Chapter 56 Β· Quiz

Mitigation Techniques Quiz

6 multiple-choice questions + 1 matching section. Select your answers, then click Submit.

Question 1 of 6
A software vendor releases an emergency patch on a Wednesday for a critical unauthenticated remote code execution vulnerability that is actively being exploited in the wild. An organization's standard patch process requires two weeks of lab testing followed by deployment in the next scheduled maintenance window (Sunday). The CISO asks the security team to assess whether to follow the normal process. Which approach is MOST appropriate?
Question 2 of 6
An employee's laptop is reported stolen from an airport. The laptop has BitLocker full disk encryption enabled with a TPM-bound key. The organization's security team is assessing whether a data breach notification is required. Which statement BEST describes the security impact?
Question 3 of 6
A security analyst is investigating a suspected intrusion. They find that the Windows Event Log on the suspected compromised workstation shows no entries for a 4-hour period during which the attack is believed to have occurred. The analyst is trying to determine whether the attacker deleted the logs. Which mitigation provides the BEST evidence of what occurred during that period?
Question 4 of 6
A user's workstation account is compromised through a phishing attack. The user's account runs with local administrator privileges. The attacker uses the compromised session to install a keylogger, disable the endpoint detection software, and establish persistent access via a scheduled task. If the user's account had been a standard (non-administrator) account, which of these actions would the attacker have been UNABLE to perform?
Question 5 of 6
An employee returns from a three-week vacation and connects their laptop to the corporate network. The Network Access Control system immediately restricts the laptop to a quarantine VLAN. From the quarantine VLAN, the employee can access only the Windows Update server, the EDR update server, and the remediation portal. Which of the following BEST explains why the laptop was quarantined?
Question 6 of 6
An organization is decommissioning 200 SSDs that were used in workstations with BitLocker full disk encryption enabled from the time of deployment. The IT team asks which sanitization method is appropriate. Which is MOST appropriate for these SSDs?

Matching β€” Mitigation Technique Concepts

Match each term on the left to its correct description on the right.

1. Full Disk Encryption
2. Cryptographic Erase
3. Quarantine VLAN
4. SIEM
A. A security platform that ingests logs from all network sensors, normalizes formats, correlates events across sources to detect multi-stage attack patterns, and stores log data remotely so that an attacker's deletion of local logs does not destroy the audit trail
B. Encryption of an entire storage volume β€” operating system, applications, and user data β€” so that a drive removed from its host computer and connected to another machine presents only unreadable ciphertext, protecting against physical theft
C. A restricted network segment that gives non-compliant devices access only to update and remediation servers β€” not production systems β€” so they can achieve compliance before being admitted to the organizational network
D. A data sanitization method that destroys the encryption key used to protect a full-disk-encrypted drive, rendering all stored ciphertext permanently irrecoverable β€” the preferred method for SSDs because sector overwrite is unreliable due to wear leveling