Correct Answer:

Encrypt the connection is correct. An on-path attack is performed by a hacker who uses a protocol analyzer to intercept network packets before they reach their destination. Use encryption to make sure that the hacker cannot read the intercepted packets.

Incorrect Answers:

Authenticate to a local credentials database, log the messages from console access at the branch office, and authenticate to a centralized LDAP server are incorrect. These actions will not stop the hacker from reading intercepted network packets.

Correct Answer:

Keeping attack surfaces to a minimum is correct. An attack surface is an aspect of your software application that is vulnerable for an attacker to exploit, such as an open port or running network service. Determine the minimum number of acceptable attack surfaces required and keep to that framework throughout the entire development cycle of the product.

Incorrect Answers:

Design review and code review are incorrect. Design and code reviews are helpful at catching coding errors and bugs but are not as important as keeping the number of exploitable attack surfaces to a minimum.

Application documentation is incorrect. Application documentation is helpful to testers and code reviewers but has no security impact.

Correct Answer:

Host-based firewall is correct. A host-based firewall can protect the remote users’ computers from network attacks originating from their Internet connection via their Internet service provider (ISP).

Incorrect Answers:

All other choices are incorrect. Pop-up blockers, anti-malware software, and anti-spam software are important security applications but do not guard against network attacks from being connected to the Internet.

Correct Answer:

Regenerate session keys and IDs after a successful login is correct. To protect against session cookie hijacking (a type of attack in which an unauthorized user uses a session cookie from another authenticated user to access the application), web applications should regenerate session keys and IDs after a successful login so that a secondary attempt to use the same session credentials from a hijacked cookie will not work.

Incorrect Answers:

Refresh the web browser page after login is incorrect. Refreshing the web browser page will not stop session cookie hijacking.

Disable cookies in the web browser is incorrect. Disabling cookies will prevent the application from working properly.

Disable cross-site scripting is incorrect. Cross-site scripting (XSS) is a type of application attack and not a web browser setting.

Correct Answer:

Use of an onboard TPM is correct. You can encrypt the contents of the laptop’s hard drive and have the trusted platform module (TPM) on the laptop’s motherboard store the encryption key. Only the sales engineer’s password can allow access to the data.

Incorrect Answers:

Use of a virtual machine, BIOS password, and cloud-based data retrieval are incorrect. These methods do not protect the confidentiality of the data on the laptop.

Correct Answer:

Chief information security officer is correct. Although the chief information security officer (CISO) may participate in the privacy process, the CISO needs to be designated within an official privacy role.

Incorrect Answer:

Data owner, data controller, and data steward are incorrect. These are official privacy roles.

Correct Answer:

Runbook is correct. A runbook is a set of rules that can be largely automated and, while it can indeed include human elements, often is used to automate features such as threat response, threat intelligence enrichment, and other activities that the security orchestration, automation, and response (SOAR) platform can orchestrate. These rules are generally condition-based, so instead of following a step-by-step pattern, they are triggered by preset conditions.

Incorrect Answers:

SIEM is incorrect. Security information and event management (SIEM) tools are used to gather and analyze multiple sources of data to enable cybersecurity analysists to understand trends better and make decisions.

Playbook is incorrect. A playbook lists step-by-step actions that need to occur within the SOAR process. The actions typically need to be performed by humans, so the playbook serves as the definitive guide to ensure that any documentation, required reporting, or other mandated actions that require human involvement and decision-making occur exactly when they should.

Policy is incorrect. While policies might guide the rules within the runbook, they don’t orchestrate the activities within the SOAR platform.

Correct Answer:

Port-based VLAN is correct. Using a port-based virtual local area network (VLAN), you can assign specific router and switch ports to different VLANs, which allows you to assign any network segment on any floor of your office to a specific VLAN. This provides flexibility so that the user’s location does not limit his or her network access.

Incorrect Answers:

Protocol-based VLAN is incorrect. A protocol-based VLAN subdivides networks into logical networks using specific network protocols and is not based on client location.

Subnetting is incorrect. Subnetting on its own will not provide the same access to clients in different physical locations.

Firewall zones is incorrect. Firewall zones are used at a higher level of the network to divide and secure networks behind the firewall.

Correct Answer:

Multifactor authentication is correct. Multifactor authentication is very secure and means that users must provide at least two unique identification factors, such as an access card, a PIN, and a fingerprint scan.

Incorrect Answers:

PIN, single sign-on to a directory server, and photo ID and security guard check are incorrect. These authentication models do not provide as strong security as multifactor authentication does.

Correct Answer:

Store electronic versions on a secure server and shred hard copies is correct. Keep your electronic copies on a secure server, and make sure any existing hard copies are shredded and not thrown in the garbage, where they could be found by a hacker performing dumpster diving.

Incorrect Answers:

Store plans on a local computer drive; put hard copies in garbage is incorrect. Hard copies in the garbage can be retrieved by a hacker, and files on your local computer are not secure.

Store plans on a local computer drive; put hard copies in garbage is incorrect. You should never display important network diagrams and plans where they can be seen by any passerby.

Keep printed plans in a binder on your desk is incorrect. Any curious passerby could examine the plans in the binder when you are away from your desk.