certpreps.com/cc1/?login=success 14/61
5/20/24, 11:58 AM CC1 – CertPreps

analyze traffic and behavior to detect and block suspicious activities, potentially stopping zero-day
exploits by identifying abnormal patterns or malicious traffic that deviates from the norm, even without
specific knowledge of the exploit. Regularly updating antivirus definitions and implementing a security
patch management program are critical practices, but they may not be effective against zero-day
exploits until after the vulnerability is known and a signature or patch is available. Utilizing threat
intelligence services is valuable for staying informed about emerging threats but does not provide
direct protection against an attack. Therefore, a defense-in-depth strategy provides the most
comprehensive protection against the unpredictable nature of zero-day exploits by layering different
types of security controls and technologies.

24. A security consultant is advising a small business on best practices for creating and managing
passwords. One recommendation is to avoid using the same password across multiple accounts. What
is the most compelling reason for this advice?

A. It simplifies password management for users, reducing the need for a password manager.

B. Unique passwords for each account minimize the damage if one password is compromised.

C. It ensures compliance with international data protection and privacy regulations.

D. Using different passwords for each account enhances the encryption method used for storing

passwords.

The most compelling reason for advising against using the same password across multiple accounts is
that unique passwords for each account minimize the damage if one password is compromised. If an
attacker gains access to one password, they could potentially access all other accounts that share the
same password, leading to widespread security breaches. By using a unique password for each account,
an individual can contain the damage to a single account, significantly reducing the potential impact of
a compromise. This practice is a critical component of personal and organizational security hygiene, as
it limits the attacker's ability to leverage one set of stolen credentials across multiple platforms. Options
A, C, and D do not directly address the core reason for this advice; simplifying password management
(Option A) and ensuring compliance with regulations (Option C) are important but secondary
considerations. The encryption method used for storing passwords (Option D) is unrelated to the
practice of using unique passwords for account security.

25. During the planning phase of a cross-border e-commerce project, two companies from different
countries decide to combine their expertise in technology and local market knowledge. They wish to
document their strategic intent and preliminary understanding without creating enforceable
obligations. Which document would BEST serve this purpose?

A. Bilateral Agreement

B. Memorandum of Understanding (MOU)

C. Trade Agreement

https://certpreps.com/cc1/?login=success 15/61
5/20/24, 11:58 AM CC1 – CertPreps

D. Strategic Partnership Agreement

A Memorandum of Understanding (MOU) would best serve the purpose of documenting the strategic
intent and preliminary understanding between two companies from different countries combining their
expertise for a cross-border e-commerce project, without creating enforceable obligations. An MOU is
particularly suited for situations where parties aim to define a collaborative framework and articulate
their intentions to work together, detailing the scope of the project, roles, and expectations, while
maintaining the flexibility to adjust the terms as the project evolves. It is a non-binding agreement that
allows parties to express mutual agreement on a project without the legal commitments typically
associated with Bilateral Agreements, Trade Agreements, or Strategic Partnership Agreements, which
imply more formal and legally binding arrangements. By choosing an MOU, the companies can lay the
groundwork for their collaboration, secure in the knowledge that they have a documented
understanding that can be refined into more detailed and binding contracts as their project progresses
and their partnership solidifies.

26. An organization plans to deploy a new application that requires high availability and robust security
measures. The application will be hosted in the organization's data center closets. To support these
requirements, which of the following infrastructure changes should be implemented?

A. Implement a VLAN specifically for the application to isolate traffic and enhance security.

B. Replace all existing network switches with ones that support higher data throughput and encryption.

C. Install redundant power supplies and network connections for all servers hosting the application.

D. Increase the physical security of the data center closets by adding surveillance cameras and motion

detectors.

Installing redundant power supplies and network connections for all servers hosting the application is
the most critical infrastructure change to support high availability and robust security measures for the
new application. Redundancy in power supplies ensures that the servers remain operational in the
event of a power supply failure, minimizing downtime and maintaining the availability of the
application. Similarly, redundant network connections protect against network failures, ensuring
continuous data flow and access to the application. This approach directly addresses the requirement
for high availability by providing failover capabilities that ensure uninterrupted operation of the
application, which is crucial for maintaining business continuity and user satisfaction. While
implementing a VLAN (Option A) can enhance security by isolating application traffic, and replacing
network switches (Option B) may improve data throughput and encryption, these measures do not
directly contribute to the physical infrastructure's resilience and availability as redundant power and
network connections do. Increasing physical security measures (Option D) is important for protecting
against unauthorized access but does not address the high availability requirements of the application.
Therefore, the redundancy of power supplies and network connections is the most effective
infrastructure change to meet the application's demands for high availability and robust security.

https://certpreps.com/cc1/?login=success 16/61
5/20/24, 11:58 AM CC1 – CertPreps

27. During a routine security review of a gated facility, it was discovered that the gate entry system,
which uses a keypad for access codes, has been compromised multiple times in the past month. Which
of the following upgrades would MOST effectively secure the gate entry against unauthorized access?

A. Transitioning to a biometric access control system.

B. Implementing a time-sensitive access code system that changes codes daily.

C. Enhancing physical security measures by adding a turnstile.

D. Increasing the complexity of access codes used.

The correct answer is A) Transitioning to a biometric access control system. This solution provides a
significant security upgrade by leveraging unique physical characteristics of authorized individuals,
such as fingerprints or iris scans, which are much more difficult to replicate or steal compared to
access codes. While implementing a time-sensitive access code system (B) and increasing the
complexity of access codes (D) could reduce the risk of unauthorized access by making codes harder to
guess or use beyond a short window of time, these measures do not address the fundamental
vulnerability of code-based systems to sharing, leakage, or brute-force attacks. Adding a turnstile (C)
enhances physical security but does not directly improve the security of the access control mechanism.
Biometric systems offer a higher level of security by ensuring that access is granted based on
immutable and individual-specific traits, making it the most effective option for mitigating the risk of
unauthorized access through the gate.

28. After experiencing a significant cyber-attack, a telecommunications company realized its incident
response plan did not include a process for learning from the incident and making improvements. This
omission has hindered their ability to prevent similar attacks in the future. What component of the
incident response plan most needs revision?

A. Continuous Improvement

B. Incident Scoping

C. Stakeholder Engagement

D. Legal and Regulatory Compliance

The realization by the telecommunications company that its incident response plan lacked a process for
learning from incidents and making necessary improvements points to a critical shortfall in the
Continuous Improvement component. This component is fundamental to the incident response
lifecycle as it involves analyzing the handling of the incident, identifying lessons learned, and
implementing changes to improve response strategies and security postures. The absence of a
continuous improvement process prevents the organization from adapting and evolving its defenses
based on past incidents, which is crucial in the dynamic and ever-changing landscape of cybersecurity
threats. By revising the incident response plan to include a structured process for post-incident
https://certpreps.com/cc1/?login=success 17/61
5/20/24, 11:58 AM CC1 – CertPreps

analysis, feedback gathering, and the implementation of improvements, the company can enhance its
resilience against future cyber-attacks, reduce the risk of similar incidents occurring, and strengthen
its overall cybersecurity framework.

29. A financial services company with operations across multiple countries relies heavily on real-time
data for transaction processing. They have recently conducted a risk assessment and identified a high
risk of cyber-attacks that could disrupt their data processing capabilities. Based on business continuity
principles, which of the following strategies would be most effective in ensuring the company can
maintain critical operations in the event of a successful cyber-attack?

A. Implementing a robust cybersecurity training program for all employees.

B. Developing a comprehensive incident response plan that includes procedures for switching to a backup

data processing system.

C. Investing in stronger encryption technologies for data at rest and in transit.

D. Enhancing physical security measures at the main data processing facility.

Developing a comprehensive incident response plan that includes procedures for switching to a backup
data processing system is the most effective strategy based on business continuity principles for
ensuring that the company can maintain critical operations in the event of a successful cyber-attack.
Business continuity planning is focused on maintaining operational capabilities and quickly restoring
them following a disruption. In this scenario, the financial services company identifies a high risk of
cyber-attacks, which could severely impact their real-time data processing capabilities—a critical
function for their operations. By preparing a comprehensive incident response plan that specifically
includes procedures for quickly switching to a backup data processing system, the company ensures
that it can continue to operate effectively even if the primary system is compromised. This approach
directly addresses the identified risk by providing a clear, actionable path to maintain critical
operations, demonstrating an application of business continuity principles that prioritize operational
resilience and recovery capabilities. Unlike the other options, which focus on preventive measures (A,
C) or physical security enhancements (D), option B offers a strategic response capability that enables
the company to maintain critical functions during and after a cyber-attack, embodying the core goals of
business continuity.

30. A cybersecurity team is implementing a configuration management system (CMS) for their
organization's network devices to enhance security. Which of the following is the MOST critical feature
they should ensure the CMS provides?

A. Capability to generate compliance reports against industry standards.

B. Real-time alerts for any unauthorized configuration changes.

C. An inventory of all network devices and their current firmware versions.

https://certpreps.com/cc1/?login=success 18/61
5/20/24, 11:58 AM CC1 – CertPreps

D. Automated backup of device configurations before any changes are made.

The most critical feature a configuration management system (CMS) should provide is real-time alerts
for any unauthorized configuration changes. This feature directly contributes to the security of the
network by ensuring that any deviation from the approved configurations is immediately detected,
allowing for swift remediation or rollback. Unauthorized changes can indicate a security breach or
misconfiguration that could lead to vulnerabilities within the network. By receiving instant alerts, the
cybersecurity team can quickly investigate and address the issue, minimizing potential damage or
exposure. While generating compliance reports (Option A), maintaining an inventory of network devices
and their firmware versions (Option C), and automating backup of device configurations (Option D) are
important features that support configuration management and overall network security, the ability to
detect unauthorized changes in real-time is fundamental for maintaining the integrity and security of
network configurations, ensuring that the organization can respond promptly to any threats or
anomalies.

31. During a routine security audit, a cybersecurity professional discovers an unknown service running
on multiple servers that generates network traffic to external addresses. Further investigation indicates
that this service is capable of updating itself and executing without user intervention. Which
characteristic MOST accurately describes this malicious software, and what preventative measure
could have mitigated this risk?

A. Virus; Regular software updates

B. Worm; Employing a robust firewall

C. Trojan; User awareness training

D. Ransomware; Frequent data backups

The scenario describes a piece of malicious software that autonomously executes, updates itself, and
generates network traffic, characteristics that align with a worm. Worms are known for their ability to
replicate and spread across networks by exploiting vulnerabilities or open ports, often without any
direct user action. The preventative measure most effective in mitigating the risk of a worm infection is
employing a robust firewall. A properly configured firewall can block unauthorized access and outgoing
traffic to suspicious addresses, significantly reducing the worm's ability to spread and communicate
with external command and control servers. Regular software updates and user awareness training are
critical security practices, but they address a broader range of threats and rely on user action or the
patching of known vulnerabilities. Frequent data backups are essential for recovery from various
malware attacks, such as ransomware, but do not prevent the spread of worms. Thus, a robust firewall
directly targets the worm's method of propagation and external communication.

32. A company's IT department receives reports of employees experiencing unexpected system

behavior, including altered system settings and the presence of new, unfamiliar software that they did
not install. Investigation reveals that the issues began after the installation of a new "productivity

https://certpreps.com/cc1/?login=success 19/61
5/20/24, 11:58 AM CC1 – CertPreps

software" suite, which was distributed via an email claiming to be from the IT department. What type of
attack does this represent, and how can organizations protect themselves against such threats?

A. Phishing attack leveraging a Trojan; Educate employees on recognizing phishing attempts

B. DDoS attack via a botnet; Increase bandwidth and employ DDoS protection services

C. Insider threat; Implement strict access controls and monitoring

D. Supply chain attack; Conduct regular security audits of third-party vendors

This scenario describes a phishing attack that leverages a Trojan, where employees are tricked into
installing malicious "productivity software" that was masqueraded as legitimate and distributed via an
email falsely claiming to be from the IT department. The Trojan then performs unauthorized actions
such as altering system settings and installing unfamiliar software. Protecting against such threats
requires a multifaceted approach, with a key component being the education of employees on
recognizing phishing attempts. This includes training on how to verify the authenticity of emails,
especially those requesting the installation of software or providing links to external sites, and fostering
a security-aware culture where employees feel comfortable questioning and reporting suspicious
activities. Unlike DDoS attacks, insider threats, or supply chain attacks, which involve different vectors
and require different mitigation strategies, phishing attacks exploiting human factors can be
significantly mitigated through awareness and education, making it a direct and effective approach to
preventing Trojan-based infiltrations.

33. A large university plans to implement VLANs to manage network traffic effectively among its diverse
user groups, including students, faculty, and administrative staff, across multiple campus buildings.
Which VLAN configuration would BEST ensure both efficient traffic management and enhanced
security?

A. Implement a single VLAN for all users to simplify network management and ensure uniform access

policies.

B. Create separate VLANs for students, faculty, and administrative staff, applying distinct access controls

and security policies for each group.

C. Configure a VLAN for each campus building, regardless of the user groups, to localize traffic and reduce

network congestion.

D. Establish a VLAN for network devices and another for all end-users to separate critical infrastructure

from user traffic.

Creating separate VLANs for students, faculty, and administrative staff, applying distinct access controls
and security policies for each group, best ensures both efficient traffic management and enhanced
security in a large university setting. This approach allows the university to tailor network access and
security measures according to the specific needs and roles of different user groups, significantly

https://certpreps.com/cc1/?login=success 20/61
5/20/24, 11:58 AM CC1 – CertPreps

improving the overall security posture. By segregating the network into distinct VLANs, the university
can implement granular control over network resources, effectively preventing unauthorized access
between groups and minimizing the potential impact of security breaches. This configuration not only
optimizes network performance by reducing unnecessary cross-group traffic but also enhances privacy
and data protection compliance by ensuring that sensitive information is accessible only to authorized
individuals. Unlike a single VLAN for all users (Option A), which lacks segmentation and exposes the
network to higher risks of congestion and security breaches, or configuring a VLAN for each campus
building (Option C), which does not address the diverse security and access needs of different user
groups, and establishing a VLAN for network devices and another for all end-users (Option D), which
oversimplifies the network structure and overlooks the benefits of user group segmentation, separate
VLANs for each user group provide a balanced and effective solution for managing network traffic and
security in a complex, multi-user environment.

34. An organization notices that when their secured communication devices are in operation, there is a
measurable increase in the temperature of the surrounding environment. Further analysis reveals that
specific patterns of temperature change can be correlated with certain types of encrypted
communications. Which type of side-channel attack might exploit this vulnerability, and what
mitigation approach could be most effective?

A. Thermal imaging attack; Implement environmental temperature control

B. Cache timing attack; Increase cache hit efficiency

C. Power analysis attack; Introduce variable power consumption patterns

D. Electromagnetic analysis; Enhance physical shielding of the devices

The scenario describes a thermal imaging attack, a type of side-channel attack that exploits measurable
changes in temperature related to the operation of secured communication devices. In this attack,
specific patterns of temperature change, which occur as a result of different processing tasks within
the device, are analyzed to infer sensitive information about the encrypted communications being
processed. The most effective mitigation approach to counter thermal imaging attacks is to implement
environmental temperature control around the communication devices. This can include maintaining a
consistent ambient temperature, using air conditioning or environmental cooling systems, and
employing thermal shielding or insulation to minimize the detectable external temperature variations of
the devices. By controlling the environment's temperature and reducing the thermal footprint of
operational devices, it becomes significantly harder for attackers to use thermal imaging techniques to
derive meaningful information from the temperature patterns. Cache timing attacks, power analysis
attacks, and electromagnetic analysis are different forms of side-channel attacks that exploit timing
discrepancies, power consumption, and electromagnetic emissions, respectively. These require specific
mitigation strategies that do not address the unique challenge posed by thermal emanations,
highlighting the need for targeted controls like environmental temperature management to mitigate
thermal imaging attacks.

35. A financial institution utilizes automated logging and monitoring tools to track access to its online
banking system. The tools generate alerts for any access attempts from geographically improbable

https://certpreps.com/cc1/?login=success 21/61
5/20/24, 11:58 AM CC1 – CertPreps

locations based on the user's typical login behavior. What is the primary benefit of this monitoring
approach?

A. It eliminates the need for traditional authentication methods such as passwords.

B. It significantly reduces the institution's reliance on physical security measures.

C. It enables early detection of potential account compromise and unauthorized access.

D. It allows for real-time personalization of user content based on geographic location.

The primary benefit of using automated logging and monitoring tools to track access attempts from
geographically improbable locations, based on the user's typical login behavior, is C) it enables early
detection of potential account compromise and unauthorized access. This approach, often referred to
as geolocation-based anomaly detection, leverages the power of behavior analytics to identify patterns
that deviate from established norms, such as logins from locations that are physically impossible to
reach within the user's normal activity timeline. This can be indicative of unauthorized access attempts,
possibly due to credential theft or account takeover attempts. Early detection allows the financial
institution to promptly respond to potential security incidents, limiting damage and protecting
customer accounts. This strategy complements traditional authentication methods (Option A) by
adding an additional layer of security that detects anomalies beyond mere credential use. While it
enhances cyber security posture, it does not eliminate the need for physical security measures (Option
B) or serve primarily to personalize user content (Option D), which are separate considerations from the
security benefits of anomaly detection.

36. An organization has deployed a network-based intrusion detection system (NIDS) across its
enterprise network. The security team notices a pattern of traffic that repeatedly attempts to connect
to high-value servers using different ports and protocols. What type of attack is MOST likely being
detected by the NIDS, and which response strategy should be prioritized?

A. DDoS Attack; Increase network bandwidth and deploy rate limiting.

B. Port Scanning; Implement access control lists (ACLs) and port security measures.

C. SQL Injection; Harden database servers and validate all user inputs.

D. Phishing; Conduct security awareness training for employees.

The pattern of traffic attempting to connect to high-value servers using different ports and protocols
suggests that the NIDS is detecting a port scanning attack. Port scanning is a technique used by
attackers to identify open ports and services available on a networked device, often as a precursor to
more targeted attacks. The most effective response strategy is to implement access control lists (ACLs)
and port security measures. ACLs can restrict access to the network and its resources based on IP
addresses, ports, and protocols, effectively blocking unauthorized attempts to discover open ports. Port
security measures, such as disabling unused ports and services, further reduce the attack surface by
ensuring that only necessary ports and services are accessible. This approach directly addresses the
threat by limiting the attacker's ability to gather information about the network's configuration and

https://certpreps.com/cc1/?login=success 22/61
5/20/24, 11:58 AM CC1 – CertPreps

vulnerabilities, making it more difficult to exploit any identified weaknesses. Increasing network
bandwidth and deploying rate limiting are more relevant to mitigating DDoS attacks, hardening
database servers and validating user inputs are necessary to prevent SQL injections, and conducting
security awareness training is essential for defending against phishing, none of which directly mitigate
the threat of port scanning.

37. A tech company regularly conducts security awareness training sessions. Despite this, there was a
recent security breach involving an employee falling victim to a sophisticated social engineering attack.
Which enhancement to the security awareness training program could best prevent future occurrences
of this nature?

A. Increasing the frequency of the training sessions

B. Including real-world examples and case studies of social engineering attacks

C. Focusing solely on the technical aspects of cybersecurity

D. Limiting the training to high-risk departments only

Including real-world examples and case studies of social engineering attacks in the security awareness
training program could best prevent future occurrences of similar breaches. Real-world examples and
case studies provide concrete, relatable contexts that help employees better understand the tactics and
techniques used by attackers in social engineering scenarios. This approach not only makes the training
content more engaging and memorable but also helps employees recognize the signs of such attacks in
their daily activities. By analyzing actual cases, employees can learn from others' experiences,
understanding the consequences of falling victim to these attacks and the best practices for responding
to suspicious activities. This method is more effective than simply increasing the frequency of sessions
or focusing solely on technical aspects, as it addresses the human factor, which is often the weakest
link in cybersecurity. Limiting the training to high-risk departments may overlook the fact that
employees across the organization can be targets of social engineering attacks, making comprehensive
training essential.

38. A multinational corporation is reassessing its business continuity plan in light of increasing
geopolitical tensions in several regions where it operates. The company seeks to ensure the continuity
of its international operations amid potential disruptions. Which of the following should be prioritized
in the BCP to address geopolitical risks?

A. Enhancing cyber espionage detection and mitigation capabilities.

B. Diversifying supply chains to include suppliers from stable regions.

C. Increasing physical security at corporate facilities in high-risk areas.

D. Implementing a comprehensive remote work policy for all employees.

https://certpreps.com/cc1/?login=success 23/61
5/20/24, 11:58 AM CC1 – CertPreps

Diversifying supply chains to include suppliers from stable regions is the most strategic priority for
ensuring the continuity of international operations amid increasing geopolitical tensions. This approach
mitigates the risk of disruptions to the company's operations by reducing dependency on suppliers in
potentially unstable areas. By establishing relationships with suppliers in geopolitically stable regions,
the company can maintain a steady flow of materials and products, even if one or more regions
experience instability. This strategy addresses the direct impact of geopolitical tensions on the
availability of critical supplies and the company's ability to meet global demand. While enhancing cyber
espionage capabilities (Option A) is important for protecting against information breaches, it does not
address the broader operational risks associated with geopolitical instability. Increasing physical
security (Option C) protects assets and personnel but does not solve supply chain vulnerabilities.
Implementing a comprehensive remote work policy (Option D) may ensure workforce continuity but
does not address the core issue of supply chain disruption. Diversifying supply chains directly targets
the operational risks posed by geopolitical tensions, demonstrating a proactive and strategic approach
to business continuity planning that ensures the resilience of international operations against external
disruptions.

39. A company's network firewall is configured to allow all outbound traffic but restricts inbound traffic
to specific IP addresses and services deemed necessary for business operations. Despite these
measures, the IT department notices an increase in unauthorized data exfiltration attempts. Which
firewall rule adjustment would MOST effectively mitigate this risk without impeding legitimate business
activity?

A. Implementing strict outbound traffic rules to limit connections only to known external services.

B. Allowing all inbound and outbound traffic during business hours to facilitate ease of operations.

C. Blocking all outbound traffic to prevent any data from leaving the company network.

D. Enforcing a rule to allow inbound traffic from all IP addresses to ensure business continuity.

The increase in unauthorized data exfiltration attempts despite restrictions on inbound traffic suggests
that the existing firewall configuration may not adequately control outbound traffic. The most effective
adjustment to mitigate this risk, without impeding legitimate business activity, is to implement strict
outbound traffic rules. These rules should be designed to limit connections only to external services
that are known and necessary for the company's operations. By doing so, the company can prevent
sensitive data from being sent to unauthorized external entities while still allowing necessary
operational data to flow. This approach directly addresses the issue of data exfiltration by scrutinizing
and controlling the destinations of outbound traffic, thereby minimizing the risk of unauthorized data
transfer. Allowing all inbound and outbound traffic or blocking all outbound traffic would either
compromise security or disrupt business operations, making them unsuitable options. Similarly,
allowing inbound traffic from all IP addresses would increase vulnerability to external threats and does
not address the issue of data exfiltration.

40. During a network audit, an auditor finds that the WiFi network is susceptible to interference and
congestion, leading to poor performance. The auditor recommends switching to a less congested WiFi
band. Which of the following bands should the company consider for improved performance?

https://certpreps.com/cc1/?login=success 24/61
5/20/24, 11:58 AM CC1 – CertPreps

A. 2.4 GHz

B. 5 GHz

C. 900 MHz

D. 2.3 GHz

The 5 GHz band is recommended for improved performance in scenarios where WiFi networks are
susceptible to interference and congestion. Compared to the 2.4 GHz band, which is widely used and
thus more likely to experience interference from other wireless devices (such as microwaves, Bluetooth
devices, and other WiFi networks), the 5 GHz band offers more non-overlapping channels and is
generally less congested. This can result in higher data rates and a more reliable connection. The 900
MHz and 2.3 GHz bands are less commonly used for WiFi and have their own limitations and regulatory
restrictions, making them less suitable for general WiFi deployment aiming to alleviate congestion and
interference issues. The 5 GHz band, supported by newer WiFi standards (like 802.11n, 802.11ac, and
802.11ax), enables wider channel bandwidths and supports advanced technology such as MIMO
(Multiple Input Multiple Output), further enhancing network performance and capacity. Therefore, for a
company experiencing poor WiFi performance due to interference and congestion, moving to the 5
GHz band is the most practical and effective recommendation.

41. During an internal audit, a financial institution identified that its current disaster recovery (DR) plan
does not include specific recovery point objectives (RPOs) and recovery time objectives (RTOs) for its
critical systems, including its transaction processing system. Which of the following actions should the
institution prioritize to effectively address this gap in its DR plan?

A. Conducting a cost-benefit analysis of different DR technologies.

B. Defining and documenting RPOs and RTOs for the transaction processing system and other critical

systems.

C. Implementing an annual DR plan review and update cycle.

D. Training employees on basic cybersecurity awareness.

Defining and documenting Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) for
the transaction processing system and other critical systems is the most direct and effective action to
address the identified gap in the financial institution's disaster recovery plan. RPOs and RTOs are
foundational components of any DR plan, setting clear expectations for the maximum tolerable data
loss (in time) and the maximum tolerable duration of service outage, respectively. Specifically
identifying these objectives for critical systems such as the transaction processing system ensures that
the DR strategies are aligned with the institution's risk tolerance and operational requirements. This
focus on defining RPOs and RTOs enables the institution to prioritize recovery efforts based on the
criticality of systems and data, ensuring that resources are allocated efficiently during a disaster
recovery process. Conducting a cost-benefit analysis of DR technologies (A), implementing an annual
DR plan review cycle (C), and training employees on cybersecurity awareness (D) are all important

https://certpreps.com/cc1/?login=success 25/61
5/20/24, 11:58 AM CC1 – CertPreps

elements of a comprehensive DR strategy, but they do not directly address the critical need for
establishing RPOs and RTOs. This prioritization reflects a deep understanding of the components of a
disaster recovery plan, crucial for candidates preparing for the ISC2 Certified in Cybersecurity (CC)
Exams.

42. A software development company has a policy where developers are allowed to deploy code to
production environments after passing code reviews. However, to improve security and compliance, the
company is considering changes to its deployment process. Which of the following adjustments would
best implement the segregation of duties principle?

A. Implementing an automated deployment pipeline that requires code to pass static and dynamic analysis

before deployment.

B. Requiring that code reviews be conducted by a team separate from the development team that wrote the

code.

C. Establishing a dedicated release management team responsible for all deployments to production,

separate from the development team.

D. Mandating that senior developers approve all deployments, regardless of who wrote the code.

The adjustment that best implements the segregation of duties principle in the context of a software
development company's deployment process is establishing a dedicated release management team
responsible for all deployments to production, separate from the development team (C). This approach
ensures that the individuals who write and review the code are not the same as those who have the
authority to deploy it to production environments. By segregating the development and deployment
responsibilities, the company significantly reduces the risk of unauthorized or erroneous code making
its way into the production environment, as the release management team serves as an independent
checkpoint that can verify compliance with security standards, coding best practices, and
organizational policies before any changes are made live. Implementing an automated deployment
pipeline (A) can enhance efficiency and ensure that certain checks are performed, but it does not
address the need for human oversight in the deployment process. Requiring code reviews by a separate
team (B) improves the quality of the review process but does not separate the deployment function.
Mandating senior developers to approve deployments (D) may improve oversight but still keeps the
deployment authority within the development team, thus not fully embracing the principle of
segregation of duties. Establishing a dedicated release management team creates a clear separation
between those who create and those who deploy, reinforcing the security and integrity of the
deployment process.

43. A financial technology (FinTech) startup is developing a new platform on PaaS to handle sensitive
financial transactions and requires a solution that minimizes the risk of downtime and data loss. The
startup is also concerned about maintaining compliance with financial regulations. What feature of
PaaS should the FinTech startup prioritize for these operational and compliance requirements?

A. Comprehensive logging and monitoring tools for auditing and compliance.

https://certpreps.com/cc1/?login=success 26/61
5/20/24, 11:58 AM CC1 – CertPreps

B. Native blockchain services for secure transaction processing.

C. Automatic data backup and geo-redundancy for disaster recovery.

D. Advanced encryption capabilities for data security.

The FinTech startup developing a new platform on Platform as a Service (PaaS) to handle sensitive
financial transactions should prioritize automatic data backup and geo-redundancy for disaster
recovery to minimize the risk of downtime and data loss while maintaining compliance with financial
regulations. This feature ensures that data is automatically backed up at regular intervals and stored in
multiple geographic locations, providing a robust mechanism for data recovery in the event of a system
failure, data corruption, or other disasters. Geo-redundancy enhances the platform's resilience by
enabling the startup to quickly restore operations using data centers located in different regions,
thereby minimizing downtime and the risk of data loss. This capability is crucial for maintaining the
integrity and availability of financial transaction data, which is essential for the startup's operational
reliability and compliance with stringent financial regulations. While comprehensive logging and
monitoring tools (Option A) are important for auditing and compliance, native blockchain services
(Option B) offer secure transaction processing, and advanced encryption capabilities (Option D) secure
data, none directly addresses the combined need for minimizing downtime, ensuring data availability,
and maintaining regulatory compliance as effectively as automatic data backup and geo-redundancy do,
making it the most critical feature for the startup's operational and compliance requirements.

44. An online retail company is planning to enhance its business continuity strategy to address potential
disruptions during the peak holiday shopping season. Which of the following measures would most
effectively ensure the continuity of online sales and customer service operations during unexpected
downtime?

A. Developing a robust content delivery network (CDN) to distribute website load.

B. Establishing a manual order processing and customer service hotline.

C. Implementing an omni-channel sales platform to diversify sales channels.

D. Creating a disaster recovery site for the e-commerce platform that automatically takes over in case of

the primary site's failure.

Creating a disaster recovery site for the e-commerce platform that automatically takes over in case of
the primary site's failure is the most effective measure to ensure the continuity of online sales and
customer service operations during unexpected downtime. This solution directly addresses the critical
need for the online retail company to maintain its online presence and operational capabilities,
especially during the peak holiday shopping season when demand is highest and any disruption can
lead to significant financial losses and customer dissatisfaction. An automated failover to a disaster
recovery site ensures that the e-commerce platform can continue to operate seamlessly in the event of
a failure, minimizing downtime and preserving the user experience. This approach is superior to
developing a CDN (option A), which mainly improves website performance but does not address site
failure, establishing manual processes (option B), which cannot match the efficiency and scale of

https://certpreps.com/cc1/?login=success 27/61
5/20/24, 11:58 AM CC1 – CertPreps

automated online operations, or implementing an omni-channel platform (option C), which diversifies
sales channels but does not solve the problem of maintaining the online platform's availability. The
disaster recovery site exemplifies a focused and strategic application of business continuity planning,
prioritizing the availability of critical online operations to safeguard revenue and customer loyalty
during critical sales periods.

45. A technology firm's BYOD policy requires that all personal devices connecting to the corporate
network have up-to-date security software. Which of the following strategies would most effectively
ensure compliance with this policy?

A. Conducting regular audits of personal devices to verify the presence and currency of security software.

B. Requiring employees to sign a declaration affirming their devices meet the security software

requirement.

C. Implementing a network access control (NAC) solution that checks for up-to-date security software

before allowing access.

D. Providing free security software licenses to employees for their personal devices.

Implementing a network access control (NAC) solution that checks for up-to-date security software
before allowing access to the corporate network is the most effective strategy to ensure compliance
with the BYOD policy requirement. NAC solutions automatically assess devices attempting to connect
to the network to verify that they meet predefined security criteria, including the presence of up-to-
date security software. This automated approach provides real-time enforcement of the policy,
preventing devices that do not meet the requirement from accessing corporate resources, thereby
mitigating potential security risks. While conducting regular audits (Option A) can identify non-
compliant devices, this method is reactive and labor-intensive. Requiring employees to sign a
declaration (Option B) relies on self-reporting and may not accurately reflect the current state of the
device's security. Providing free security software licenses (Option D) encourages compliance but does
not guarantee that employees will install or update the software. An NAC solution ensures compliance
through technical enforcement, making it the most effective and efficient strategy to uphold the
policy's intent to protect the corporate network from potential threats introduced by personal devices.

46. An e-commerce company utilizes a cloud-based infrastructure and has designed its disaster
recovery plan to include an automated failover process to a secondary cloud region in the event of an
outage. However, during a routine test, it took longer than expected to reroute traffic, resulting in
downtime that exceeded the company's acceptable limits. Which aspect of the disaster recovery plan
should be MOST closely reviewed and potentially modified to address this issue?

A. Data backup frequency

B. Recovery Time Objective (RTO)

C. Business Impact Analysis (BIA)

https://certpreps.com/cc1/?login=success 28/61
5/20/24, 11:58 AM CC1 – CertPreps

D. Vendor agreements

The Recovery Time Objective (RTO) is a critical component of a disaster recovery plan that defines the
maximum acceptable amount of time that systems, applications, or functions can be down after a
disaster before the organization suffers significant consequences. The issue described in the scenario,
where the rerouting of traffic during a routine test took longer than expected, directly impacts the RTO
since the downtime exceeded the company's acceptable limits. This suggests that the disaster recovery
strategies in place are not sufficient to meet the predefined RTO, indicating a need for a closer review
and possible adjustment of the disaster recovery procedures or infrastructure to ensure faster recovery
times. Adjustments could include optimizing the failover process, improving automation, or
renegotiating service level agreements (SLAs) with cloud service providers to ensure quicker failover
capabilities. This scenario demonstrates the importance of regularly testing disaster recovery plans and
adjusting them as necessary to meet organizational objectives for minimizing downtime.

47. A financial institution is revising its online banking platform to incorporate stronger authentication
mechanisms. The goal is to protect against identity theft and unauthorized account access. What is the
most secure and user-friendly authentication method to implement for high-risk transactions?

A. Knowledge-based authentication (KBA) for transaction verification.

B. Push-based authentication via a banking app on registered devices.

C. Email verification for each transaction attempt.

D. Regularly changing passwords and security questions.

Push-based authentication via a banking app on registered devices strikes the ideal balance between
security and user-friendliness for high-risk transactions on an online banking platform. This method
sends a real-time notification to the user's registered device, requiring approval for the transaction to
proceed. Unlike knowledge-based authentication (KBA, Option A), which relies on information that
could potentially be guessed or obtained by fraudsters, push-based authentication requires physical
access to a device that is already registered and trusted by the user, significantly reducing the risk of
unauthorized access. Email verification (Option C) adds a layer of security but can be less immediate
and more easily compromised through phishing attacks or unauthorized access to the user's email
account. Regularly changing passwords and security questions (Option D) can improve security but may
also frustrate users and lead to weaker security practices, such as writing down passwords. Push-based
authentication, on the other hand, provides a seamless and secure method for verifying transactions,
leveraging the user's possession of a trusted device as a second factor, which enhances security
without adding unnecessary complexity or reducing the ease of use.

48. In the aftermath of a major hurricane, a regional hospital's power infrastructure was severely
damaged, leading to frequent power outages. The hospital's IT department is tasked with redesigning
the power infrastructure to enhance resilience and ensure the continuous operation of critical medical
and data systems. Which of the following strategies would be MOST effective in achieving this
objective?

https://certpreps.com/cc1/?login=success 29/61
5/20/24, 11:58 AM CC1 – CertPreps

A. Implement a microgrid system with renewable energy sources integrated with the existing power

infrastructure.

B. Install multiple, high-capacity UPS units across different hospital wings for decentralized power backup.

C. Upgrade the main electrical panel and circuits to higher specifications and add surge protectors.

D. Establish a redundant power line from a separate utility provider to ensure dual power sources.

Implementing a microgrid system with renewable energy sources integrated with the existing power
infrastructure is the most effective strategy to enhance resilience and ensure the continuous operation
of critical medical and data systems in a hospital. Microgrids are localized grids that can operate
independently from the traditional grid and are capable of balancing loads and sources within their
network. By incorporating renewable energy sources, such as solar panels or wind turbines, the
hospital can reduce its dependence on the external power grid, which is crucial in the aftermath of
natural disasters that often disrupt traditional power supplies. This approach not only provides a
reliable and sustainable backup power solution but also allows for more efficient energy management
and potentially lower operational costs. Installing multiple UPS units (Option B) offers a temporary
solution but may not be sustainable during prolonged outages. Upgrading the electrical system and
adding surge protectors (Option C) improve safety and capacity but do not address the core issue of
power source redundancy. Establishing a redundant power line (Option D) could enhance reliability but
remains vulnerable to area-wide disasters that affect the local power infrastructure. Therefore, a
microgrid system provides a comprehensive and sustainable solution to ensure uninterrupted power
supply for critical healthcare operations, especially in disaster-prone areas.

49. In the aftermath of a sophisticated cyber-espionage campaign targeting proprietary designs, a

security analyst needs to identify the method used by attackers to gain access to the network. What
aspect of incident response does this activity primarily support?

A. Prevention

B. Detection

C. Analysis

D. Eradication

The activity of identifying the method used by attackers to gain access to the network following a
cyber-espionage campaign is a critical component of the Analysis phase in the incident response
process. This phase involves a thorough investigation of the incident to understand how the breach
occurred, the extent of the compromise, and the tactics, techniques, and procedures (TTPs) used by the
attackers. By analyzing the attack vectors, security analysts can uncover vulnerabilities that were
exploited and gather intelligence that can be used to strengthen the organization's defenses against
future attacks. This detailed analysis is essential for developing effective strategies to remediate
vulnerabilities, improve security posture, and prevent similar incidents. While detection is the phase
where the incident is initially identified, and eradication involves removing the threat from the

https://certpreps.com/cc1/?login=success 30/61
5/20/24, 11:58 AM CC1 – CertPreps

environment, analysis provides the critical insights needed to inform these and other steps in the
incident response process. Therefore, the primary support this activity offers is to the Analysis phase,
enabling the organization to understand the incident fully and to plan an effective response and
recovery strategy.

50. A healthcare organization is implementing a system for secure email communication with patients
to send their health records. The system must ensure that only the intended recipient can read the
email and that the sender of the email can be verified. Which of the following strategies should be
employed to secure these email communications?

A. Encrypt emails using the healthcare organization's symmetric key

B. Encrypt emails using the recipient's public key and sign with the organization's private key

C. Sign emails using the recipient's public key

D. Sign emails with the healthcare organization's symmetric key

The strategy of encrypting emails using the recipient's public key and signing them with the healthcare
organization's private key meets both requirements for secure email communication. Encrypting the
email with the recipient's public key ensures that only the recipient, who possesses the corresponding
private key, can decrypt and read the email, thus maintaining confidentiality. Signing the email with the
organization's private key allows the recipient to use the organization's public key to verify the email's
origin, providing sender verification and authenticity. This method leverages asymmetric encryption to
protect the content of the messages and digital signatures to provide authenticity and non-repudiation,
making it an ideal choice for secure and private communication of sensitive health records. Using a
symmetric key for encryption (A) or signing (D) would not be practical due to the difficulty of securely
sharing the symmetric key with every patient and does not inherently provide a way for recipients to
verify the sender's identity. Signing emails using the recipient's public key (C) is not a valid approach, as
signatures are meant to be created with the sender's private key, not the recipient's public key or any
symmetric key.

51. A multinational corporation is evaluating its cybersecurity framework to ensure it aligns with
international standards, aiming to protect its diverse operations across various regulatory
environments. The company is particularly focused on enhancing its data protection measures to
comply with both the General Data Protection Regulation (GDPR) and the California Consumer Privacy
Act (CCPA). Which of the following actions would MOST effectively ensure that the corporation's
cybersecurity framework meets these international standards?

A. Conducting regular cybersecurity audits against ISO/IEC 27001 standards.

B. Implementing an encryption protocol for data at rest and in transit.

C. Establishing a unified data classification scheme across all operations.

D. Appointing a Data Protection Officer (DPO) to oversee compliance efforts.

https://certpreps.com/cc1/?login=success 31/61
5/20/24, 11:58 AM CC1 – CertPreps

Conducting regular cybersecurity audits against ISO/IEC 27001 standards (Option A) is the most
effective action to ensure that the corporation's cybersecurity framework meets international
standards like GDPR and CCPA. ISO/IEC 27001 is a globally recognized standard that provides a
framework for an information security management system (ISMS), focusing on the assessment and
mitigation of information security risks. Regular audits against this standard help ensure that the
organization's cybersecurity measures are comprehensive and effective, covering aspects such as data
protection, risk management, and incident response. This aligns with the requirements of both GDPR
and CCPA, which emphasize protecting personal data and managing privacy risks. Implementing
encryption (Option B) and a unified data classification scheme (Option C) are important measures but
are components of a broader security strategy that ISO/IEC 27001 audits can validate. Appointing a
DPO (Option D) is a requirement of GDPR and beneficial for CCPA compliance, but on its own does not
guarantee the cybersecurity framework aligns with international standards. Regular ISO/IEC 27001
audits ensure ongoing adherence to high cybersecurity standards, fostering trust among stakeholders
and reducing the risk of non-compliance with international regulations.

52. A network engineer is configuring a protocol to dynamically assign IP addresses to hosts on a local
network. This protocol must be able to provide IP addresses, subnet masks, and default gateway
information to clients. To understand and troubleshoot this protocol's operation, the engineer should
be familiar with which OSI model layer?

A. Layer 2 (Data Link)

B. Layer 3 (Network)

C. Layer 4 (Transport)

D. Layer 7 (Application)

The protocol for dynamically assigning IP addresses, subnet masks, and default gateway information to
clients is DHCP (Dynamic Host Configuration Protocol), which operates at Layer 3 (Network) of the OSI
model. This layer is responsible for logical addressing, routing, and packet forwarding, making it
essential for the operation of DHCP. DHCP enables devices on a network to automatically receive an IP
address and other network configuration details necessary for communicating on an IP network.
Understanding and troubleshooting DHCP's functionality requires knowledge of Layer 3 processes
because this layer handles the addressing that allows devices to be identified and communicate over a
network. While Layer 2 (Data Link) is concerned with physical addressing (MAC addresses) and access
to the media, and Layer 4 (Transport) provides end-to-end communication control, neither directly
deals with the assignment of IP addresses or routing. Layer 7 (Application) involves application-level
protocols, which are not directly involved in the network addressing and configuration provided by
DHCP. Therefore, Layer 3 (Network) is the correct layer to focus on for configuring, understanding, and
troubleshooting DHCP and its role in network addressing and configuration.

53. A multinational corporation is planning to expand its operations into a region known for high cyber
espionage activities. The corporation's board is concerned about the increased risk to intellectual
property and seeks a cybersecurity strategy that aligns with the company's risk tolerance. What
approach should the cybersecurity team recommend?
https://certpreps.com/cc1/?login=success 32/61
5/20/24, 11:58 AM CC1 – CertPreps

A. Limit the expansion and keep sensitive operations in lower-risk regions.

B. Proceed with the expansion without additional cybersecurity measures to maximize growth.

C. Implement state-of-the-art cybersecurity defenses for operations in the new region.

D. Evaluate the specific risks of cyber espionage in the new region and tailor the cybersecurity measures

accordingly.

The recommendation to evaluate the specific risks of cyber espionage in the new region and tailor the
cybersecurity measures accordingly is the most aligned approach with the multinational corporation's
risk tolerance and strategic objectives. This strategy involves conducting a detailed risk assessment to
understand the unique threats and vulnerabilities associated with the expansion into a high-risk region.
By identifying the specific risks of cyber espionage, the cybersecurity team can develop a targeted
strategy that focuses on protecting the corporation's most valuable assets, such as intellectual property,
without overextending resources on unnecessary or less critical defenses. This tailored approach allows
the corporation to balance its growth ambitions with the need for security, ensuring that protective
measures are both effective and proportional to the risk. It demonstrates a nuanced application of risk
management principles, taking into account the corporation's willingness to accept certain risks in
pursuit of strategic objectives, while also ensuring that critical assets are adequately protected. This
method enables the corporation to proceed with its expansion plans in a manner that is conscious of
the heightened cyber risk, thereby aligning its cybersecurity strategy with its overall risk tolerance and
business goals.

54. In an effort to enhance network security, a system administrator plans to implement a system to
inspect and analyze all incoming and outgoing packets for malicious activities. This system should
operate transparently to end users and require minimal changes to client configurations. At which layer
of the TCP/IP model should this system be implemented to achieve these objectives?

A. Application Layer

B. Transport Layer

C. Internet Layer

D. Network Access Layer

Implementing a system to inspect and analyze all incoming and outgoing packets for malicious
activities at the Network Access Layer of the TCP/IP model would achieve the objectives of operating
transparently to end users and requiring minimal changes to client configurations. The Network Access
Layer deals with the physical and data link aspects of network access, including how data is physically
transmitted over the network media and how devices access and communicate over the network. By
positioning the inspection and analysis system at this layer, it can monitor and scrutinize packet
contents as they enter or leave the network without needing to interpret application-specific protocols
or manage end-to-end communication sessions. This allows the system to function transparently from
the perspective of end users and applications, as it does not interfere with higher-layer processes.

https://certpreps.com/cc1/?login=success 33/61
5/20/24, 11:58 AM CC1 – CertPreps

Moreover, since this approach operates at a low level in the network stack, it minimally impacts client
configurations, which typically involve settings related to higher layers of the TCP/IP model. While
systems can also be implemented at the Application (A), Transport (B), or Internet (C) Layers for more
specific types of inspection and analysis, these would not meet the criteria of minimal client
configuration changes and transparency as effectively as an implementation at the Network Access
Layer.

55. A regional bank has deployed a multi-tiered application architecture for its online banking platform.
The architecture includes web servers, application servers, and database servers. The bank has recently
experienced a significant increase in online transactions and is concerned about the potential impact of
a disaster on its operations. Which of the following strategies would MOST effectively ensure the
continuity of online banking services in the event of a disaster affecting the data center?

A. Implementing rate limiting on the web servers to reduce load.

B. Establishing a hot site with real-time data replication for all tiers.

C. Increasing the bandwidth to the data center to improve data transfer rates.

D. Encrypting all data in transit between the tiers to enhance security.

Implementing a hot site with real-time data replication for all tiers of the application architecture is the
most effective strategy to ensure the continuity of online banking services in the event of a disaster
affecting the data center. This approach allows the bank to immediately switch to a fully operational,
alternative infrastructure that mirrors its primary data center in real-time. The hot site includes all
necessary hardware and software, enabling a seamless transition with minimal to no downtime for end-
users. Real-time data replication ensures that all transactional data is up-to-date, preserving the
integrity and availability of critical financial data. This strategy directly addresses the bank's concern
about the impact of a disaster on its operations by providing a robust disaster recovery solution that
maintains the continuity of online banking services, even in the face of catastrophic events. Rate
limiting (A) might help manage server load under normal conditions but does not address disaster
recovery. Increasing bandwidth (C) improves data transfer rates but doesn't safeguard against data
center outages. Encrypting data in transit (D) enhances security but does not contribute to disaster
recovery efforts. The chosen strategy of a hot site with real-time replication encapsulates the
importance of disaster recovery in maintaining operational continuity, demonstrating an applied
understanding of disaster recovery principles within the context of ISC2 Certified in Cybersecurity (CC)
exam expectations.

56. During a security audit, it was found that an organization's wireless network was susceptible to an
attack where an unauthorized entity could intercept and modify the data transmitted between wireless
clients and the access point. To mitigate this threat, which security measure should be implemented?

A. Install antivirus software on all devices.

B. Use WPA3 protocol for wireless communication.

https://certpreps.com/cc1/?login=success 34/61
5/20/24, 11:58 AM CC1 – CertPreps

C. Disable the network's SSID broadcast.

D. Increase the firewall's security settings.

The vulnerability described pertains to the security of wireless communications, making it susceptible
to a Man-in-the-Middle (MITM) attack where an attacker can intercept and potentially alter data
transmitted between clients and the access point. Implementing the WPA3 protocol for wireless
communication is the most effective measure among the options given to mitigate this threat. WPA3
provides robust security features, including enhanced encryption and individualized data encryption,
which protect against MITM attacks by making it significantly more difficult for attackers to intercept
or tamper with wireless communications. Antivirus software, while essential for detecting and
removing malware, does not address the specific vulnerability of the wireless network. Disabling SSID
broadcast may obscure the network from casual discovery but does not protect against interception of
data. Increasing firewall settings primarily secures the network against unauthorized access and
intrusion but does not specifically address the encryption and security of data transmitted over the
wireless network.

57. An organization's AUP includes strict guidelines on internet browsing to prevent exposure to
malicious content and ensure productive use of company resources. Which employee behavior would
most likely be considered a breach of this policy?

A. Accessing industry-related news sites during lunch breaks.

B. Using a personal smartphone to check personal emails over the company's Wi-Fi.

C. Browsing social media websites that are not directly related to work tasks or responsibilities.

D. Participating in an online professional development course approved by the employee's manager.

Browsing social media websites that are not directly related to work tasks or responsibilities most likely
constitutes a breach of the AUP's guidelines on internet browsing. AUPs typically aim to limit exposure
to potentially malicious content and ensure that company resources are used in a manner that
contributes to productivity and the organization's objectives. While accessing industry-related news
(Option A) and participating in approved professional development courses (Option D) can be seen as
beneficial or at least neutral in terms of productivity and risk, and using a personal smartphone to
check emails (Option B) may not violate the policy if done over the company's Wi-Fi without impacting
company resources, browsing unrelated social media sites during work hours is generally prohibited
because it can lead to wasted time and expose the company's network to risks from less secure
websites. This action directly contravenes the intent of the AUP to maintain a secure and productive
work environment.

58. During an audit, it was discovered that an organization's backup tapes containing sensitive
customer information were stored off-site without encryption. What is the primary risk associated with
this practice?

https://certpreps.com/cc1/?login=success 35/61
5/20/24, 11:58 AM CC1 – CertPreps

A. Increased risk of data corruption over time.

B. Inability to recover data in the event of a physical disaster.

C. Unauthorized access to sensitive information if the tapes are lost or stolen.

D. Legal penalties for non-compliance with data storage regulations.

The primary risk associated with storing backup tapes containing sensitive customer information off-
site without encryption is C) unauthorized access to sensitive information if the tapes are lost or stolen.
Backup tapes are physical media that, when unencrypted, allow anyone with access to them to read the
data they contain without needing any special permissions or passwords. This exposes the organization
to the risk of data breaches, where sensitive customer information could be accessed, disclosed, or
misused by unauthorized individuals. While data corruption (A) is a concern for any data storage
medium, and legal penalties (D) could result from non-compliance with regulations requiring the
protection of customer data, the immediate and direct risk of unencrypted tapes is the potential for
unauthorized access. The inability to recover data (B) is related to the effectiveness of the backup
strategy rather than the encryption of the tapes. Encrypting backup data is a critical security measure
that ensures data confidentiality, making it unreadable without the appropriate decryption key, thus
mitigating the risk of data breaches.

59. Sarah, a cybersecurity consultant, is working on a project for a client when she identifies a critical
security flaw in a third-party application that the client uses extensively. Knowing that revealing this
flaw could delay the project and possibly harm her consulting firm's relationship with the client,
according to the (ISC)² Code of Ethics, how should Sarah proceed?

A. Inform the client about the flaw immediately and recommend mitigation strategies.

B. Withhold the information until after the current project phase is completed to avoid conflict.

C. Discuss the situation with her consulting firm to decide on a disclosure strategy.

D. Contact the third-party application vendor to disclose the flaw and leave the client out of the

communication.

Informing the client about the flaw immediately and recommending mitigation strategies is the course
of action that best aligns with the (ISC)² Code of Ethics. This decision upholds the ethical principles of
honesty, integrity, and responsibility, placing the client's interests and the protection of their assets
above the potential short-term impact on the project timeline or the consulting firm's relationship with
the client. By choosing transparency and proactive communication, Sarah demonstrates a commitment
to professional ethics, ensuring that the client is fully informed and able to take necessary steps to
mitigate the risk associated with the security flaw. This approach not only protects the client but also
strengthens trust and credibility in the long term. Withholding information, delaying disclosure, or
discussing the issue only within her firm without immediate client notification could result in harm or
exploitation of the vulnerability, violating ethical obligations to act in the best interest of clients and the
public. Direct communication with the vendor without involving the client might address the flaw's

https://certpreps.com/cc1/?login=success 36/61
5/20/24, 11:58 AM CC1 – CertPreps

resolution but fails to respect the client's right to be informed and involved in decisions affecting their
security posture.

60. Following a security audit, a software development company was advised to implement RBAC to
manage access to its code repositories more securely. The audit revealed that developers had varying
levels of access depending on the projects they were currently assigned to, leading to inconsistencies
and potential security risks. Which RBAC strategy would MOST effectively address this issue?

A. Create standardized roles based on common development tasks and assign developers to these roles

instead of granting access on a per-project basis.

B. Grant all developers full access to all code repositories to encourage a collaborative and transparent

work environment.

C. Assign individual access rights to developers based on seniority, assuming more experienced developers

require broader access.

D. Implement an open-access policy for all employees to foster innovation, monitoring access through

auditing and logging mechanisms.

The recommendation to adopt RBAC for managing access to code repositories aims to address the
audit findings of inconsistent access levels and potential security risks. By creating standardized roles
that reflect the common development tasks across projects, the company can ensure a consistent,
organized, and secure approach to access control. This strategy allows developers to be assigned to
roles that accurately reflect their job functions and access needs, ensuring they have appropriate
access to the necessary repositories while minimizing the risk of unauthorized access or exposure of
sensitive code. This approach promotes the principle of least privilege and simplifies the management
of access rights, making it easier to update as project assignments or job functions change. Options B,
C, and D fail to address the audit's concerns adequately, as they could introduce security risks, do not
align with the principle of least privilege, or lack the specificity and control that RBAC provides in
managing access based on defined roles and responsibilities.

61. Alice and Bob are communicating over a secure channel using symmetric encryption. They are using
a 256-bit key for the encryption process. However, Alice needs to securely transmit the key to Bob
before they can start their encrypted communication. Which of the following methods is the most
secure way for Alice to transmit the key to Bob?

A. Email the key to Bob using their usual email accounts.

B. Use a trusted courier service to physically deliver the key.

C. Transmit the key over the internet using the same symmetric encryption.

D. Use an asymmetric encryption method to encrypt the key before sending it over the internet.

https://certpreps.com/cc1/?login=success 37/61
5/20/24, 11:58 AM CC1 – CertPreps

In this scenario, the correct option is D, using an asymmetric encryption method to encrypt the key
before sending it over the internet. Symmetric encryption requires that both parties have access to the
same secret key for encryption and decryption. The challenge lies in securely transmitting this key to
the communication partner without interception. Options A and C are insecure because sending the
key via email or using the same symmetric encryption without first securely exchanging the key
exposes it to potential interception. Option B, while more secure than A and C, is impractical and still
poses risks of physical interception. The best practice in such scenarios is to use asymmetric
encryption, where Alice can encrypt the symmetric key with Bob's public key. Only Bob's private key,
which he securely holds, can decrypt this message to retrieve the symmetric key. This method
leverages the strength of asymmetric encryption for secure key exchange, ensuring that even if the
transmission is intercepted, the symmetric key remains secure because the interceptor cannot decrypt
it without Bob's private key. This approach integrates the efficiency of symmetric encryption for the
main communication with the secure key exchange capabilities of asymmetric encryption, embodying
best practices in cryptographic security.

62. In a scenario where a company is designing a new server room within an office building, which
consideration is MOST critical when selecting a fire suppression system to ensure the safety of both
personnel and electronic equipment?

A. The system's ability to trigger automatically in response to smoke detection

B. The environmental impact of the fire suppression agent

C. The system's capacity to suppress fire without reducing oxygen levels to dangerous levels

D. The compatibility of the fire suppression agent with electronic equipment

The system's capacity to suppress fire without reducing oxygen levels to dangerous levels is the most
critical consideration when selecting a fire suppression system for a server room within an office
building, to ensure the safety of both personnel and electronic equipment. Fire suppression systems,
especially those designed for areas containing sensitive equipment, must effectively extinguish fires
while also considering the well-being and safety of individuals who may be present. Systems that
significantly reduce oxygen levels (such as some gas-based systems) can pose a serious risk to human
life. While automatic triggering in response to smoke detection (Option A) and the environmental
impact of the suppression agent (Option B) are important factors, ensuring human safety by
maintaining breathable air during and after system activation is paramount. The compatibility of the
fire suppression agent with electronic equipment (Option D) is also vital for protecting assets, but it
must not compromise human safety. Therefore, selecting a fire suppression system that balances
effective fire control without endangering personnel through oxygen displacement is essential for a
server room in an occupied building.

63. A financial institution is reviewing its current alarm system to enhance security measures after
experiencing a series of unauthorized after-hours access incidents. Which of the following upgrades
would MOST effectively detect and prevent unauthorized access while minimizing false alarms?

https://certpreps.com/cc1/?login=success 38/61
5/20/24, 11:58 AM CC1 – CertPreps

A. Implementing dual-technology sensors that require both motion and thermal detection to trigger an

alarm

B. Increasing the sensitivity of existing motion detectors

C. Adding more audible alarm sirens throughout the premises

D. Upgrading the alarm system to a newer model with a higher decibel alarm sound

Implementing dual-technology sensors that require both motion and thermal detection to trigger an
alarm represents the most effective strategy to enhance security measures by detecting and preventing
unauthorized access while minimizing false alarms. Dual-technology sensors combine two types of
detection methodologies, typically passive infrared (PIR) for motion detection and microwave or
ultrasonic sensors for thermal detection. This combination requires both heat and movement to be
detected simultaneously for the alarm to trigger, significantly reducing the likelihood of false alarms
caused by non-human sources, such as small animals or environmental changes. Increasing the
sensitivity of existing motion detectors (B) might increase the detection of unauthorized access but also
raises the probability of false alarms. Adding more audible alarm sirens (C) and upgrading to a louder
alarm system (D) may enhance the deterrence factor but do not improve the detection accuracy or
reduce false positives. Therefore, dual-technology sensors directly address the institution's need for a
more reliable and efficient alarm system.

64. For a university with a diverse set of users including students, faculty, and administrative staff,
managing network security and access rights is a significant challenge. The university's network
includes academic resources, student records, and research data. To enhance security and manage
access effectively, which network segmentation strategy should be employed?

A. Grouping all users into a single network segment with differentiated access controls based on user roles.

B. Segmenting the network into virtual networks (VLANs) based on user groups (students, faculty,

administrative staff) and types of resources (academic, administrative, research).

C. Isolating the student access network physically from the faculty and administrative networks without

any cross-segment communication.

D. Relying on firewall rules to manage access between different types of users and network resources

without segmenting the network.

Segmenting the network into virtual networks (VLANs) based on user groups (students, faculty,
administrative staff) and types of resources (academic, administrative, research) is the most effective
strategy for a university to enhance security and manage access effectively. This approach allows for
the creation of distinct, secure segments within the same physical network infrastructure, facilitating
granular control over who can access specific network resources. VLANs enable the university to
implement tailored access controls and security policies for different segments, ensuring that students,
faculty, and administrative staff have access only to the appropriate resources necessary for their roles

https://certpreps.com/cc1/?login=success 39/61
5/20/24, 11:58 AM CC1 – CertPreps

and activities. This segmentation not only improves network security by limiting potential pathways for
unauthorized access and reducing the impact of any single point of compromise but also supports
efficient network management and ensures that sensitive data, such as student records and research
data, is adequately protected. Unlike grouping all users into a single network segment with
differentiated access controls (Option A), which lacks the physical separation and granularity provided
by VLANs, or isolating student access networks physically from faculty and administrative networks
without any cross-segment communication (Option C), which may hinder collaboration and access to
shared resources, VLAN-based segmentation offers a balanced and flexible solution. Relying solely on
firewall rules (Option D) without segmenting the network may not provide sufficient isolation or control
over internal traffic flows, making VLANs the most suitable strategy for addressing the university's
network security and access management challenges.

65. After a series of cyber-attacks, a multinational corporation implements an incident response plan
that includes immediate incident classification and prioritization based on impact. During a subsequent
phishing attack, this approach allows for a swift response, preventing significant data loss. What does
this scenario best illustrate about incident response?

A. The effectiveness of a decentralized incident response team structure.

B. The necessity of continuous monitoring and threat intelligence sharing.

C. The critical role of incident classification and prioritization in effective response.

D. The importance of regular updates to cybersecurity protocols and infrastructure.

This scenario underscores the critical role of incident classification and prioritization in ensuring an
effective response to cyber-attacks. By implementing an incident response plan that emphasizes
immediate incident classification and prioritization based on impact, the multinational corporation was
able to respond swiftly to a phishing attack, effectively preventing significant data loss. This approach
allows the incident response team to quickly assess the severity and potential impact of an incident,
ensuring that resources are allocated efficiently and that the most critical threats are addressed with
urgency. Such prioritization is essential in a landscape where organizations face a multitude of potential
threats and must make strategic decisions about where to focus their response efforts. This method not
only enhances the effectiveness of the incident response process by reducing the time to mitigation but
also minimizes the overall impact of incidents on the organization's operations and reputation. While
continuous monitoring, threat intelligence sharing, regular updates to cybersecurity protocols, and the
structure of the incident response team are important elements of a comprehensive cybersecurity
strategy, the ability to classify and prioritize incidents stands out as a key factor in the swift and
effective management of the phishing attack in this scenario, demonstrating its importance in incident
response.

66. A network engineer is configuring an IPv6 network for a small office and decides to use stateless
address autoconfiguration (SLAAC) for ease of management. Which of the following must be present on
the network to support SLAAC?

A. An IPv6-enabled DHCP server

https://certpreps.com/cc1/?login=success 40/61
5/20/24, 11:58 AM CC1 – CertPreps

B. A router with Router Advertisements enabled

C. An Active Directory Domain Controller

D. A Network Time Protocol (NTP) server

Stateless Address Autoconfiguration (SLAAC) is a method that allows devices on an IPv6 network to
automatically configure their own addresses without the need for a centralized DHCP server. For
SLAAC to function, an IPv6 network must have a router with Router Advertisements (RA) enabled.
These RAs are sent periodically and upon request to network devices, providing them with the
necessary prefix information to generate their own IPv6 addresses based on the network's prefix and
the device's interface identifier. This method simplifies the network configuration process, particularly
in small or medium-sized networks where manual address assignment or DHCPv6 might be more
complex or unnecessary. An IPv6-enabled DHCP server (Option A) is used for DHCPv6, not SLAAC, and
is not required for stateless configuration. An Active Directory Domain Controller (Option C) and a
Network Time Protocol (NTP) server (Option D) are unrelated to the IPv6 address configuration process
and therefore are not necessary for SLAAC to function. Thus, a router with Router Advertisements
enabled is essential for supporting SLAAC on an IPv6 network.

67. During an audit of a financial institution's data handling practices, it was discovered that customer
financial information was stored on a server accessible by multiple departments. Which of the following
modifications to the data handling policy would most effectively mitigate the risk of unauthorized data
access?

A. Implementing strict password policies for accessing the server.

B. Segregating the server based on the principle of least privilege.

C. Increasing the frequency of security audits of the server.

D. Introducing multi-factor authentication for server access.

Segregating the server based on the principle of least privilege directly addresses the root cause of the
risk by ensuring that access to customer financial information is strictly limited to individuals whose job
functions require it. This principle minimizes the number of people who have access to sensitive
information, thereby reducing the risk of unauthorized access from both external and internal threats.
While implementing strict password policies (Option A) and introducing multi-factor authentication
(Option D) are important security measures, they do not address the issue of unnecessary access rights.
Increasing the frequency of security audits (Option C) can help identify vulnerabilities but does not
prevent unauthorized access by those already granted access. Segregation ensures that even if
credentials are compromised, the attacker cannot access information beyond what is necessary for the
compromised account's role, effectively minimizing potential damage.

68. An organization has recently deployed a web application firewall (WAF) to protect its e-commerce
platform against web-based attacks. The security team has configured the WAF with default protection

https://certpreps.com/cc1/?login=success 41/61
5/20/24, 11:58 AM CC1 – CertPreps

rules. However, they notice an unusual spike in legitimate traffic being blocked, which impacts
customer transactions. Which of the following actions should the security team take FIRST to address
this issue?

A. Disable the WAF until the source of the issue can be identified.

B. Adjust the WAF's sensitivity settings and review its protection rules.

C. Increase the security level of the WAF to block more types of attacks.

D. Implement rate limiting to reduce the volume of incoming traffic.

Adjusting the WAF's sensitivity settings and reviewing its protection rules is the most effective first step
in this scenario. The unusual spike in legitimate traffic being blocked indicates that the WAF's current
configuration might be too aggressive or not properly tailored to the specific characteristics of the web
application it is meant to protect. By adjusting the sensitivity settings, the security team can reduce
false positives—legitimate traffic incorrectly identified as malicious. Reviewing the protection rules
allows the team to identify and modify any rules that are incorrectly flagging legitimate traffic. This
approach directly addresses the root cause of the issue without compromising the security posture of
the e-commerce platform, unlike disabling the WAF, which would remove the protection layer entirely,
or increasing the security level, which could exacerbate the problem. Implementing rate limiting is a
measure to control traffic volume but does not directly address the misidentification of legitimate
traffic as malicious.

69. During an annual review of security protocols, a financial institution identifies a potential risk
related to the manual process of transferring customer data between different departments. To
minimize the risk of unauthorized disclosure or alteration of data during transfer, which administrative
control should the institution implement first?

A. Developing a data handling and classification policy.

B. Increasing the frequency of access control audits.

C. Introducing a secure electronic data transfer system.

D. Conducting periodic security awareness training for employees involved in data transfer.

Developing a data handling and classification policy is the foundational administrative control the
financial institution should implement first to minimize the risk of unauthorized disclosure or alteration
of data during transfer. This policy establishes the framework for how data is classified, handled, and
protected based on its sensitivity and value to the organization. It sets clear guidelines for employees
on the procedures and protocols for securely transferring data between departments, including the use
of secure methods of transfer, the application of appropriate access controls, and the importance of
data encryption. This control directly addresses the identified risk by ensuring that all employees
understand their responsibilities and the specific steps they must take to protect customer data during
its transfer. While introducing a secure electronic data transfer system, conducting security awareness
training, and increasing the frequency of access control audits are important measures, they are most

https://certpreps.com/cc1/?login=success 42/61
5/20/24, 11:58 AM CC1 – CertPreps

effective when guided by a comprehensive data handling and classification policy that provides the
necessary context and standards for secure data management practices.

70. A multinational corporation is implementing a new data classification policy to better protect its
sensitive information. The policy categorizes data into Public, Internal Use Only, Confidential, and
Highly Confidential. Which of the following actions should be taken for data labeled as "Highly
Confidential"?

A. Store the data on any company server with regular access controls.

B. Encrypt the data both at rest and in transit, and limit access to authorized personnel only.

C. Publish the data on the company intranet for easy access by all employees.

D. Print and store the data in a secure physical location without digital copies to avoid cyber threats.

For data labeled as "Highly Confidential" under the new data classification policy, the appropriate action
is B) encrypt the data both at rest and in transit, and limit access to authorized personnel only. This
classification typically applies to information that, if disclosed, could cause substantial harm to the
organization or individuals. Encrypting the data both at rest and in transit ensures that it remains
secure and unreadable to unauthorized users, thereby protecting it from interception or unauthorized
access. Limiting access to authorized personnel only further ensures that only those with a legitimate
need to know can access this sensitive information, reducing the risk of accidental or intentional
disclosure. This approach is aligned with best practices for handling highly confidential information,
ensuring compliance with data protection regulations and safeguarding the organization's and
individuals' privacy. Options A and C do not provide the necessary level of protection for highly
confidential data, as they do not sufficiently restrict access or ensure data encryption. Option D, while
offering protection against cyber threats, is impractical in a digital-first business environment and does
not address the risk of physical theft or loss.

71. An organization plans to adopt a Bring Your Own Device (BYOD) policy. In the risk identification
process, what should be the primary concern?

A. Ensuring compatibility of personal devices with corporate systems

B. Managing the increased IT support workload due to diverse devices

C. Securing data on personal devices against unauthorized access

D. Calculating the potential cost savings over corporate-provided devices

Securing data on personal devices against unauthorized access should be the primary concern in the
risk identification process when an organization plans to adopt a Bring Your Own Device (BYOD) policy.
This focus is paramount because the use of personal devices for work purposes introduces a significant
risk to the organization's data security. Personal devices, which are often less secure than corporate-
provided devices, can become vectors for data breaches, malware infections, and unauthorized access if
https://certpreps.com/cc1/?login=success 43/61
5/20/24, 11:58 AM CC1 – CertPreps

not properly managed and secured. The risk is exacerbated by the variety of devices and operating
systems that the IT department must secure and monitor. While ensuring compatibility of devices with
corporate systems, managing the increased IT support workload, and calculating cost savings are
important considerations in a BYOD policy, they do not directly address the critical risk to data security
posed by the use of personal devices. Prioritizing the security of data on these devices involves
implementing measures such as encryption, secure access protocols, and mobile device management
(MDM) solutions that can enforce security policies and remotely wipe data if a device is lost or stolen.
This approach not only protects sensitive corporate information but also complies with data protection
regulations, thereby safeguarding the organization against potential data breaches, financial losses, and
reputational damage.

72. After a security breach involving unauthorized access to a server room, it was discovered that an
employee had held the door open for an unknown person, assuming they were a new staff member.
What security training topic should be emphasized to prevent similar incidents in the future?

A. The importance of physical security measures and surveillance systems.

B. Procedures for reporting lost or stolen access badges.

C. The risks associated with social engineering attacks and tailgating.

D. The process for onboarding new employees and granting access permissions.

The incident where an employee unwittingly allowed unauthorized access by holding the door open for
an unknown individual highlights the vulnerability of physical security to social engineering attacks,
specifically tailgating. Tailgating is a technique used by malicious actors to gain unauthorized access by
following someone with legitimate access into a restricted area, often relying on social norms and the
courtesy of holding doors open for others. To prevent similar incidents in the future, security training
should emphasize the risks associated with social engineering attacks and the specific tactic of
tailgating. This training should educate employees on the importance of challenging unfamiliar
individuals in secure areas, even in situations that might seem socially awkward, and the procedures for
doing so safely and respectfully. While physical security measures and surveillance systems (A),
procedures for reporting lost or stolen badges (B), and the process for onboarding new employees (D)
are essential components of a comprehensive security program, they do not directly address the
behavior that led to the breach. By focusing on the risks of social engineering and tailgating, employees
can become a proactive element of the organization's security posture, capable of identifying and
mitigating human-centric threats that technical controls alone cannot fully address.

73. During a routine audit, it is discovered that an organization's IPS has failed to detect and block
several instances of a known malware variant trying to infiltrate the network. Which of the following
actions would MOST likely improve the IPS's ability to prevent this specific type of intrusion in the
future?

A. Implementing additional firewall rules to specifically block the malware's known command and control

servers.

https://certpreps.com/cc1/?login=success 44/61
5/20/24, 11:58 AM CC1 – CertPreps

B. Regularly updating the IPS's signature database to include the latest definitions for known malware

variants.

C. Increasing the logging level of all network devices to capture more detailed information about attempted

intrusions.

D. Deploying a dedicated antivirus solution on all endpoints to catch malware missed by the IPS.

Regularly updating the Intrusion Prevention System's (IPS) signature database is critical to enhancing
its ability to detect and block known malware variants. Signature-based detection relies on a database
of patterns or signatures that are known to be associated with malicious activity. By ensuring that the
IPS's signature database is up-to-date with the latest definitions, the organization can significantly
improve the system's effectiveness in identifying and preventing intrusions by known malware. This
approach directly addresses the issue identified during the audit by equipping the IPS with the
necessary information to recognize and block the specific malware variant that had previously
infiltrated the network. Implementing additional firewall rules, increasing logging levels, and deploying
dedicated antivirus solutions are valuable security measures but do not directly improve the IPS's
ability to detect and block known malware based on signatures. Therefore, updating the signature
database is the most direct and effective action to enhance the IPS's preventive capabilities against
known threats.

74. A cybersecurity analyst is hardening a company's network infrastructure and needs to restrict
access to a server that only requires SSH for management purposes. Which port should the analyst
ensure is open while blocking unnecessary ports?

A. Port 21 (FTP)

B. Port 22 (SSH)

C. Port 23 (Telnet)

D. Port 3389 (RDP)

Port 22, designated for SSH (Secure Shell), is the correct port to keep open while blocking unnecessary
ports when hardening a company's network infrastructure that requires only SSH for server
management. SSH provides a secure channel for remote server administration, offering encryption for
both commands and data. This ensures secure remote login, command execution, and file transfers,
protecting against eavesdropping, connection hijacking, and other network-level attacks. Port 21, used
for FTP (File Transfer Protocol), and Port 23, used for Telnet, both provide unencrypted communication
channels, making them unsuitable for secure management. Port 3389 is used for RDP (Remote Desktop
Protocol), which is a protocol for remote desktop connections but is not relevant to secure command-
line-based management provided by SSH. Therefore, keeping Port 22 open ensures secure and
encrypted remote administration of the server, aligning with best practices for network security and
server management.

https://certpreps.com/cc1/?login=success 45/61
5/20/24, 11:58 AM CC1 – CertPreps

75. An e-commerce company is overhauling its network security strategy to protect against evolving
cybersecurity threats. The company requires a NAC solution that not only secures access to its network
but also provides detailed analytics and reporting features to identify patterns and potential
vulnerabilities. What feature of NAC solutions should the company focus on to fulfill this requirement?

A. Scalability to accommodate future growth

B. Integration with third-party security information and event management (SIEM) systems for enhanced

analytics and reporting

C. Support for Bring Your Own Device (BYOD) policies

D. High availability configuration to ensure network uptime

Integration with third-party security information and event management (SIEM) systems for enhanced
analytics and reporting is the feature of Network Access Control (NAC) solutions that the e-commerce
company should focus on to fulfill its requirement for securing access to its network while also
obtaining detailed analytics and reporting capabilities. This integration enables the NAC solution to
feed detailed access control logs, security alerts, and compliance information into a SIEM system,
which can then analyze this data to identify patterns, unusual activities, and potential vulnerabilities
within the network. The combination of NAC's granular access control and continuous monitoring with
the SIEM's advanced analytics and reporting capabilities provides a powerful tool for understanding the
security posture of the network, enabling proactive threat detection and response. This approach is
superior to focusing solely on scalability (Option A), which addresses the capacity to grow but not the
analytical needs, or support for BYOD policies (Option C), which is important for access management
but does not address the analytics and reporting requirement. While high availability (Option D) is
crucial for maintaining network uptime, it does not contribute to the analytics and vulnerability
identification capabilities that the company seeks. Therefore, integration with SIEM systems stands out
as the most strategic feature to enhance the company's network security strategy with the necessary
analytics and reporting functionality.

76. A government agency is considering using a SaaS solution for document management and
collaboration. Given the sensitivity of the information handled, the agency is particularly concerned
about compliance with data protection regulations. Which feature of SaaS solutions should the agency
focus on to ensure regulatory compliance?

A. The ability to customize the user interface according to the agency's branding.

B. The SaaS provider's compliance with relevant data protection regulations and standards.

C. The range of collaboration features available in the SaaS solution.

D. The provider's policy on data ownership and portability.

https://certpreps.com/cc1/?login=success 46/61
5/20/24, 11:58 AM CC1 – CertPreps

The government agency should focus on the SaaS provider's compliance with relevant data protection
regulations and standards to ensure regulatory compliance. This feature is crucial for organizations,
especially government agencies, that handle sensitive information and are subject to strict data
protection and privacy regulations. By verifying that the SaaS provider adheres to applicable regulations
and standards (such as GDPR in Europe, HIPAA for health information in the United States, or other
national data protection laws), the agency can ensure that the document management and
collaboration solution will meet the necessary legal requirements for data security, privacy, and
protection. This focus on regulatory compliance provides assurance that the agency's use of the SaaS
solution will not result in legal or regulatory violations related to data handling. While the ability to
customize the user interface (Option A), the range of collaboration features (Option C), and the
provider's policy on data ownership and portability (Option D) are important aspects of a SaaS solution,
they do not directly address the critical need for compliance with data protection regulations as
comprehensively as verifying the provider's compliance does, making it the most critical feature for the
agency to focus on.

77. An online retail company is looking to implement a VPN to secure transactions between its website
and payment processing service. The company is concerned about potential eavesdropping on sensitive
customer data during transactions. What VPN feature is MOST critical for ensuring the confidentiality
and integrity of the transaction data?

A. Split tunneling

B. End-to-end encryption

C. Two-factor authentication

D. Dynamic IP addressing

End-to-end encryption is the most critical VPN feature for ensuring the confidentiality and integrity of
transaction data for an online retail company concerned about potential eavesdropping. End-to-end
encryption ensures that data sent from the company's website to the payment processing service is
encrypted from the point of origin to the point of destination, making it inaccessible and unreadable to
any unauthorized parties who might intercept the data in transit. This feature protects sensitive
customer information, such as credit card numbers and personal details, against interception and
unauthorized access, thereby maintaining the confidentiality and integrity of the data throughout the
transmission process. While split tunneling (Option A) allows for selective data routing and two-factor
authentication (Option C) adds an extra layer of security for user access, neither directly addresses the
encryption of data in transit between the website and the payment processor. Dynamic IP addressing
(Option D) can provide anonymity for the VPN connections but does not inherently secure the data
being transmitted. Therefore, end-to-end encryption is essential for the online retail company to
safeguard transaction data against eavesdropping and ensure a secure e-commerce environment.

78. A healthcare provider is implementing a new electronic health record (EHR) system and needs to
ensure that the system complies with health information privacy regulations. The IT security team is
tasked with developing a policy for the secure use and storage of patient data within the EHR system.

https://certpreps.com/cc1/?login=success 47/61
5/20/24, 11:58 AM CC1 – CertPreps

Which of the following should be the PRIMARY focus of the policy to ensure compliance with health
information privacy regulations?

A. Ensuring the physical security of servers hosting the EHR system.

B. Implementing strong encryption for data at rest and in transit.

C. Limiting access to patient data based on role-based access control (RBAC).

D. Conducting regular audits of access logs and system activity.

Limiting access to patient data based on role-based access control (RBAC) (Option C) should be the
primary focus of the policy to ensure compliance with health information privacy regulations. RBAC is a
method of restricting system access to authorized users based on their roles within the organization
and ensures that individuals can only access the information necessary to perform their duties. This
approach aligns with the principle of least privilege, a core tenet of information security and privacy
regulations, by minimizing the risk of unauthorized access and data breaches. It directly addresses the
requirement to safeguard patient information by controlling who can view and interact with sensitive
data, thereby supporting compliance with health information privacy regulations. While ensuring the
physical security of servers (Option A), implementing strong encryption (Option B), and conducting
regular audits (Option D) are critical security measures, they support the broader goal of data
protection. RBAC specifically targets the risk of unauthorized data access, making it the most relevant
and direct method for complying with privacy regulations in the context of EHR systems.

79. A multinational corporation plans to expand its operations into a new country with strict data
privacy laws. To align with these regulations and the company's privacy policy, what is the most critical
action to take before processing personal data from this new market?

A. Encrypting all personal data to ensure its security during storage and transmission.

B. Obtaining explicit consent from individuals before collecting and processing their personal data.

C. Implementing an opt-out mechanism for individuals who do not wish their data to be processed.

D. Limiting access to personal data to senior management only.

Obtaining explicit consent from individuals before collecting and processing their personal data is the
most critical action to align with strict data privacy laws and the company's privacy policy when
expanding operations into a new country. This approach ensures compliance with regulations that
require clear and informed consent for data processing activities, respecting individuals' privacy rights
and giving them control over their personal information. It addresses the foundational requirement of
many privacy frameworks, which is to acknowledge and respect the autonomy of data subjects by
seeking their permission before engaging in data processing activities. While encrypting personal data
(Option A) is crucial for protecting the data's confidentiality and integrity, and implementing an opt-out
mechanism (Option C) provides individuals with a choice regarding their data, these actions are
secondary to the fundamental requirement of obtaining consent. Limiting access to data (Option D) is
an important aspect of data governance but does not directly address the legal and ethical obligations

https://certpreps.com/cc1/?login=success 48/61
5/20/24, 11:58 AM CC1 – CertPreps

to obtain consent from individuals, making Option B the most critical and directly relevant action for
compliance and ethical data practices in a new market.

80. A global corporation requires all documents to be labeled with data classification levels to facilitate
proper handling and protection. An executive prepares a presentation for an upcoming board meeting
that includes sensitive merger and acquisition strategies. Under the corporation's data labeling policy,
how should this presentation be labeled?

A. Internal

B. Public

C. Confidential

D. Highly Confidential

The presentation prepared by the executive for the upcoming board meeting, which includes sensitive
merger and acquisition strategies, should be labeled as D) Highly Confidential. This classification is
most appropriate because the content pertains to highly sensitive corporate strategies that, if
disclosed, could significantly impact the corporation's financial health, competitive position, and
stakeholder trust. Highly Confidential is the highest level of data classification, typically reserved for
information that requires the strictest controls to prevent unauthorized access and distribution. This
level of classification ensures that such sensitive information is accessed only by individuals with a
critical need to know, such as board members in this case, and is protected by the highest security
measures, including encryption, access controls, and secure storage and transmission protocols.
Labeling the document accordingly communicates its sensitivity to all potential handlers, ensuring that
they treat it with the utmost care and in compliance with corporate data security policies. The other
options do not provide the necessary level of protection for information of this sensitivity and
importance.

81. A software company needs to ensure that code commits made by developers to its version control
system are attributable and non-repudiable. What mechanism should be implemented to meet this
requirement?

A. IP address logging of commit actions

B. Developer-specific SSH keys for access

C. Mandatory code review before commits

D. Digital signatures on commits

Implementing digital signatures on commits is the most effective mechanism to ensure that code
commits made by developers to a version control system are attributable and non-repudiable. This
approach requires developers to use their private keys to sign each commit, linking their identity to the
changes made in the code. The signature can then be verified using the corresponding public key,
https://certpreps.com/cc1/?login=success 49/61
5/20/24, 11:58 AM CC1 – CertPreps

ensuring the commit's integrity and origin. Unlike IP address logging of commit actions (Option A),
which can provide a record of who made a commit but is easily spoofed or does not tie directly to a
specific developer in shared environments, or Developer-specific SSH keys for access (Option B) which
authenticate access but do not sign or attest to the specific actions taken within the system, and
Mandatory code review before commits (Option C) which is a good practice for quality assurance but
does not provide cryptographic assurance of the commit's origin, digital signatures provide a
cryptographically secure method to verify the authenticity and integrity of code commits. This method
not only ensures that the identity of the committer is known and cannot be disputed but also
guarantees that the commit has not been altered after being signed, providing a strong foundation for
accountability and integrity in software development processes.

82. During a security audit, it was found that an organization's employee portal, which contains
sensitive employee data, was accessible with only a single factor of authentication. Which of the
following measures should the organization implement immediately to comply with best practices for
authentication?

A. Implement a single sign-on (SSO) system.

B. Enforce a complex password policy.

C. Implement hardware token-based 2FA.

D. Increase the session timeout duration.

Implementing hardware token-based two-factor authentication (2FA) is the most robust measure the
organization can take to immediately enhance the security of the employee portal containing sensitive
data. Hardware tokens provide a physical device that generates a unique, time-sensitive code as a
second factor of authentication, in addition to the username and password. This method significantly
enhances security by ensuring that even if a password is compromised, unauthorized access is still
prevented without the physical token. While single sign-on (SSO, Option A) improves user convenience
and can centralize authentication mechanisms, it does not inherently increase the security of the
authentication process without an additional layer of authentication. Enforcing a complex password
policy (Option B) is a good practice but falls short of providing the level of security that sensitive data
requires, as passwords can still be phished or guessed. Increasing the session timeout duration (Option
D) could actually reduce security by increasing the window of opportunity for unauthorized access if a
user's session is left unattended. Hardware token-based 2FA addresses the critical need for a stronger
authentication mechanism by adding a physical security layer that significantly mitigates the risk of
unauthorized access, aligning with best practices for securing access to sensitive information.

83. An employee receives a phone call from someone claiming to be from the IT department, asking for
their password to resolve a system issue. The employee hesitates but eventually provides the
information after the caller mentions the urgency of the situation and namedrops a high-ranking
company executive. This example best illustrates which social engineering technique?

A. Authority

https://certpreps.com/cc1/?login=success 50/61
5/20/24, 11:58 AM CC1 – CertPreps

B. Scarcity

C. Consistency

D. Liking

This example best illustrates the social engineering technique of "Authority." The caller, pretending to
be from the IT department, exploits the employee's inherent tendency to comply with requests from
those perceived to be in positions of power or authority, especially when the urgency of the situation is
emphasized and the names of high-ranking executives are mentioned to add credibility to the request.
This scenario underscores the effectiveness of authority as a psychological trigger in social engineering
attacks, demonstrating how attackers leverage human psychology to bypass logical reasoning and
security protocols. It highlights the importance of training employees to verify the identity of the
requester through independent means before disclosing sensitive information, regardless of the
perceived authority of the individual making the request.

84. A multinational corporation plans to ensure high availability for its global e-commerce platform,
especially during peak shopping seasons. The IT department proposes several strategies to manage the
anticipated load effectively. Which of the following strategies would best ensure the platform remains
available during peak times without compromising performance?

A. Implementing a content delivery network (CDN) to distribute the load globally.

B. Increasing the bandwidth of the company's primary data center.

C. Conducting penetration testing on the platform before the peak season.

D. Encrypting all data stored and transferred by the e-commerce platform.

Implementing a content delivery network (CDN) is the best strategy to ensure high availability for the
global e-commerce platform during peak shopping seasons. A CDN distributes the website's static and
dynamic content across a network of servers globally, allowing users to access the site from the server
closest to them. This reduces the load on any single server, minimizes latency, and improves user
experience, especially during times of high traffic. Increasing the bandwidth of the company's primary
data center (Option B) might improve performance but does not address the global distribution of
traffic, which can lead to bottlenecks. Conducting penetration testing (Option C) is crucial for security
but does not directly impact availability during peak times. Encrypting all data (Option D) enhances
security but does not directly contribute to handling increased traffic loads. The CDN's ability to offload
traffic to multiple servers, thus preventing any single point of failure and ensuring the platform's
responsiveness and availability to users worldwide, makes it the most effective strategy for maintaining
availability during peak shopping seasons.

85. During a security audit, it was discovered that a corporation's employee access to cloud storage
services did not require MFA, leading to a policy update. Which MFA integration would best ensure a
seamless user experience while maintaining high security for cloud storage access?

https://certpreps.com/cc1/?login=success 51/61
5/20/24, 11:58 AM CC1 – CertPreps

A. SMS-based authentication for each login.

B. Biometric verification using facial recognition.

C. Authentication through a mobile app with push notifications.

D. Email verification with unique links for every access.

Authentication through a mobile app with push notifications offers the best combination of seamless
user experience and high security for accessing cloud storage services. This method allows users to
receive and approve authentication requests directly on their smartphones, making the process both
quick and secure. Unlike SMS-based authentication (Option A), which can be intercepted or delayed,
and email verification with unique links (Option D), which may clutter the user's inbox and be
susceptible to phishing attacks, push notifications provide a direct and efficient way to verify identity.
Biometric verification using facial recognition (Option B) is secure but may not be as convenient for all
users, especially if they are using devices without facial recognition capabilities or if there are privacy
concerns. The mobile app approach minimizes friction in the authentication process by leveraging a
device most users already have and regularly use, ensuring that the added security measure of MFA
does not become a barrier to productivity but instead facilitates secure and hassle-free access to
critical cloud storage resources.

86. An online retailer has identified several risks to its e-commerce platform, including DDoS attacks,
data breaches, and payment fraud. With the upcoming holiday season expected to significantly increase
traffic and sales, the risk management team must decide which risk to address first. Which of the
following criteria should be the PRIMARY basis for their decision?

A. The technical complexity of implementing security measures against each risk.

B. The potential financial impact and likelihood of each risk occurring during the holiday season.

C. The amount of media attention each type of risk has received in the past year.

D. The preferences of the company's board of directors regarding which risk they perceive as most critical.

In the scenario of an online retailer facing multiple cybersecurity risks ahead of the holiday season, the
primary basis for deciding which risk to address first should be the potential financial impact and
likelihood of each risk occurring during this critical period. This approach aligns with the core
principles of risk management, which require risks to be evaluated and prioritized based on their
severity and the probability of their occurrence. By focusing on the financial impact, the risk
management team can identify which risks pose the greatest threat to the organization's revenue,
reputation, and customer trust, especially during the high-stakes holiday season when traffic and sales
volumes are at their peak. Additionally, considering the likelihood of each risk materializing allows the
team to prioritize risks that are not only potentially devastating but also more probable, ensuring that
resources are allocated efficiently to mitigate the most pressing and plausible threats. This method
provides a strategic, data-driven foundation for decision-making, ensuring that the organization's
efforts are concentrated on managing risks that could most significantly affect its operational and

https://certpreps.com/cc1/?login=success 52/61
5/20/24, 11:58 AM CC1 – CertPreps

financial performance. Relying on technical complexity, media attention, or board preferences without
assessing the financial impact and likelihood would not offer the objective criteria necessary for
effective risk prioritization.

87. A financial institution is revising its password policy to include defenses against social engineering
attacks. Which addition to the password policy would most effectively reduce the risk of employees
inadvertently sharing their passwords?

A. Implementing mandatory security awareness training that includes the risks associated with social

engineering and the importance of password secrecy.

B. Requiring passwords to contain a mix of alphabetic, numeric, and special characters without specifying

minimum length.

C. Introducing biometric authentication as an alternative to password-based logins for all employees.

D. Enforcing a no-password-sharing policy with disciplinary actions for violations.

Implementing mandatory security awareness training specifically targeting the risks associated with
social engineering and emphasizing the importance of password secrecy is the most direct and
effective strategy to reduce the risk of employees inadvertently sharing their passwords. This type of
training educates employees about the tactics used by attackers, such as phishing, pretexting, and
baiting, and reinforces the critical role that password secrecy plays in maintaining the security of
financial data. Awareness training empowers employees to recognize and resist social engineering
attempts, making it less likely that they will be manipulated into disclosing their passwords. While
requiring complex passwords (Option B) and introducing biometric authentication (Option C) can
enhance security, these measures do not address the human element of security and the specific risk
posed by social engineering. A no-password-sharing policy (Option D) establishes clear rules but is
most effective when employees understand the reasoning behind it and are equipped to recognize
attempts to circumvent it, underscoring the importance of comprehensive security awareness training.

88. A corporation is transitioning its data processing to a cloud service provider (CSP). The corporation
requires guaranteed uptime for its critical applications and seeks to understand how the CSP will
compensate for any failures to meet this guarantee. Which aspect of the cloud service-level agreement
(SLA) should the corporation scrutinize MOST closely?

A. Data Sovereignty and Location

B. Service Availability and Uptime Guarantees

C. Data Encryption and Security Measures

D. Customer Support Response Times

https://certpreps.com/cc1/?login=success 53/61
5/20/24, 11:58 AM CC1 – CertPreps

The corporation should scrutinize the Service Availability and Uptime Guarantees aspect of the cloud
service-level agreement (SLA) most closely. This section of the SLA is critical for understanding the
specific levels of service availability that the cloud service provider commits to, including the
guaranteed uptime for the corporation's critical applications. It will also detail the compensation or
remediation strategies the provider will employ if these service levels are not met, such as service
credits or other forms of compensation. This scrutiny is essential for the corporation to ensure that its
operational requirements for reliability and continuity are aligned with the CSP's commitments,
providing a clear basis for expectations and recourse in the event of service disruptions. While Data
Sovereignty and Location (Option A), Data Encryption and Security Measures (Option C), and Customer
Support Response Times (Option D) are important considerations in a cloud SLA, they do not directly
address the corporation's immediate need for guaranteed uptime and the mechanisms for
compensation if those guarantees are not fulfilled, making Service Availability and Uptime Guarantees
the most critical aspect to examine in this context.

89. A cloud service provider aims to enhance its disaster recovery plan to minimize data loss and ensure
rapid service restoration in the event of a catastrophic failure. Which of the following redundancy
strategies would MOST effectively guarantee data integrity and quick recovery times for its clients?

A. Implementing regular data backups to an off-site location.

B. Setting up automatic failover to a secondary data center in a different geographical region.

C. Increasing the frequency of data replication between primary and secondary storage systems.

D. Deploying a multi-cloud strategy to distribute services and data across different cloud providers.

Setting up automatic failover to a secondary data center in a different geographical region is the most
effective redundancy strategy to guarantee data integrity and quick recovery times for cloud service
provider clients in the event of a catastrophic failure. Automatic failover involves the instant rerouting
of traffic to a secondary, geographically diverse data center when the primary data center fails,
ensuring minimal service interruption and data loss. This geographic redundancy protects against
region-specific disasters such as natural disasters, power outages, or political instability, offering a
robust level of protection that localized backups or replication strategies cannot match. While regular
data backups to an off-site location (Option A) and increasing the frequency of data replication (Option
C) are important for data integrity, they may not provide the immediate accessibility required for rapid
service restoration. A multi-cloud strategy (Option D) can enhance resilience and reduce dependency
on a single cloud provider but involves complex management and may not specifically address disaster
recovery requirements. Therefore, automatic failover to a secondary data center stands out as the most
directly impactful measure for maintaining continuous operations and safeguarding client data.

90. During an annual security audit, an auditor examines an organization's security awareness training
records and discovers that the training content has not been updated in over two years. Considering
the rapidly evolving nature of cyber threats, what is the most likely impact of this finding on the
organization's cybersecurity resilience?

A. Increased effectiveness of the organization's incident response plan.

https://certpreps.com/cc1/?login=success 54/61
5/20/24, 11:58 AM CC1 – CertPreps

B. Decreased ability of employees to recognize new or sophisticated cyber threats.

C. Enhanced employee confidence in handling legacy cyber threats.

D. No impact, as cybersecurity principles remain constant over time.

The lack of updates to the security awareness training content in over two years is likely to lead to a
decreased ability of employees to recognize new or sophisticated cyber threats. Cybersecurity threats
evolve rapidly, with attackers constantly devising new techniques and tactics to exploit vulnerabilities.
When security awareness training does not keep pace with these developments, employees are left
unaware of the latest threats and how to defend against them. This scenario underlines the critical
importance of regularly updating training content to include information on the latest threats and
security best practices. By failing to do so, the organization risks having a workforce that is ill-prepared
to identify and respond to modern cyber threats, thereby weakening its cybersecurity resilience.

91. An organization's data center is located in a region known for its high humidity levels, which can
lead to corrosion of electronic components and potential hardware failures. To mitigate the risk of
humidity-related damage and ensure the longevity and reliability of the data center's operations, which
of the following environmental controls should be implemented?

A. Install dehumidifiers throughout the data center to maintain optimal humidity levels.

B. Increase the temperature within the data center to reduce relative humidity.

C. Place silica gel packets inside server racks to absorb excess moisture.

D. Implement a water-cooled cooling system to manage the data center's temperature and humidity.

Installing dehumidifiers throughout the data center to maintain optimal humidity levels is the most
direct and effective environmental control measure to mitigate the risk of humidity-related damage.
Dehumidifiers work by removing moisture from the air, thus preventing the condensation that can lead
to corrosion of electronic components and hardware failures. Maintaining the humidity levels within
the recommended range (ideally between 40% and 60% relative humidity) is crucial for preserving the
integrity of sensitive electronic equipment and ensuring reliable data center operations. Increasing the
temperature within the data center (Option B) might temporarily lower relative humidity but could also
lead to overheating of equipment, thereby creating additional risks. Using silica gel packets (Option C)
can absorb moisture but is not a scalable or efficient solution for the environmental control needs of an
entire data center. While water-cooled cooling systems (Option D) can effectively manage temperature,
their primary function is not to control humidity levels directly, and depending on the design, they may
introduce additional humidity into the environment. Therefore, the use of dehumidifiers is the most
appropriate solution for addressing the specific challenge of high humidity levels in data center
environments.

92. An organization's security policy mandates that all software patches must be tested before
deployment. However, a critical security patch has been released to address a vulnerability that is being

https://certpreps.com/cc1/?login=success 55/61
5/20/24, 11:58 AM CC1 – CertPreps

actively exploited in the wild. What is the MOST appropriate action to take in this scenario?

A. Wait for the scheduled monthly patch cycle to test and apply the patch.

B. Apply the patch immediately to all systems without testing, to mitigate the vulnerability.

C. Isolate vulnerable systems and apply the patch to a test environment before wider deployment.

D. Disable the affected software until the patch can be tested during the next maintenance window.

Isolating vulnerable systems and applying the patch to a test environment before wider deployment is
the most balanced and appropriate action in this scenario. This approach allows the organization to
rapidly address the critical vulnerability while adhering to its policy of testing patches before
deployment. By isolating the affected systems, the organization minimizes the risk of exploitation in the
period before the patch can be fully deployed. Testing the patch in a controlled environment ensures
that it does not introduce new issues or incompatibilities that could impact business operations. Once
the patch is verified for stability and effectiveness, it can then be rolled out across the organization's
systems, ensuring security without compromising operational integrity. This method strikes a balance
between the urgency of patching a critical, actively exploited vulnerability and the prudence of
maintaining system stability and reliability, thus mitigating the risk without introducing new problems.

93. A financial institution implements a badge system for access control to its data centers. Shortly
after deployment, an audit reveals that several badges have been cloned, leading to unauthorized
access. Which of the following security measures, if implemented, would MOST effectively mitigate the
risk of badge cloning?

A. Implementing a visual identity verification at each entry point.

B. Integrating biometric authentication with the badge system.

C. Requiring periodic badge revalidation.

D. Increasing the complexity of the badge encryption algorithm.

The correct answer is B) Integrating biometric authentication with the badge system. This measure
introduces a second factor of authentication that cannot be easily cloned or duplicated, such as a
fingerprint or iris scan, thereby significantly enhancing the security of the access control system. While
implementing a visual identity verification (A) and requiring periodic badge revalidation (C) are useful
security measures, they do not directly address the issue of badge cloning with the same level of
effectiveness as biometric authentication. Increasing the complexity of the badge encryption algorithm
(D) may make cloning more difficult but does not eliminate the risk, as encrypted data can still be
copied. Biometric authentication ensures that even if a badge is cloned, unauthorized individuals
cannot gain access without the corresponding biometric verification, thereby providing a robust
solution to the cloning problem.

https://certpreps.com/cc1/?login=success 56/61
5/20/24, 11:58 AM CC1 – CertPreps

94. While monitoring network traffic, a security analyst discovers that all DNS queries from the
company's computers are being redirected to an unauthorized server, which then returns false IP
addresses, leading users to malicious websites. What type of MITM attack is occurring, and which
security measure would BEST mitigate this risk?

A. DNS spoofing; Implement DNS over HTTPS (DoH)

B. ARP spoofing; Use dynamic ARP inspection

C. Session hijacking; Employ secure cookie attributes

D. SSL stripping; Force HTTPS on all pages

This scenario describes DNS spoofing, also known as DNS cache poisoning, where an attacker redirects
queries to a fraudulent DNS server, subsequently leading users to malicious websites by returning false
IP addresses. This type of Man-in-the-Middle (MITM) attack compromises the integrity of domain
name resolution, tricking users into believing they are visiting legitimate sites. The BEST security
measure to mitigate this risk is to implement DNS over HTTPS (DoH). DoH encrypts DNS queries,
preventing attackers from intercepting and manipulating these queries or responses. By securing the
communication between the client and the DNS resolver, DoH ensures that DNS requests are not only
confidential but also authenticated, greatly reducing the risk of DNS spoofing attacks. ARP spoofing,
session hijacking, and SSL stripping are different types of attacks that exploit vulnerabilities in network
communication protocols, each requiring its specific mitigation strategy, such as dynamic ARP
inspection for ARP spoofing, secure cookie attributes for protecting against session hijacking, and
enforcing HTTPS to prevent SSL stripping.

95. A financial institution is reviewing its cybersecurity posture due to recent increases in cyber threats
targeting the banking sector. The institution has implemented several security measures but wants to
ensure that its risk management process is comprehensive. Which of the following actions is MOST
critical in enhancing the institution's risk management process?

A. Increasing the cybersecurity budget to purchase new security tools.

B. Conducting a thorough risk assessment to identify and analyze potential threats and vulnerabilities.

C. Hiring additional cybersecurity personnel to monitor the network 24/7.

D. Implementing mandatory cybersecurity awareness training for all employees.

Conducting a thorough risk assessment is foundational to a comprehensive risk management process,

especially for a financial institution facing increased cyber threats. This step is critical because it
directly informs the decision-makers about the specific threats and vulnerabilities the institution faces,
allowing for targeted and efficient allocation of resources. A risk assessment helps in identifying what
assets are most valuable and at risk, what the potential threats to those assets are, and the
vulnerabilities that could be exploited by those threats. This understanding is essential for prioritizing
https://certpreps.com/cc1/?login=success 57/61
5/20/24, 11:58 AM CC1 – CertPreps

and implementing the most effective risk mitigation strategies. While increasing the cybersecurity
budget, hiring additional personnel, and implementing cybersecurity training are valuable actions, they
must be guided by the insights gained from a risk assessment to ensure they address the most critical
risks identified. This approach ensures that resources are not just thrown at the problem in a
scattergun fashion but are used strategically to bolster the institution's defenses against the most
probable and impactful cyber threats.

96. For a financial institution implementing a new online banking platform, ensuring the security of
transaction data and customer information is critical. The institution's network infrastructure must be
designed to isolate the online banking system from other non-essential systems. Which network design
principle will most effectively isolate the online banking system?

A. Deploying a perimeter-based security model focusing on strengthening the external network boundary.

B. Utilizing VLANs to separate the online banking system from other corporate network traffic.

C. Implementing micro-segmentation to create secure zones around the online banking system, regardless

of its physical or logical location in the network.

D. Establishing a dedicated physical network for the online banking system, separate from the institution's

general network infrastructure.

Implementing micro-segmentation to create secure zones around the online banking system,
regardless of its physical or logical location in the network, is the most effective network design
principle for isolating the online banking system from other non-essential systems. Micro-
segmentation provides the ability to apply strict security controls and policies at a very granular level,
isolating specific workloads, applications, or environments within the network. This approach ensures
that the online banking platform is safeguarded in its own secure zone, with controlled access that
limits potential exposure to threats from other parts of the network. Unlike a perimeter-based security
model (Option A), which focuses on external threats and may not adequately protect against internal
threats or lateral movement within the network, or utilizing VLANs (Option B), which offers some level
of segmentation but not the granularity or flexibility of micro-segmentation, and establishing a
dedicated physical network (Option D), which can be costly and inflexible, micro-segmentation
provides a dynamic and scalable solution that can adapt to the changing needs and architecture of the
financial institution's network. This makes micro-segmentation the ideal choice for securing sensitive
transaction data and customer information on the online banking platform.

97. A developer is implementing a system that uses hashing to ensure the integrity of log files. The
system must detect any unauthorized changes to the log files. Which of the following techniques should
the developer use to enhance the security of the hashing solution?

A. Use a fast hashing algorithm to ensure quick computations of log file hashes.

B. Implement hash chaining, where each log entry hash includes the hash of the previous entry.

https://certpreps.com/cc1/?login=success 58/61
5/20/24, 11:58 AM CC1 – CertPreps

C. Store all hashes in a single, centralized database for easy access and comparison.

D. Encrypt log files with a public key to prevent unauthorized access.

To enhance the security of the hashing solution used for ensuring the integrity of log files, the
developer should B) implement hash chaining, where each log entry hash includes the hash of the
previous entry. This technique adds a layer of security by linking each log entry to its predecessor,
making it significantly more difficult for an attacker to alter any part of the log without being detected.
If an entry is tampered with, the discrepancy will propagate through the hash chain, alerting to the
alteration. This method leverages the property of hash functions, where a slight change in the input
results in a substantially different output, to secure the integrity of sequentially recorded data. Option A
is less desirable because speed, while important for performance, does not directly contribute to
security and can, in fact, make brute-force attacks easier. Option C could introduce a single point of
failure if the database is compromised. Option D focuses on confidentiality rather than integrity and
does not address the challenge of detecting unauthorized modifications to log files.

98. A government agency has implemented Mandatory Access Control (MAC) for its document
management system to protect sensitive information. An employee with a "Confidential" clearance level
attempts to access a document classified as "Top Secret". What will be the result of this attempt under a
MAC system?

A. The employee will be granted access after a mandatory access review process.

B. Access will be automatically granted, but the action will be logged for audit purposes.

C. The employee's access request will be denied due to the clearance level mismatch.

D. The system will prompt the employee to request a temporary clearance upgrade.

Under a Mandatory Access Control (MAC) system, access decisions are based on predefined security
labels assigned to both users and data objects (e.g., documents), which must match or align for access
to be granted. In this scenario, because the employee has a "Confidential" clearance level, which is
lower than the "Top Secret" classification of the document, the system will deny the employee's access
request due to the clearance level mismatch (C). MAC systems enforce strict access controls that
cannot be overridden by user requests or automatic logging procedures, ensuring that individuals can
only access information for which they have the appropriate level of clearance. This mechanism is
designed to protect sensitive information from unauthorized access, maintaining the integrity and
confidentiality of classified data. Unlike discretionary access control systems, MAC does not allow for
access discretion to be exercised by the data owner or subject to review processes (A) or temporary
clearance upgrades (D). The access control decision is strictly enforced based on the predefined
security policy, which includes the clearance levels and classifications established by the organization.

99. An organization's security team detects an unusual increase in network traffic and processor usage
on several workstations. Further investigation reveals that these workstations are executing unknown

https://certpreps.com/cc1/?login=success 59/61
5/20/24, 11:58 AM CC1 – CertPreps

processes that are generating external network connections and replicating across the network. What
type of virus is MOST likely responsible for these symptoms?

A. Boot sector virus

B. Macro virus

C. Polymorphic virus

D. Worm

The scenario describes a situation where unknown processes are not only generating external network
connections but are also replicating across the network, a behavior characteristic of a polymorphic
virus. Polymorphic viruses are capable of altering their code as they propagate, making them difficult to
detect by traditional antivirus software that relies on signature-based detection. This ability to change
their appearance helps them evade detection and allows for widespread distribution across a network.
Unlike boot sector viruses, which infect the Master Boot Record of storage devices, or macro viruses,
which target documents and applications with macro capabilities, polymorphic viruses specifically
exploit their mutating code to spread. Worms, while similar in their network spreading capabilities, do
not typically alter their code to evade detection, making the polymorphic virus the most likely culprit
given the described symptoms of replication and evasion.

100. During a routine audit of physical access logs for a highly sensitive research facility, an auditor
discovers an unusually high number of access denials at a particular entry point over the weekend.
What is the MOST likely reason for investigating this anomaly further?

A. To review the effectiveness of the current access control policies.

B. To identify potential tailgating or piggybacking incidents.

C. To check for malfunctioning access control hardware.

D. To assess the need for additional access points to reduce traffic.

Investigating an unusually high number of access denials at a specific entry point, especially over a
period of low activity like the weekend, is crucial primarily to identify potential tailgating or
piggybacking incidents. Tailgating or piggybacking refers to unauthorized individuals gaining entry to a
secured area by following closely behind authorized personnel without being detected. This scenario is
indicative of a security vulnerability that could be exploited by malicious actors to gain physical access
to sensitive or restricted areas within the facility. Such incidents not only pose a direct threat to the
security of the facility and its assets but also highlight possible lapses in security awareness and
protocol adherence among authorized personnel. While reviewing the effectiveness of current access
control policies (A) and checking for malfunctioning access control hardware (C) are important
considerations, they address broader operational aspects and do not directly respond to the immediate
security concern highlighted by the anomaly. Assessing the need for additional access points (D) might
improve traffic flow but does not address the potential security breach scenario indicated by the high
number of access denials. Therefore, identifying tailgating or piggybacking incidents directly addresses

https://certpreps.com/cc1/?login=success 60/61
5/20/24, 11:58 AM CC1 – CertPreps

the security risk presented by the anomaly and is crucial for taking corrective actions to enhance the
facility's physical security posture.

Reach Us
Wishlist
Is there a certification
The CertPreps Team practice you would love to

[email protected]
see here? Drop it in the
Wishlist!

15,090 Members Enter a certification practi

0 of 20 max characters.

Wish it!

© 2024 CertPreps | All Rights Reserved | We do not provide exam dumps and fully discourage the use of such.

https://certpreps.com/cc1/?login=success 61/61