Question 201: Which type of compute architecture is the best fit for facilitating IoT data processing?
A. Serverless
B. Containers
C. On premises
D. Kubernetes
Correct Answer: A. Serverless
Explanation: IoT workloads commonly experience variable traffic and infrequent data intake. The event-driven nature of serverless computing is useful for these variations in traffic and data, because it triggers data processing when necessary. With serverless computing, IT teams can avoid paying for idle compute resources that are waiting for data to come in. Serverless offers a functional and cost-effective way to manage IoT device data.
Question 202: The cover story describes how to improve network security and advises on better verification of users, devices and applications through:
A. use of multifactor authentication.
B. automating analysis and response.
C. adopting zero-trust principles.
D. all of the above.
E. none of the above.
Correct Answer: D. all of the above.
Question 203: According to our cover story, the COVID-19 pandemic’s effect on cybersecurity has:
A. disrupted organized cyberattack efforts, giving security teams time to regroup.
B. made it more difficult for in-house infosec teams to aid now-remote employees.
C. both of the above.
D. neither of the above.
Correct Answer: B. made it more difficult for in-house infosec teams to aid now-remote employees.
Question 204: Experts advise CISOs to avoid burnout by paying more attention to self-care, such as:
A. participating in extreme sports, which have been proven to release tension.
B. occasional indulgences during off-duty hours, such as (responsible) alcohol and (legal) marijuana use.
C. getting adequate rest and finding healthy ways to disconnect and unwind.
D. none of the above.
E. all of the above.
Correct Answer: C. getting adequate rest and finding healthy ways to disconnect and unwind.
Question 205: Nemertes Rearch CEO Johna Till Johnson said modern nation-state attacks:
A. use the exact same techniques as other hackers, so it’s hard to tell the two apart.
B. use traditional hacking techniques but in more creative ways than other hackers.
C. focus on monetary gains exclusively, which is more costly in the long run for almost all victims.
D. none of the above.
Correct Answer: B. use traditional hacking techniques but in more creative ways than other hackers.
Question 206: The 2020 “CrowdStrike Services Cyber Front Lines Report” found:
A. the percentage of organizations that self-detect intrusions is up over 10% from 2017.
B. the average dwell time of a compromise is up by almost 30 days.
C. cybercriminals in 2018 favored web server attacks but, in 2019, favor spear phishing.
D. all of the above.
Correct Answer: A. the percentage of organizations that self-detect intrusions is up over 10% from 2017.
Question 207: According to Adam Isles, principal at The Chertoff Group, an organization can improve the effectiveness of its security efforts by using the Mitre ATT&CK framework, which:
A. helps security leaders be prepared for the most likely attack tactics, techniques and procedures hackers will use, based on what business the organization is in.
B. helps security leaders know what defenses they should have in place to thwart the likeliest attacks.
C. both of the above.
D. none of the above.
Correct Answer: C. both of the above.
Question 208: In our feature story on CISO burnout, research from Enterprise Strategy Group cited that, on average, CISOs last fewer than four years in the job, largely because of insufficient organizational investment in security.
A. True
B. False
Correct Answer: A. True
Question 209: Nemertes Research CEO Johna Till Johnson suggested the best source for tracking nation-state attacks is:
A. Mitre Corp., a federally funded research center.
B. the FBI.
C. the Department of Homeland Security.
Correct Answer: A. Mitre Corp., a federally funded research center.
Question 210: The Center for Internet Security’s Controls are:
A. six comprehensive steps that organizations should take that are almost guaranteed to protect them against breaches.
B. a three-tier collection of recommended actions, ranging from six basics to a set of broad organizational techniques intended to improve the security posture of companies of all sizes.
C. a monthly subscription service for smaller organizations without in-house cybersecurity teams.
D. none of the above.
Correct Answer: B. a three-tier collection of recommended actions, ranging from six basics to a set of broad organizational techniques intended to improve the security posture of companies of all sizes.