Module 2: Protect Organizational Assets

Q: Which of the following examples are categories of security controls? Select three answers.

• Compliance
• Operational 
• Technical 
• Managerial 

Explanation: Controls that use technology and processes to secure systems and data, such as firewalls, encryption, and intrusion detection systems, are examples of such controls. Controls include the implementation of processes and practices to protect systems and data, such as security awareness training, incident response protocols, and access control rules. Controls that include governance and management supervision of security operations, such as risk assessments, security policies, and security audits, are examples of governance and management controls.

Q: A paid subscriber of a news website has access to exclusive content. As a data owner, what should the subscriber be authorized to do with their account? Select three answers.

• Review their username and password 
• Update their payment details 
• Stop their subscription 
• Edit articles on the website

Explanation: It should be possible for subscribers to access and manage their login credentials without any difficulty. Subscribers must have the opportunity to modify their payment information to keep their membership from expiring. If they so want, subscribers need to be able to decide whether or not to cancel or end their subscription plans.

Q: What do symmetric encryption algorithms use to encrypt and decrypt information?

• A single secret key 
• A hash value
• A public and private key pair
• A digital certificate

Explanation: When encrypting and decrypting information, symmetric encryption techniques only need a single secret key to perform both functions. The parties involved in the communication must maintain strict confidentiality about this key to guarantee the safety of the encrypted data.

Q: A security analyst is investigating a critical system file that may have been tampered with. How might the analyst verify the integrity of the system file?

• By brute forcing the system file using a rainbow table.
• By comparing the system files hash value to a known, trusted hash value. 
• By decrypting the system files secret key using Advanced Encryption Standard (AES).
• By opening the system file in word processing application and checking its version history.

Explanation: Based on the contents of a file, a hash function generates a one-of-a-kind hash value, which is a string of characters of a certain length. The hash value of the file may stay unchanged if it has not been modified. If the analyst compares the hash value of the file under investigation to a known and trustworthy hash value (which is often received from a secure source or during the initial configuration of the system), they will be able to establish whether or not the file has been altered from its original state.

Q: Which of the following steps are part of the public key infrastructure process? Select two answers.

• Establish trust using digital certificates 
• Transfer hash digests
• Exchange of public and private keys
• Exchange of encrypted information 

Explanation: A public key infrastructure (PKI) system makes use of digital certificates to validate the validity of public keys that belong to entities (such as persons, servers, or devices). The generation of public and private key pairs, as well as their safe exchange between communicating parties, is necessary to allow the encryption and decryption of data.

Q: What factors do authentication systems use to verify a user’s identity? Select three answers.

• Ownership 
• Accounting
• Characteristic 
• Knowledge 

Explanation: This refers to anything that the user holds, such as a physical token or a mobile device that produces one-time passwords. Examples of such things include a mobile device.It is anything that the user is aware of, such as a password, a personal identification number (PIN), or the answers to security questions. When we talk about anything intrinsic to the user, we are referring to things like biometric data (such as fingerprints, iris scans, and so on) or behavioral patterns (such as typing speed and mouse movements).

Q: A business has one person who receives money from customers at the register. At the end of the day, another person counts that money that was received against the items sold and deposits it. Which security principles are being implemented into business operations? Select two answers.

• Least privilege 
• Separation of duties 
• Single sign-on
• Multi-factor authentication

Explanation: In order to prevent any one person from having entire control over a process, this concept guarantees that key activities are distributed across many distinct persons from varied backgrounds. In this scenario, one individual is responsible for collecting money from consumers, while another individual is in charge of counting and depositing the money. This reduces the likelihood of mistakes or fraudulent actions occurring. According to this idea, people should only have access to the amount of information that is required for them to carry out the duties associated with their jobs. Although it is not specifically specified in the scenario, the division of duties is intrinsically congruent with the principle of least privilege since it restricts the range of obligations that each person is responsible for to certain activities.

Q: What is the purpose of security controls?

• Encrypt information for privacy
• Create policies and procedures
• Establish incident response systems
• Reduce specific security risks 

Explanation: Reducing certain security threats is the objective of the security measures that are in place. The concept of security controls refers to the implementation of procedures or safeguards to mitigate, discourage, or counteract security threats that may have an impact on an organization's assets, activities, or persons.

Q: A large hotel chain collects customer email addresses as part of a national sweepstakes. As data custodians, what are the hotel chain’s responsibilities to protect this information? Select three answers.

• To safely handle the data when it’s accessed 
• To securely transport the data over networks 
• To protect the data while in storage 
• To edit the data when necessary

Explanation: In order to prevent unwanted access to the data, it is necessary to make certain that appropriate access controls and authentication measures are in place. Encryption and secure communication protocols, such as HTTPS and VPN, should be used throughout the transmission of the data to prevent it from being intercepted. The implementation of robust encryption and access restrictions to protect the data from being accessed, modified, or deleted without authorization would be beneficial.

Q: You send an email to a friend. The service provider of your inbox encrypts all messages that you send. What happens to the information in your email when it’s encrypted?

• It’s converted from plaintext to ciphertext. 
• It’s converted from ciphertext to plaintext.
• It’s converted from Caesar’s cipher to plaintext.
• It’s converted from a hash value to ciphertext.

Explanation: All of the information included in your outgoing email messages is transformed from plaintext, which is a form that can be read by humans, to ciphertext, which is an encrypted form, when your email service provider encrypts your messages. Encryption is a process that involves the use of algorithms and keys to convert the initial communication into a format that is unintelligible without the associated decryption key.

Q: Fill in the blank: A _____ is used to prove the identity of users, companies, and networks in public key infrastructure.

• digital signature
• access token
• access key
• digital certificate 

Explanation: In the context of public key infrastructure (PKI), the employment of a digital certificate serves the purpose of establishing the identification of individuals, corporations, and networks. The Certificate Authority (CA) is a trusted third party that is responsible for issuing the certificate. It is a document that provides information on the entity that it identifies, which might be a person, an organization, or a device.

Q: What is an advantage of using single sign-on (SSO) systems to authenticate users?

• It prevents credential stuffing attacks.
• Users lose access to multiple platforms when the system is down.
• It makes the login process faster. 
• Users must set multiple passwords.

Explanation: Single sign-on (SSO) systems are advantageous for authenticating users since they speed up the login process. This is one of the advantages of adopting SSO systems. When users utilize single sign-on (SSO), they only need to log in once to have access to numerous apps or services, eliminating the need for them to continually input their credentials. A reduction in the number of login prompts and a simplification of access management are two ways in which this enhances the user experience.

Q: What types of user information does an API token contain? Select two answers.

• A user’s site permissions 
• A user’s identity 
• A user’s secret key
• A user’s password

Explanation: Generally speaking, API tokens do not include a user's secret key or password in their contents. In their place, they function as a safe method of authenticating and authorizing API queries without revealing critical information such as passwords or secret keys.

Q: A customer of an online retailer has complained that their account contains an unauthorized purchase. You investigate the incident by reviewing the retailer’s access logs. Which component of the user’s session that you might review?

• Session certificate
• Session algorithm
• Session API key
• Session cookie 

Explanation: During an investigation into a situation in which a customer's account on the website of an online retailer displays an unlawful purchase, you may examine the component known as the session cookie. By safely storing session information on the client side (in the browser of the user), websites make use of session cookies. In most cases, they include a one-of-a-kind identification that enables the server to link the actions and requests made by the user to the particular session that they are now participating in.

Q: Which functions would fall under the category of operational security controls? Select two answers.

• Establishing trust using digital certificates
• Providing security awareness training 
• Exchanging encrypted information
• Responding to an incident alert

Explanation: The purpose of this is to increase the level of knowledge and alertness of workers and users by teaching them security rules, best practices, and possible dangers. This includes the systems and procedures that are for discovering, assessing, and reacting to security events or alerts as they occur in real-time.

Q: An employee reports that they cannot log into the payroll system with their access credentials. The employee does not recall changing their username or password. As a security analyst, you are asked to review access logs to investigate whether a breach occurred. What information are you able to review as a data custodian in this situation? Select two answers.

• The IP address of the computer used to log in 
• Any coworkers’ contact information
• Any payroll access credentials the user has stored on the server
• The time the user signed in and out 

Explanation: It is common for access logs to contain the IP address from which the login attempt originated. This information may be useful in gaining insight into the location or network from which the login happened. With the use of access logs, which record timestamps of login attempts and sessions, it is possible to ascertain when the problem happened and whether or not there were any strange patterns or anomalies.

Q: How is hashing primarily used by security professionals?

• To store data in the cloud
• To make data quickly available
• To decrypt sensitive data
• To determine data integrity 

Explanation: Based on the data that is supplied, hash functions produce a hash value (hash digest) that is one of a kind and of a defined size. The generated hash value will undergo extensive transformations if the input data undergoes even a modest modification. To determine whether or not the data has been changed or tampered with, security experts may verify this by comparing the hash value of the data at various periods in time (for example, before and after transmission or storage). This method guarantees the integrity of the data, which means that the data has not been altered or distorted in any way, whether purposefully or inadvertently on purpose.

Q: What is a disadvantage of using single sign-on (SSO) technology for user authentication?

• Employees are more vulnerable to attack.
• Customers receive an improved user experience.
• Username and password management is streamlined.
• Stolen credentials can give attackers access to multiple resources. 

Explanation: Because single sign-on (SSO) enables users to access various apps or services with a single set of credentials (username and password or other authentication methods), if these credentials are compromised via phishing, social engineering, or any other means, then attackers will have access to all resources that are tied to the SSO. A theft of credentials will have a greater effect and possible harm as a result of this.

Q: A shipping company imports and exports materials around the world. Their business operations include purchasing goods from suppliers, receiving shipments, and distributing goods to retailers. How should the shipping company protect their assets under the principle of separation of duties? Select two answers.

• Have one employee approve purchase orders 
• Have one employee file purchase orders 
• Have one employee receive shipments and distribute goods
• Have one employee select goods and submit payments

Explanation: Ensuring that the approval procedure for acquiring items is different from the process of starting or requesting the purchase, helps to reduce the likelihood of illegal purchases, which is a significant benefit. To maintain accountability and decrease the likelihood of mistakes or abuse occurring during these crucial periods of operation, it is important to separate the activities of receiving shipments and distributing items.

Q: What is the practice of monitoring the access logs of a system?

• Authorization
• Accounting 
• Authentication
• Auditing

Explanation: When conducting an audit, it is necessary to examine and examine logs, records, and other data sources to keep track of actions and events that occur inside a system. It is possible to detect unwanted access attempts, identify security incidents, and ensure compliance with security rules and laws by using access logs, which offer a record of who accessed the system when they did so, and from where they did so.