Created by - Mary Smith
AWS ANS-C00 Certified Advanced Networking Practice Questions 2023 - Part 16
Questions 1. Your production team had earlier created a VPC with the CIDR block of 192.168.0.0./i 6. Instances were launched in the VPC. Now there is a decision to ensure the instances have an address space for 10.0.0.0/16. How can this be achieved?A) Launch a NAT Instance. Ensure that the instance performs Network address translation onto the CIDR range of 10.0.0.0/16B) Change the address block of the VPC from 192.168.0.0.116 to 10.0.0.0/1 6. All of the instances will now use the new address space.C) Create a new VPC with the address block of 10.0.0.0/16. Migrate all of the instances to the new VPC.D) Add a new address space to the VPC. Then ensure that the instances use the new address space2. Your company needs to create its own VPN based EC2 Instances. These Instances will allow 2 VPC?s in different regions to talk to each other. You?ve created one VPN Instance In one subnet in one VPC and another Instance in another subnet in another VPC. You are establishing the communication via Internet gateway. What extra consideration should be in place in such a configuration?A) Placing a NAT Instance in front of both of the VPN connectionsB) Placing a Virtual private gateway as the termination endpointC) Having multiple VPN Instances for high availabilityD) Using a Private hosted zone in Route 533. You have created a VPC Endpoint for your private subnet to S3. The default endpoint policy is in place. You are trying to access a bucket, but you?re getting an access denied error. What must be done. Please select:A) Add the VPC endpoint to the Endpoint policy to allow access to the S3 bucketB) Add the VPC endpoint to the Bucket ACLC) Add the VPC Endpoint to the S3 bucket policyD) Add the VPC to the 53 bucket policy4. You have created an Application Load Balancer. You need to point your domain names of www.example.com and example.com to the Application Load Balancer. Your Hosted zone is example.com. How can you achieve this?A) Create one CNAME record for the ELB to www.example.com. And then create another PTR record to the E to example.comB) Create an ALIAS record for the ELB and point it to example.com. Create a PTR record for www.example.cc and point it to exam ple.comC) Create one CNAME record for the ELB to www.example.com. And then create another CNAME record to the ELB to example.comD) Create an Alias record for example.com and point it to the ELB as the target. Create a CNAME record for www.example.com and point it to example.com5. You are planning on creating a fault tolerant EC2 Instance by creating a secondary network interface and a backup EC2 Instance. Which of the following is a requirement to ensure the switch over can be done Qu successfully? Choose 2 answers from the options given below ?(Select 2answers)A) The instance must reside in a different Availability ZoneB) The network interface must reside in the same Availability Zone ShC) The network Interface must reside In a different Availability ZoneD) The instance must reside in the same Availability Zone Right Answer and Explanation: 1. Right Answer: BExplanation: 2. Right Answer: CExplanation: 3. Right Answer: CExplanation: 4. Right Answer: DExplanation: 5. Right Answer: B,DExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
AWS Certified Cloud Practitioner Certification - Part 33
Questions 1. Which managed AWS service provides real-time guidance on AWS security best practices?A) A. AWS X-Ray B) B. AWS Trusted AdvisorC) C. Amazon CloudWatchD) D. AWS Systems Manager2. Which feature adds elasticity to Amazon EC2 instances to handle the changing demand for workloads?A) A. Resource groups B) B. Lifecycle policiesC) C. Application Load BalancerD) D. Amazon EC2 Auto Scaling3. Under the AWS shared responsibility model, customers are responsible for which aspects of security in the cloud? (Choose two.)(Select 2answers)A) A. Virtualization Management B) B. Hardware managementC) C. Encryption managementD) D. Facilities managementE) E. Firewall management4. Which AWS hybrid storage service enables your on-premises applications to seamlessly use AWS Cloud storage through standard file-storage protocols?A) A. AWS Direct ConnectB) B. AWS SnowballC) C. AWS Storage GatewayD) D. AWS Snowball Edge5. What is a responsibility of AWS in the shared responsibility model?A) A. Updating the network ACLs to block traffic to vulnerable ports. B) B. Patching operating systems running on Amazon EC2 instances.C) C. Updating the firmware on the underlying EC2 hosts.D) D. Updating the security group rules to block traffic to the vulnerable ports. Right Answer and Explanation: 1. Right Answer: BExplanation: AWS offers premium services such as AWS Trusted Advisor, which provides real-time guidance to help you reduce cost, increase performance, and improve security.https://www.ibm.com/downloads/cas/2N40X4PQ2. Right Answer: DExplanation: Support for monitoring the health of each service independently, as health checks are defined at the target group level and many CloudWatch metrics are reported at the target group level. Attaching a target group to an Auto Scaling group enables you to scale each service dynamically based on demand.https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html3. Right Answer: C,EExplanation: With the basic Cloud infrastructure secured and maintained by AWS, the responsibility for what goes into the cloud falls on you. This covers both client and server side encryption and network traffic protection, security of the operating system, network, and firewall configuration, followed by application security and identity and access management. Firewall configuration remains the responsibility of the end user, which integrates at the platform and application management level. For example, RDS utilizes security groups, which you would be responsible for configuring and implementing.https://cloudacademy.com/blog/aws-shared-responsibility-model-security/4. Right Answer: CExplanation: The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS Cloud. It seamlessly integrates on-premises enterprise applications and workflows with Amazon's block and object cloud storage services through industry standard storage protocols. It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. It provides an optimized data transfer mechanism and bandwidth management, which tolerates unreliable networks and minimizes the amount of data being transferred. It brings the security, manageability, durability, and scalability of AWS to existing enterprise environments through native integration with AWS encryption, identity management, monitoring, and storage services. Typical use cases include backup and archiving, disaster recovery, moving data to S3 for in-cloud workloads, and tiered storage.https://aws.amazon.com/storagegateway/faqs/5. Right Answer: CExplanation: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/ .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
AWS Certified Security - Specialty - Part 36
Questions 1. You working in the media industry and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to be able to function. Where should you store your API credentials whilst maintaining the maximum level of security?A) Save your API credentials in a public Github repository.B) Save the API credentials to your PHP files.C) Pass API credentials to the instance using instance userdata. (Incorrect)D) Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it.2. You have a set of Keys defined using the AWS(Amazon Web Service) KMS service. You want to stop using a couple of keys , but are not sure of which services are currently using the keys. Which of the following would be a safe option to stop using the keys from further usage.A) Change the key material for the key (Incorrect)B) Set an alias for the keyC) Delete the keys since anyway there is a 7 day waiting period before deletionD) Disable the keys3. Your company has defined privileged users for their AWS(Amazon Web Service) Account. These users are administrators for key resources defined in tle company. There is now a mandate to enhance the security authentication for these users, How can this be accomplished? Please select:A) Enable accidental deletion for these user accountsB) Enable MEA for these user accountsC) Disable root access for the usersD) Enable version Ing for these user accounts4. A company hosts a critical web application on the AWS(Amazon Web Service) Cloud. This is a key revenue generating application for the company. The IT Security team is worried about potential DDos attacks against the web site. The senior management has also specified that immediate action needs to be taken in case of a potential DDos attack. What should be done in this regard?A) Consider using Cloudwatch logs to monitor traffic for DDos attack and quickly take actions on a trigger of a potential attack. (Incorrect)B) Consider using the AWS(Amazon Web Service) Shield ServiceC) Consider using the AWS(Amazon Web Service) Shield Advanced ServiceD) Consider using VPC Flow logs to monitor traffic for DDos attack and quickly take actions on a trigger of a potential attack.5. Your company has an EC2 Instance that is hosted in an AWS(Amazon Web Service) VPC. There is a requirement to ensure that logs files from the EC2 Instance are stored accordingly. The access should also be limited for the destination of the log files. How can this be accomplished? Choose 2 answers from the options given below. Each answer forms part of the solution(Select 2answers)A) Create an lAM policy that gives the desired level of access to the Cloud watch Log groupB) Create an lAM policy that gives the desired level of access to the Cloud trail.C) Stream the log files to a separate Cloudwatch Log groupD) Stream the log files to a separate Cloudtrail trail Right Answer and Explanation: 1. Right Answer: DExplanation: Applications must sign their API requests with AWS(Amazon Web Service) credentials. Therefore, if you are an application developer, you need a strategy for managing credentials for your applications that run on EC2 instances. For example, you can securely distribute your AWS(Amazon Web Service) credentials to the instances, enabling the applications on those instances to use your credentials to sign requests, while protecting your credentials from other users. However, it's challenging to securely distribute credentials to each instance, especially those that AWS(Amazon Web Service) creates on your behalf, such as Spot Instances or instances in Auto Scaling groups. You must also be able to update the credentials on each instance when you rotate your AWS(Amazon Web Service) credentials. IAM roles are designed so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Option A,C and D are invalid because using AWS(Amazon Web Service) Credentials in an application in production is a direct no recommendation for secure access For more information on IAM Roles, please visit the below URL http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html2. Right Answer: DExplanation: Option A is invalid because once you schedule the deletion , you cannot come back from the deletion process Option C and D are invalid because these will not check to see if the keys are being used or not The AWS(Amazon Web Service) Documentation mentions the following Deleting a customer master key (CMK) in AWS(Amazon Web Service) Key Management Service (AWS KMS) is destructive and potentially dangerous. It deletes the key material and all metadata associated with the CMK, and is irreversible. After a CMK is deleted you can no longer decrypt the data that was encrypted under that CMK, which means that data becomes unrecoverable. You should delete a CMK only when you are sure that you don't need to use it anymore. If you are not sure, consider disabling the CMK instead of deleting it. You can re-enable a disabled CMK if you need to use it again later, but you cannot recover a deleted CMK. For more information on deleting keys from KMS, please visit the below URL https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html3. Right Answer: BExplanation: 4. Right Answer: CExplanation: Option A is invalid because the normal AWS(Amazon Web Service) Shield Service will not help in immediate action against a DDos attack. This can be done via the AWS(Amazon Web Service) Shield Advanced Service Option B is invalid because this is a logging service for VPC's traffic flow but cannot specifically protect against DDos attacks. Option D is invalid because this is a logging service for AWS(Amazon Web Service) Services but cannot specifically protect against DDos attacks. The AWS(Amazon Web Service) Documentation mentions the following AWS Shield Advanced provides enhanced protections for your applications running on Amazon EC2, Elastic Load Balancing (ELB), Amazon CloudFront and Route 53 against larger and more sophisticated attacks. AWS(Amazon Web Service) Shield Advanced is available to AWS(Amazon Web Service) Business Support and AWS(Amazon Web Service) Enterprise Support customers. AWS(Amazon Web Service) Shield Advanced protection provides always-on, flow-based monitoring of network traffic and active application monitoring to provide near real-time notifications of DDoS attacks. AWS(Amazon Web Service) Shield Advanced also gives customers highly flexible controls over attack mitigations to take actions instantly. Customers can also engage the DDoS Response Team (DRT) 24X7 to manage and mitigate their application layer DDoS attacks. For more information on AWS(Amazon Web Service) Shield, please visit the below URL https://aws.amazon.com/shield/faqs/5. Right Answer: A,CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
CISA—Certified Information Systems Auditor - Part 116
Questions 1. Which of the following is a software application that pretend to be a server on the Internet and is not set up purposely to actively protect against break-ins?A) Bastion hostB) Honey potC) Dual HomedD) Demilitarize Zone (DMZ)2. Which of the following type of honey pot essentially gives a hacker a real environment to attack?A) High-interactionB) Low-interactionC) Med-interactionD) None of the choices3. An IS auditor needs to consider many factors while evaluating an encryption system. Which of the following is LEAST important factor to be considered while evaluating an encryption system?A) Encryption algorithmB) Encryption keysC) Key lengthD) Implementation language4. Which of the following statement correctly describes the difference between symmetric key encryption and asymmetric key encryption?A) In symmetric key encryption the same key is used for encryption and decryption where as asymmetric key uses private key for encryption and decryptionB) In symmetric key encryption the public key is used for encryption and the symmetric key for decryption. Where as in asymmetric key encryption the public key is used for encryption and private key is used for decryptionC) In symmetric key encryption the same key is used for encryption and decryption where as in asymmetric key encryption the public key is used for encryption and private key is used for decryption.D) Both uses private key for encryption and the decryption process can be done using public key5. Which policy helps an auditor to gain a better understanding of biometrics system in an organization?A) BIMS PolicyB) BOMS PolicyC) BMS PolicyD) BOS Policy Right Answer and Explanation: 1. Right Answer: BExplanation: A Honey pot is a software application or system that pretends to be a normal server on the internet and it is not set up actively protect against all break-ins. In purpose, some of the updates, patches, or upgrades are missing.You then monitor the honey pot to learn from the offensive side.There are two types of honey pot:High-interaction Honey pots '' Essentially gives hacker a real environment to attack. High-interaction honey pots imitate the activities of the production systems that host a variety of services and, therefore, an attacker may be allowed a lot of services to waste his time. According to recent research into high-interaction honey pot technology, by employing virtual machines, multiple honey pots can be hosted on a single physical machine. Therefore, even if the honey pot is compromised, it can be restored more quickly. In general, high-interaction honey pots provide more security by being difficult to detect, but they are highly expensive to maintain. If virtual machines are not available, one honey pot must be maintained for each physical computer, which can be exorbitantly expensive.Example: Honey net.Low interaction '' Emulate production environment and therefore, provide more limited information. Low-interaction honey pots simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the virtual system's security. Example: Honeyed.The following were incorrect answers:Bastion host - On the Internet, a bastion host is the only host computer that a company allows to be addressed directly from the public network and that is designed to screen the rest of its network from security exposure. DMZ or Demilitarize Zone In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a 'neutral zone' between a company's private network and the outside public network. It prevents outside users from getting direct access to a server that has company data. Dual Homed - Dual-homed or dual-homing can refer to either an Ethernet device that has more than one network interface, for redundancy purposes, or in firewall technology, dual-homed is one of the firewall architectures for implementing preventive security.Dual-Homed - An example of dual-homed devices are enthusiast computing motherboards that incorporate dual Ethernet network interface cards or a firewall with two network interface cards. One facing the external network and one facing the internal network.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 348http://searchsecurity.techtarget.com/definition/bastion-hosthttp://searchsecurity.techtarget.com/definition/DMZhttp://en.wikipedia.org/wiki/Honeypot_%28computing%29http://en.wikipedia.org/wiki/Dual-homed2. Right Answer: AExplanation: http://www.ce-infosys.com/english/free_compusec/free_compusec.aspxHigh-interaction type of honey pot essentially gives an attacker a real environment to attack.Also, you should know below information about honey pot for CISA exam:A Honey pot is a software application that pretends to be an unfortunate server on the internet and is not set up actively protect against break-ins.There are two types of honey pot:High-interaction Honey pots '' Essentially gives hacker a real environment to attack. High-interaction honey pots imitate the activities of the production systems that host a variety of services and, therefore, an attacker may be allowed a lot of services to waste his time. According to recent research into high-interaction honey pot technology, by employing virtual machines, multiple honey pots can be hosted on a single physical machine. Therefore, even if the honey pot is compromised, it can be restored more quickly. In general, high-interaction honey pots provide more security by being difficult to detect, but they are highly expensive to maintain. If virtual machines are not available, one honey pot must be maintained for each physical computer, which can be exorbitantly expensive.Example: Honey net.Low interaction '' Emulate production environment and therefore, provide more limited information. Low-interaction honey pots simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the virtual system's security. Example: Honeyed.The following were incorrect answers:Med-interaction '' Not a real type of honey potThe following reference(s) were/was used to create this question:CISA review manual 2014 Page number 348http://en.wikipedia.org/wiki/Honeypot_%28computing%293. Right Answer: DExplanation: Implementation language is LEAST important as compare to other options. Encryption algorithm, encryption keys and key length are key elements of anEncryption system.It is important to read carefully the question. The word 'LEAST' was the key word. You had to find which one was LEAST important.The following were incorrect answers:Other options mentioned are key elements of an Encryption systemEncryption Algorithm '' A mathematically based function or calculation that encrypts/decrypts dataEncryption keys '' A piece of information that is used within an encryption algorithm (calculation) to make encryption or decryption process unique. Similar to passwords, a user needs to use the correct key to access or decipher the message into an unreadable form.Key length '' A predetermined length for the key. The longer the key, the more difficult it is to compromise in brute-force attack where all possible key combinations are tried.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 3484. Right Answer: CExplanation: There are two basic techniques for encrypting information: symmetric encryption (also called secret key encryption) and asymmetric encryption (also called public key encryption.)Symmetric Encryption -Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.Few examples of symmetric key algorithms are DES, AES, Blowfish, etcAsymmetric Encryption -The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message. One answer is the usage of asymmetric encryption, in which there are two related keys, usually called a key pair. The public key is made freely available to anyone who might want to send you a message. The second key, called the private key is kept secret, so that only you know it.Any message (text, binary files, or documents) that are encrypted using the public key can only be decrypted by the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key.This means that you do not have to worry about passing public keys over the Internet (the keys are supposed to be public).A problem with asymmetric encryption, however, is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of the message.Few examples of asymmetric key algorithms are RSA, Elliptic key Cryptography (ECC), El Gamal, Differ-Hellman, etcThe following were incorrect answers:The other options don't describe correctly the difference between symmetric key and asymmetric key encryption.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 348 and 349http://support.microsoft.com/kb/2460715. Right Answer: AExplanation: The auditor should use a Biometric Information Management System (BIMS) Policy to gain better understanding of the biometric system in use.Management of Biometrics -Management of biometrics should address effective security for the collection, distribution and processing of biometrics data encompassing:Data integrity, authenticity and non-repudiationManagement of biometric data across its life cycle '' compromised of the enrollment, transmission and storage, verification, identification, and termination processUsage of biometric technology, including one-to-one and one-to-many matching, for identification and authenticationApplication of biometric technology for internal and external, as well as logical and physical access controlEncapsulation of biometric data -Security of the physical hardware used throughout the biometric data life cycleTechniques for integrity and privacy protection of biometric data.Management should develop and approve a Biometric Information Management and Security (BIMS) policy. The auditor should use the BIMS policy to gain better understanding of the biometric system in use. With respect to testing, the auditor should make sure this policy has been developed and biometric information system is being secured appropriately.The identification and authentication procedures for individual enrollment and template creation should be specified in BIMS policy.The following were incorrect answers:All other choices presented were incorrect answers because they are not valid policies.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 331 and 332 .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
CISA—Certified Information Systems Auditor - Part 372
Questions 1. An IS auditor has just completed a physical access review of the organization's primary data center. Which of the following weaknesses should be of MOST concern?A) Metal keys are used for access.B) Backups of video cameras are corrupt.C) There is no mantrap at the main door.D) There is no manual logging for visitors.2. An IS auditor's PRIMARY concern about a business partner agreement for the exchange of electronic information should be to determine whether there is:A) a clause that addresses the audit of shared systems.B) evidence of review and approval by each partner's legal department.C) an information classification framework.D) appropriate control and responsibility defined for each partner.3. The BEST reason for implementing a virtual private network (VPN) is that it:A) eases the implementation of data encryption.B) allows for public use of private networks.C) enables use of existing hardware platforms.D) allows for private use of public networks.4. In an annual audit cycle, the audit of an organization's IT department resulted in many findings. Which of the following would be the MOST important consideration when planning the next audit?A) Limiting the review to the deficient areasB) Verifying that all recommendations have been implementedC) Postponing the review until all of the findings have been rectifiedD) Following up on the status of all recommendations5. An IS auditor is conducting a follow-up internal IS audit and determines that several recommendations from the prior year have not been implemented. Which of the following should be the auditor's FIRST course of action?A) Evaluate the recommendations in context of the current IT environment.B) Continue the audit and disregard prior audit recommendations.C) Request management implement recommendations from the prior year.D) Add unimplemented recommendations as findings for the new audit. Right Answer and Explanation: 1. Right Answer: CExplanation: 2. Right Answer: CExplanation: The overall purpose of using a formal information classification scheme is to ensure proper handling based on the information content and context. Context refers to the usage of information.Two major risks are present in the absence of an information classification scheme. The first major risk is that information will be mishandled. The second major risk is that without an information classification scheme, all of the organization's data may be subject to scrutiny during legal proceedings. The information classification scheme safeguards knowledge. Failure to implement a records and data classification scheme leads to disaster3. Right Answer: DExplanation: Virtual private networks (VPNs) connect remote users over an insecure public network such as the Internet. The connection is virtual because it is temporary with no physical presence. VPN technology is cost-effective and highly flexible. A VPN creates an encrypted tunnel to securely pass data as follows: Between two machines (host-host) From a machine to a network (host-gateway) From one network to another network (gateway-gateway)4. Right Answer: DExplanation: 5. Right Answer: DExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
CISM—Certified Information Security Manager - Part 232
Questions 1. Which of the following is the -responsibility of the information security steering committee?A) Developing security polices aligned with the corporate and IT strategiesB) Reviewing business cases where benefits have not been realizedC) Identifying risks associated with new security initiativesD) Developing and presenting business cases for security initiatives2. After an information security business case has been approved by senior management, it should be:A) used to design functional requirements for the solution.B) used as the foundation for a risk assessment.C) referenced to build architectural blueprints for the solution.D) reviewed at key intervals to ensure intended outcomes.3. Which is the MOST important to enable a timely response to a security breach?A) Knowledge sharing and collaborationB) Security event loggingC) Roles and responsibilitiesD) Forensic analysis4. When preparing a business case for the implementation of a security information and event management (SIEM) system, which of the following should be aPRIMARY driver in the feasibility study?A) Cost of softwareB) Cost-benefit analysisC) Implementation timeframeD) Industry benchmarks5. Which of the following BEST demonstrates that an organization supports information security governance?A) Employees attend annual organization-wide security training.B) Information security policies are readily available to employees.C) The incident response plan is documented and tested regularly.D) Information security steering committee meetings are held regularly. Right Answer and Explanation: 1. Right Answer: AExplanation: 2. Right Answer: DExplanation: 3. Right Answer: BExplanation: 4. Right Answer: BExplanation: 5. Right Answer: DExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
Comptia A+ 1002 2023 Questions and answer - Part 50
Questions 1. Ann, a customer, reports that when she occasionally works in the office basement, her smartphone battery drains faster than normal and she has poor cellular reception. Which of the following is the reason for the fast battery drain?A) A. Unpaired BluetoothB) B. Weak signalB. Weak signalC) C. Defective SD cardD) D. Malware2. Which of the following should a technician implement to prevent external contractors from physically plugging devices into the company-s network jacks unless such jacks are designated for guest use?A) A. Disable DHCP and assign a static IP address to each network device physically connected to the network.B) B. Enable MAC address filtering across all network jacks and record the MAC address of guest devices.C) C. Disable all switch ports when they are not utilized and enable them on an as needed basis.D) D. Place guest network jacks in public areas and all other jacks in secure areas as needed.3. A technician is using a domain account to access files located on a server at the path \\computername\C$.The technician receives an -Access denied error message. Which of the following is MOST likely the cause of the error?A) A. The server is no longer accepting connections since reaching its limit of open shares.B) B. The password is incorrect, requiring the user to reset it before authentication will proceed.C) C. The username should be prefixed by the domain, followed by a backslash (e.g., domain\username).D) D. The account does not have local administrative permissions to access the server share.4. A user wants to configure a smartphone to save all attachments from an Outlook.com email to a cloud-based service. Which of the following would be BEST to use to accomplish this?A) A. Google DriveB) B. iCloudC) C. One DriveD) D. FTP5. A technician is tasked to change the number of CPU cores available to the OS to enhance productivity. Which of the following tools would allow the technician to perform this task?A) A. msconfigB) B. perfmonC) C. taskmgrD) D. dxdiag Right Answer and Explanation: 1. Right Answer: BExplanation: 2. Right Answer: CExplanation: 3. Right Answer: DExplanation: 4. Right Answer: CExplanation: 5. Right Answer: AExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
Comptia IT Fundamentals 2023 Questions and answer - Part 50
Questions 1. Ann, a user, wishes to free space in her documents folder. Which of the following is the BEST characteristic to sort by in order to ensure that the most space is freed by deleting the least amount of files?A) A. Date modifiedB) B. File pathC) C. SizeD) D. Extension2. Where can a user find the latest updates, upgrades, or firmware for an electronic device that the vendor supports?A) A. Internet search engineB) B. Internet forumC) C. Technical community groupsD) D. OEM website3. When applying ergonomics to a workstation area, which of the following are the MOST important to consider? (Select TWO).(Select 2answers)A) A. Proper sitting positionB) B. Amount of time computer will be usedC) C. Clarity of the displayD) D. Proper keyboard and mouse heightE) E. Number of speakers in sound systemF) F. Brightness and contrast of the display4. An RoHS label on hardware indicates which of the following?A) A. The hardware produces EMI when used.B) B. The hardware is certified to be energy efficient.C) C. The hardware provides battery backup for power outages.D) D. The hardware needs to be properly disposed.5. Ann, a user, reports that her computer was working this morning, but now the screen is blank. The power indicator for the monitor is on. Pressing the space bar or mouse does not fix the problem. Which of the following is the cause?A) A. The monitor power cable is unplugged.B) B. The video cable has become disconnected.C) C. The video driver is not installed.D) D. The operating system has encountered a stop error.E) E. The screen saver has activated. Right Answer and Explanation: 1. Right Answer: CExplanation: 2. Right Answer: DExplanation: 3. Right Answer: A,DExplanation: 4. Right Answer: DExplanation: 5. Right Answer: BExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
ComptiA Security+ Certification Exam Questions and answer - Part 26
Questions 1. A new firewall has been places into service at an organization. However,a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network. Which of the following steps should be completed to BEST resolve the issue?A) The firewall should be configured to prevent user traffic form matching the implicit deny rule.B) The firewall should be configured with access lists to allow inbound and outbound traffic.C) The firewall should be configured with port security to allow traffic.D) The firewall should be configured to include an explicit deny rule.2. A new hire wants to use a personally owned phone to access company resources. The new hire expresses concern about what happens to the data on the phone when they leave the company. Which of the following portions of the company's mobile device management configuration would allow the company data to be removed from the device without touching the new hire's data?A) Asset controlB) Device access controlC) Storage lock outD) Storage segmentation3. A new intern in the purchasing department requires read access to shared documents. Permissions are normally controlled through a group called 'Purchasing',however,the purchasing group permissions allow write access. Which of the following would be the BEST course of action?A) Modify all the shared files with read only permissions for the intern.B) Create a new group that has only read permissions for the files.C) Remove all permissions for the shared files.D) Add the intern to the 'Purchasing' group.4. A new mobile application is being developed in-house. Security reviews did not pick up any major flaws,however vulnerability scanning results show fundamental issues at the very end of the project cycle. Which of the following security activities should also have been performed to discover vulnerabilities earlier in the lifecycle?A) Architecture reviewB) Risk assessmentC) Protocol analysisD) Code review5. A new security administrator ran a vulnerability scanner for the first time and caused a system outage. Which of the following types of scans MOST likely caused the outage?A) Non-intrusive credentialed scanB) Non-intrusive non-credentialed scanC) Intrusive credentialed scanD) Intrusive non-credentialed scan Right Answer and Explanation: 1. Right Answer: AExplanation: 2. Right Answer: DExplanation: 3. Right Answer: BExplanation: 4. Right Answer: DExplanation: 5. Right Answer: DExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Search
Popular categories
Latest blogs
CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Write a public review