General Security Concepts

A security engineer writes a script that computes SHA-256 hashes of critical server configuration files every night and sends an alert if any hash value has changed since the previous night. Which security goal is this control primarily designed to protect?

A financial institution updates its access control policy to require that two different system administrators must approve and execute any changes to the core transaction processing database. Which security principle is this practice primarily designed to enforce?

A security architect is designing the network security posture for a new branch office. The plan includes a next-generation firewall at the perimeter, an intrusion prevention system on the internal network, mandatory multi-factor authentication for all remote access, and quarterly security awareness training for employees. The architect explains that these controls are independent of each other so that a failure in any single control does not leave the entire network unprotected. Which security concept is the architect primarily implementing?

A security analyst at a hospital is reviewing user permissions in the electronic health record (EHR) system. The analyst discovers that all nursing staff accounts are members of the 'Administrators' group, which grants full read and write access to all patient records, as well as the ability to modify system configuration settings. The nursing staff's job responsibilities only require viewing and updating records for patients currently assigned to them. Which security principle is most directly violated by this configuration?

A defense contractor is deploying a new document management system that will store classified military intelligence. The security policy requires that user access to each document is strictly determined by the document's classification label (e.g., Confidential, Secret, Top Secret) and the user's verified security clearance level. Furthermore, system administrators must not be able to change these access rules or grant themselves access to documents above their clearance. Which access control model is best suited for this requirement?

A security analyst is investigating a data integrity incident where an attacker exploited a vulnerability in a web application to alter customer account balance records in the database. The analyst identifies the exact records that were modified and restores those records from a verified read-only backup taken prior to the attack. Which security goal is the analyst primarily addressing by restoring the records from backup?

A software vendor distributes critical security updates for its application through a public download website. The vendor wants to allow customers to verify that each update originated from the vendor and has not been modified in transit. Which of the following cryptographic techniques should the vendor apply to the update files before posting them for download?

A financial institution is implementing a new policy for all remote access to its payment processing system. The system will generate a unique digital signature for each administrative action, and all actions will be recorded in a tamper-evident audit log that is replicated to an immutable storage location. The primary objective of this policy is to ensure that administrators who perform sensitive operations cannot later deny having executed them. Which security goal is this policy primarily intended to enforce?

A security auditor is reviewing the access controls for a payroll application. The auditor discovers that a single user, the payroll manager, has permissions to both create new employee records and then approve and process salary payments for those records. The company's security policy requires that no single individual should be able to execute both the creation and the approval of a payment for the same employee. Which of the following security principles is the company's policy attempting to enforce?

A security architect is designing a defense strategy for a database containing sensitive customer records. The architect implements a network firewall to restrict inbound traffic to only the application server, enforces file-level encryption for the database files, requires multi-factor authentication for all administrative access, and deploys a database activity monitoring system to alert on unusual queries. Which security principle is the architect primarily applying?

A company is enhancing its network security posture. The security team deploys a system that passively monitors network traffic, analyzes packets for signs of malicious activity, and generates alerts when suspicious patterns are detected. This system does not actively block or modify any traffic. Which type of security control does this system BEST represent?

A company wants one document that tells employees what they are required to do when handling company systems and data. Which document type is the best fit?

After a user signs in, a file server checks whether they can edit a shared folder. Which AAA concept is being applied?

A legal team must send a confidential contract to a partner so only the intended recipient can read it, and the partner also needs assurance the file really came from your company. Which approach best meets both needs?

Which two statements describe authorization? Select two.

A restricted server room opens only with a badge, and an alarm sounds if the door is left open too long. Which control type is the alarm?

Based on the exhibit, what should be implemented to reduce the blast radius if a backup server is compromised later? Backup job configuration: algorithm=AES-256-GCM key_file=/opt/backup/key.bin rotation=disabled same_key_for_all_sites=true backup_media copied to an offsite vault each night

Based on the exhibit, what is the best fix so role changes are reflected promptly in the application? Token and directory data: 09:10 Token issued for user jdoe groups=[Finance_Approver, Expense_Reviewer] auth_time=09:10 exp=17:10 09:15 HR updated directory: jdoe moved to Sales 11:00 The application still accepts the original token and allows expense approval 11:01 Identity provider logs show no token revocation event

Based on the exhibit, which change best improves accountability while still allowing emergency access? A finance team uses the following shared account on a jump host: 07:55:12 Account=FIN-ADMIN Action=ApproveInvoice Host=JUMP-02 IP=10.30.8.21 07:56:03 Account=FIN-ADMIN Action=ChangeVendorBank Host=JUMP-02 IP=10.30.8.21 07:57:44 Account=FIN-ADMIN Action=ExportReport Host=JUMP-02 IP=10.30.8.21 Note: FIN-ADMIN is used by three finance managers during after-hours support.

Based on the exhibit, which additional control is the best fit to prevent employees from copying sensitive reports to removable media?

Which document tells all employees what they are allowed and not allowed to do when using company systems?

The security team configures the badge system so employees must present both a badge and a PIN before entering the data center. The access logs are reviewed weekly for failed attempts. Which pair of control types best describes these measures?

Based on the exhibit, what is the best governance improvement? Data handling procedure: - Managers may approve external sharing exceptions verbally. - Staff record exceptions in email threads. - No retention period is defined for exception evidence. Audit note: multiple exceptions could not be traced to an approver.

Which two practices help protect encryption keys? Select two.

A development team signs branch-router firmware before deployment. The same code-signing private key is stored on two build servers, and a compromise of either server would let an attacker sign malicious updates that look legitimate. Which two changes best reduce the cryptographic risk while preserving the ability to sign trusted releases? Select two.

Based on the exhibit, which document should be created or updated to make these settings mandatory and measurable? Endpoint baseline draft: - Full-disk encryption should be enabled on all corporate laptops. - Screen lock should activate after 15 minutes of inactivity. - Users should choose strong passwords. Related documents: Policy: Acceptable Use Policy Standard: none Procedure: Laptop imaging steps Guideline: Suggested hardening tips

Which two are common warning signs of phishing messages? Select two.

A company wants to make sure only approved administrators can view and rotate a shared encryption secret used by several applications. What is the best way to manage that secret?

A help desk receives an email from an employee asking to urgently reset MFA because they are traveling and locked out. The sender address matches the employee's name but uses a slightly different domain. What is the best action for the help desk agent?

Which two are detective controls? Select two.

A company suspects the master encryption key used by a cloud storage service may have been exposed. The data must remain protected if someone later obtains a copy of the old key. What is the best next step?

During an incident, a server administrator needs elevated access to production logs for exactly two hours after manager approval. The organization does not want standing privileged accounts. Which solution is the best fit?

Based on the exhibit, which document type should be updated to make the approval and retention requirements mandatory across the organization?

Based on the exhibit, which improvement best addresses the biggest cryptographic risk? TLS inventory: - edge-vpn01 and edge-vpn02 present the same certificate and private key - private key file stored in a shared SMB folder - admins copy the key manually during maintenance - compromise of either gateway would expose the file path to the same share

Based on the exhibit, what is the best fix so role changes take effect promptly without waiting for token expiration?

Which two actions are examples of accounting in AAA? Select two.

Which action is the best example of accounting in AAA?

A development team needs a centralized service to store, rotate, and control access to encryption keys for applications. Which solution best fits?

A security team configures the SIEM to alert when a user account has several failed logins followed by a successful login from a new location. What type of control is this?

A manager wants files on a stolen laptop to remain unreadable even if the drive is removed and connected to another computer. Which control should be implemented?

Which two documents are typically mandatory and organization-wide rather than optional guidance? Select two.

Based on the exhibit, which additional control best reduces the risk of tailgating at the entrance while preserving normal employee flow?

Based on the exhibit, which awareness control best addresses the observed failure pattern?

The help desk needs a document that describes the exact steps for verifying a caller and resetting a password. What type of document should they use?

An employee receives an email that appears to be from the CEO and asks for an urgent wire transfer. The sender address is slightly different from the real company address. What is the best first action?

After an employee successfully signs in to a file-sharing portal, the portal checks whether the employee can upload files to a specific project folder. Which AAA concept is being used?

A payroll application allows the same user to create a vendor and approve a payment. The security team wants to reduce fraud without adding unnecessary complexity. Which principle should they apply?

Based on the exhibit, which control would most effectively reduce the remaining successful attacks? Phishing awareness results: Team A: click rate 8%, report rate 6%, median report time 52 min Team B: click rate 7%, report rate 18%, median report time 14 min Team C: click rate 12%, report rate 21%, median report time 10 min Incident summary: Team C had one mailbox takeover after a user approved an MFA push while traveling.

Based on the exhibit, what is the best improvement to reduce the impact if one backup server is compromised?

A company wants controls that rely on people and documented direction rather than technology. Which two are administrative controls? Select two.

A company wants to reduce the chance that a stolen password can be used to access employee email. Which control is the best fit?

An employee receives a phone call from someone claiming to be IT and asking for a one-time verification code to "fix" the employee's account. What is the best response?

A company wants to detect unauthorized changes to production server configurations before users notice an outage. Which two controls best fit this goal? Select two.

An organization is redesigning access for a finance application. Employees should be able to approve expense reports only within their assigned job roles, and every approval must be traceable to the individual user who performed it. Which access model best fits this requirement?

Which two uses are appropriate for encryption in transit? Select two.

A security manager wants to require that all company laptops use at least a 14-character password and lock after 10 minutes of inactivity. Which document should define these mandatory settings?

Based on the exhibit, what additional control is the best fit? Current controls on the finance share: - SMB signing enabled - Weekly access review - Nightly backups to immutable storage - Antivirus scans at 02:00 Incident: a valid VPN account was used to access 40,000 files in 8 minutes and copy them to a local drive. Goal: detect unauthorized bulk access quickly before exfiltration completes.

Based on the exhibit, what is the best change to improve accountability without removing emergency access?

An administrator needs to send sensitive configuration details to a remote branch office so only the branch manager can read them. Which cryptographic method is most appropriate?

Match each control type to the example that best fits it.

A legacy payroll server has a critical patch available, but the business cannot reboot it for 45 days. The team isolates the server to only the payroll application subnet and requires written approval before any temporary firewall exception is made. Which two control types are present? Select two.

After several unauthorized edits to firewall objects caused a production outage, a security team wants one control that will flag future configuration drift and another that will automatically restore the approved baseline before the next maintenance window. Which two controls best meet that goal? Select two.

Match each control type to the most fitting example in a branch office.

Based on the exhibit, what change would best protect the password database against precomputed attacks and make identical passwords less obvious?

Based on the exhibit, what control type is the file integrity monitor providing?

Based on the exhibit, which security principle is the proposed access model most aligned with?

An analyst on the HR application team needs access to a production database replica only long enough to verify a column-mapping issue. The analyst should not be able to browse salary fields, export tables, or keep access after the task ends. Which principle best matches the desired access model?

A security team stores employee passwords in a database. Which method best protects the passwords if the database is stolen?

A user downloads a company software update and wants to verify it really came from the vendor and was not changed in transit. Which cryptographic feature should they check?

To reduce fraud, a finance system requires one user to create a payment batch, a different user to approve it, and a third role to release it to the bank. An audit recommends adding a "super-user" who can perform all three steps to speed month-end close. Which principle would that recommendation most directly weaken?

Match each security principle to the best workplace example.

A cloud backup service uses envelope encryption. The key-encryption key is nearing the end of its approved lifetime, but the business cannot decrypt and re-encrypt every backup object this week. Which two statements best describe the correct rotation approach? Select two.

In the finance workflow, one employee can create a payment batch but cannot approve it, and the same person also cannot view employee records that are unrelated to the task. Which two principles are being enforced? Select two.

Based on the exhibit, which control type best describes the jump host requirement?

A vendor distributes a Linux package through multiple mirrors. Security wants to verify that the package really came from the vendor and was not altered after publication, even if a mirror or CDN is compromised. Which cryptographic mechanism should be checked?

Based on the exhibit, which cryptographic mechanism provides proof that the update came from the vendor and was not altered?

Match each security control type to the best example in a small office environment.

Match each cryptographic action to the most appropriate use case.

A contractor is brought in to investigate a single alert on an ERP system. The contractor gets read-only access to one log source through a jump host, cannot see user payroll records, and the account expires automatically at shift end. Which two principles are being applied? Select two.

Match each access principle to the best description.

A web portal for customer refunds checks device health at sign-in, then re-checks the device and user context before each refund over a threshold. A session that started on a managed laptop is blocked when the laptop later fails posture checks, even though the password remains valid. Which principle is best illustrated?

A small company wants all employees to lock their screens after 10 minutes of inactivity, and the rule is included in the formal security policy. What type of control is this?

A company uses an encryption key for a database backup process. The key is being replaced because the old one is near the end of its approved use period. What is this action called?

A user database is stolen from a SaaS portal. Investigators discover the password column contains the same value for every user who chose "Summer2026!", and an attacker could use precomputed tables to crack weak passwords quickly. Which change best addresses both the repeated-value issue and rainbow-table risk?

Based on the exhibit, which security principle is the proposed workflow most directly enforcing?

A hybrid cloud portal first checks device health at the identity provider, then requires MFA, then enforces a per-application authorization decision before each sensitive action. Network access is also limited by a gateway, and a WAF sits in front of the app. Which two principles are best demonstrated? Select two.

A company uses MFA, endpoint protection, firewalls, and network segmentation together to protect a customer portal. Which security principle does this best illustrate?

A company stores application passwords in a database that could be stolen during a breach. The team wants to prevent attackers from using precomputed tables and also make identical passwords produce different stored values. Which two changes should be implemented? Select two.

A help desk technician needs temporary access to read one shared folder to troubleshoot a printer issue. Which access choice best follows least privilege?

Based on the exhibit, what control type is the automated reapplication of the baseline?

A records application displays a mandatory notice before login that tells employees exactly which data types they may open, when to lock their screens, and that only assigned work may be processed. The notice is meant to shape behavior before misuse occurs, but it does not technically block any action. Which control type is this notice?

Based on the exhibit, which action is required to keep the backups restorable after the key-encryption key rotation?

Match each cryptographic concept to its best purpose.

Based on the exhibit, which access change best follows least privilege while still allowing the help desk to complete the task?

Before installing a vendor patch package on hundreds of endpoints, the security team wants to confirm the file was published by the vendor and was not altered during download. Which two verification steps should the team perform? Select two.

Match each principle to the scenario that best illustrates it.

A finance manager can view only the reports needed for monthly budgeting and cannot see payroll details. Which principle is being applied?

During routine checks, configuration management finds several branch firewalls drifted from the approved baseline because a contractor changed settings locally. An automation job now compares each device nightly and automatically reapplies the approved configuration without waiting for a human ticket. Which control type is the automation?

Based on the exhibit, which principle should the organization enforce to reduce fraud risk while keeping the business process functional?

Match each scenario from a security design review to the principle it best demonstrates.

Match each security principle to the best description.

Match the security need to the best cryptographic solution.

A help desk analyst can reset passwords in the ticketing portal but cannot view payroll records, edit user profiles, or access other HR functions. Which security principle is the organization applying?

A legacy payroll application cannot support multifactor authentication yet, but the business still needs to reduce risk while the application is being modernized. The security team limits access to a hardened jump host, requires manager approval for access requests, and adds extra logging until the application can be upgraded. What type of control is this?

A security architect proposes adding endpoint protection, network segmentation, multifactor authentication, email filtering, and immutable backups so that one failed safeguard does not expose the entire organization. What security strategy is being described?

Based on the exhibit, which security principle should the team strengthen to reduce the chance that stolen credentials alone provide access to sensitive data?

Based on the exhibit, what is the best conclusion about the signed document?

Match each cryptographic primitive to its main purpose.

A branch office needs to send a confidential design document to headquarters over an untrusted network. Headquarters already has the public/private key pair available for document exchange. Which method is most appropriate to keep the file confidential during transit without first sharing a secret key?

A backup server encrypts large nightly database exports before sending them to an offsite storage system. The organization has already arranged a secure way to share the secret key between the systems, and performance is a concern because the files are very large. Which encryption approach is the best fit?

To discourage unauthorized entry into a records room, facilities installs a large warning sign, a visible camera over the door, and a turnstile staffed by a guard during business hours. Which control category is the warning sign intended to support most directly?

Based on the exhibit, which principle is most directly being violated by the current share permissions?

Based on the exhibit, which key management improvement best preserves recoverability if the primary backup server is lost?

A security team downloads a software update package signed by the vendor. The team verifies the signature using the vendor's public key before approving deployment. What does this verification primarily confirm?

Based on the exhibit, what best describes the additional measures applied to the legacy system?

A system administrator downloads a vendor patch package and a separate checksum file. After the download completes, the administrator runs a command that produces a SHA-256 value for the package and compares it to the vendor's published value. Which cryptographic primitive is being used for the comparison?

After a successful phishing attempt, the security team adds MFA, email sandboxing, endpoint isolation, and immutable backups so that one failed safeguard does not expose the company. Which principle does this best illustrate?

A legal department sends a confidential contract to an outside partner without first exchanging a shared secret. The sender encrypts the document with the partner's public key so that only the partner can decrypt it with the matching private key. Which cryptographic approach is being used?

A cloud support team is changing the way employees access an internal finance portal. Instead of trusting the user's initial login for the rest of the session, the portal now checks identity, device posture, and request context again before allowing access to payroll data or download actions. Which security concept is being implemented?

A legacy reporting application cannot be modified this quarter, but users still need access from the corporate network. Security adds a hardened jump server, tighter monitoring, and manual approval for each session because MFA cannot be built into the app yet. What type of control is this?

A systems administrator downloads a patch and a SHA-256 checksum file from the vendor. The administrator hashes the patch locally and the values match. What does the matching hash primarily confirm?

A contractor is assigned to a single merger project. The manager approves access to only the project share and the project chat space, even though the contractor technically could use other collaboration tools. Which principle is most directly reflected?

Match each control category to the best example.

A legal department needs a contract file that can later prove who signed it and whether the content changed after signing. Which cryptographic mechanism should be used?

Based on the exhibit, what should the administrator do next?

Match each control type to the best description.

A help desk lead notices that several support technicians have broad administrator access across every department's systems so they can resolve tickets faster. After a phishing incident, management wants to reduce the damage if one technician account is compromised. What is the best security principle to apply when redesigning access?

Match each PKI term to what it does.

Based on the exhibit, which security principle does the organization appear to be using most clearly?

Match each principle to the workplace scenario.

A finance application stores approval records for wire transfers. Auditors need to prove which employee approved each transfer, and employees must not be able to deny their approval later. Which security objective is best addressed by binding each approval to an individual identity and preserving immutable logs?

After an internal PKI was rebuilt, users now see certificate warnings when connecting to the company intranet portal. The portal certificate chains to a new CA, but endpoint trust stores do not recognize it yet. What should the administrator deploy?

A company requires MFA, endpoint protection, and network filtering so that if one control misses a threat, another control still helps stop it. Which security principle is this?

Your company is syncing design files to a cloud object store. The security team wants to reduce risk if the storage account is stolen and also protect the files while they travel across the internet. Which approach is the best fit?

An operations manager is worried a single network administrator could quietly push an unauthorized firewall rule. The manager wants every rule change reviewed by a second person and documented before implementation. Which control best addresses this concern?

A baseline review found that standard developer accounts are local administrators, unsigned tools can run from user profile folders, and reimaged systems still end up with unauthorized persistence. Which two changes best improve hardening while preserving developer work? Select two.

A sales manager's laptop is often taken home and may contain customer pricing spreadsheets and contract drafts. Which control best protects the files if the laptop is stolen?

A finance app uses the corporate IdP for authentication. A user who moved out of finance can still approve invoices until the browser session expires, and the app caches local roles. Which two changes best make access changes take effect faster without storing app passwords? Select two.

A company launches a new HTTPS portal. Users should be able to confirm the site is really the company's portal and not a fake copy. Which control provides that trust?

An HR department hires contractors for fixed 60-day engagements. Accounts should stop working automatically when the engagement ends, and any rehire should require fresh approval rather than restoring old access. What IAM control is the best fit?

Employees authenticate once to a corporate portal and then open the help desk, payroll, and documentation apps without logging in again. The apps rely on tokens from the company's identity provider instead of storing separate passwords. What is being implemented?

A sysadmin is preparing a dedicated database server for production. The server will not host web services, print services, or file sharing. Which action best follows least privilege and secure defaults?

A developer installed an unknown root CA on a laptop. The browser now accepts a proxy certificate for intranet.apps.example without warnings. Which two controls most directly reduce the chance that this endpoint trusts a malicious interception certificate? Select two.

A finance application records each approval with the manager's unique user ID and a digital signature. Auditors want proof that the manager cannot later deny approving the transaction. Which security objective is most directly being addressed?

A web server should accept traffic only from a load balancer and a management jump host. The current host firewall allows all inbound ports, and the web service runs as a domain administrator. Which two changes most improve hardening without breaking the required access pattern? Select two.

A microservices team stores service private keys inside container images and renews certificates manually once a year. Security wants to reduce damage if a node is compromised and keep certificate trust manageable at scale. Which two changes are the best fit? Select two.

After imaging laptops, the security team wants to ensure screen-lock timeouts, local admin restrictions, and USB storage controls remain consistent on every device even after users make changes. What is the best approach?

A network team wants no single person to both approve and deploy a production firewall rule, and they also want the approval path to be defensible during an investigation. Which two control concepts best address the stated risk? Select two.

After employees transfer departments, they keep access to old SaaS applications because app-specific accounts are removed only after a manual cleanup ticket. Which two changes best close the lifecycle gap? Select two.

An internal audit found that a procurement team uses the shared account procure-approve to approve emergency purchases. The log only shows the shared account name, and managers say they cannot prove which person approved each request. Which two changes best improve accountability and nonrepudiation? Select two.

Based on the exhibit, what is the primary security concern with the current access assignments, and what concept is being violated?

Based on the exhibit, which change best reduces the risk of lateral movement if a user workstation is compromised?

Based on the exhibit, which change would most improve the security of the stored password data?

Based on the exhibit, which access model best fits the business requirement without creating many custom roles?

Based on the exhibit, which authentication method best meets the stated remote-admin requirement?

Based on the exhibit, users report that the new payment portal opens only after they bypass a browser warning. Which remediation best restores secure access without weakening certificate validation?