Exam Lead-Cybersecurity-Manager Topic 4 Question 5 Discussion
Actual exam question for PECB's Lead-Cybersecurity-Manager exam
Question #: 5
Topic #: 4
Question #: 5
Topic #: 4
Scenario 6:Finelits. a South Carolina-based banking institution in the US, Is dedicated 10 providing comprehensive financial management solutions for both individuals and businesses. With a strong focus on leveraging financial technology innovations, Finelits strives to provide its clients with convenient access to their financial needs. To do so. the company offers a range of services. Firstly, it operates a network of physical branches across strategic locations, facilitates banking transactions, and provides basic financial services to Individuals who may not have easy access to a branch Through its diverse service offerings.
Finelits aims to deliver exceptional banking services, ensuring financial stability and empowerment for its clients across the US.
Recently, Vera, an employee at Finelits, was passed over for a promotion. Feeling undervalued, Vera decided to take malicious actions to harm the company's reputation and gain unrestricted access to its sensitive information. To do so. Vera decided to collaborate with a former colleague who used lo work for Finelits's software development team. Vera provided the former colleague with valuable information about the Finelils's security protocols, which allowed the former colleague to gain access and introduce a backdoor into one of the company's critical software systems during a routine update. This backdoor allowed the attacker to bypass normal authentication measures and gain unrestricted access to the private network. Vera and the former employee aimed to attack Finelits's systems by altering transactions records, account balances, and investments portfolios. Their actions were carefully calculated to skew financial outcomes and mislead both the hank and Its customers by creating false financial statements, misleading reports, and inaccurate calculations.
After receiving numerous complaints from clients, reporting that they are being redirected to another site when attempting to log into their banking accounts on Finelits's web application, the company became aware of the issue. After taking immediate measures, conducting a thorough forensic analysis and collaborating with external cybersecurity experts, Finelits's Incident response team successfully identified the root cause of the incident. They were able to trace the intrusion back to the attackers, who had exploited vulnerabilities in the bank's system and utilized sophisticated techniques to compromise data integrity The incident response team swiftly addressed the issue by restoring compromised data, enhancing security, and implementing preventative measures These measures encompassed new access controls, network segmentation, regular security audits, the testing and application of patches frequently, and the clear definition of personnel privileges within their roles for effective authorization management.
Based on the scenario above, answer the following question:
How did Finelits ensure protection forIts accounts By implementing secure token handling? Refer to scenario
6.
Finelits aims to deliver exceptional banking services, ensuring financial stability and empowerment for its clients across the US.
Recently, Vera, an employee at Finelits, was passed over for a promotion. Feeling undervalued, Vera decided to take malicious actions to harm the company's reputation and gain unrestricted access to its sensitive information. To do so. Vera decided to collaborate with a former colleague who used lo work for Finelits's software development team. Vera provided the former colleague with valuable information about the Finelils's security protocols, which allowed the former colleague to gain access and introduce a backdoor into one of the company's critical software systems during a routine update. This backdoor allowed the attacker to bypass normal authentication measures and gain unrestricted access to the private network. Vera and the former employee aimed to attack Finelits's systems by altering transactions records, account balances, and investments portfolios. Their actions were carefully calculated to skew financial outcomes and mislead both the hank and Its customers by creating false financial statements, misleading reports, and inaccurate calculations.
After receiving numerous complaints from clients, reporting that they are being redirected to another site when attempting to log into their banking accounts on Finelits's web application, the company became aware of the issue. After taking immediate measures, conducting a thorough forensic analysis and collaborating with external cybersecurity experts, Finelits's Incident response team successfully identified the root cause of the incident. They were able to trace the intrusion back to the attackers, who had exploited vulnerabilities in the bank's system and utilized sophisticated techniques to compromise data integrity The incident response team swiftly addressed the issue by restoring compromised data, enhancing security, and implementing preventative measures These measures encompassed new access controls, network segmentation, regular security audits, the testing and application of patches frequently, and the clear definition of personnel privileges within their roles for effective authorization management.
Based on the scenario above, answer the following question:
How did Finelits ensure protection forIts accounts By implementing secure token handling? Refer to scenario
6.
Suggested Answer: B Vote an answer
Finelits ensured the protection of its accounts by implementing secure token handling, where authentication services return tokens to user agents and redirect clients back to the web application. This method helps to secure authentication tokens and ensures that only authorized users can access resources.
* Token Handling:
* Definition: The process of securely managing authentication tokens that grant access to resources.
* Purpose: To ensure that tokens are not intercepted or misused by unauthorized parties.
* Secure Token Handling Process:
* Return and Redirection: Authentication services issue tokens to user agents (e.g., browsers) and then redirect users back to the web application with the token.
* Benefits: Reduces the risk of token interception and ensures tokens are used only by authenticated clients.
* OAuth 2.0: A common framework for secure token handling, involving redirection of clients and secure token storage.
* NIST SP 800-63: Provides guidelines for secure authentication and token handling practices.
Detailed Explanation:Cybersecurity References:Implementing secure token handling ensures that authentication tokens are managed securely, reducing the risk of unauthorized access.
* Token Handling:
* Definition: The process of securely managing authentication tokens that grant access to resources.
* Purpose: To ensure that tokens are not intercepted or misused by unauthorized parties.
* Secure Token Handling Process:
* Return and Redirection: Authentication services issue tokens to user agents (e.g., browsers) and then redirect users back to the web application with the token.
* Benefits: Reduces the risk of token interception and ensures tokens are used only by authenticated clients.
* OAuth 2.0: A common framework for secure token handling, involving redirection of clients and secure token storage.
* NIST SP 800-63: Provides guidelines for secure authentication and token handling practices.
Detailed Explanation:Cybersecurity References:Implementing secure token handling ensures that authentication tokens are managed securely, reducing the risk of unauthorized access.
by Celeste at Sep 09, 2025, 05:27 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).