Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

CAS-004 Questions and Answers

Question # 6

A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?

A.

Asynchronous keys

B.

Homomorphic encryption

C.

Data lake

D.

Machine learning

Full Access
Question # 7

Signed applications reduce risks by:

A.

encrypting the application's data on the device.

B.

requiring the developer to use code-level hardening techniques.

C.

providing assurance that the application is using unmodified source code.

D.

costing the developer money to publish, which reduces the likelihood of malicious intent.

Full Access
Question # 8

An organization is working to secure its development process to ensure developers cannot deploy artifacts directly into the production environment. Which of the following security practice recommendations would be the best to accomplish this objective?

A.

Implement least privilege access to all systems.

B.

Roll out security awareness training for all users.

C.

Set up policies and systems with separation of duties.

D.

Enforce job rotations for all developers and administrators.

E.

Utilize mandatory vacations for all developers.

F.

Review all access to production systems on a quarterly basis.

Full Access
Question # 9

A company is losing hundreds of mobile devices each year due to insider theft. The company wants to prevent these devices from functioning off-site to deter theft, but does not want to prevent the reuse of a device the next day if a device was accidentally taken off-site. Which of the following would best solve this issue?

A.

Remote wipe any device taken off-site.

B.

Implement full device encryption.

C.

Create a geofence around the warehouse.

D.

Enable location services to monitor the mobile devices.

Full Access
Question # 10

A security analyst has been tasked with assessing a new API The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities Which of the following should the analyst use to achieve this goal?

A.

Static analysis

B.

Input validation

C.

Fuzz testing

D.

Post-exploitation

Full Access
Question # 11

After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BYOD policy. However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log:

Which of the following is the most likely reason for the successful attack?

A.

Lack of MDM controls

B.

Auto-join hotspots enabled

C.

Sideloading

D.

Lack of application segmentation

Full Access
Question # 12

A security analyst received the following finding from a cloud security assessment tool:

Virtual Machine Data Disk is encrypted with the default encryption key.

Because the organization hosts highly sensitive data files, regulations dictate it must be encrypted so it is unreadable to the CSP. Which of the following should be implemented to remediate the finding and meet the regulatory requirement? (Select two).

A.

Disk encryption with customer-provided keys

B.

Disk encryption with keys from a third party

C.

Row-level encryption with a key escrow

D.

File-level encryption with cloud vendor-provided keys

E.

File-level encryption with customer-provided keys

F.

Disk-level encryption with a cross-signed certificate

Full Access
Question # 13

A software development company is implementing a SaaS-based password vault for customers to use. The requirements for the password vault include:

Vault encryption using a variable block and key size

Resistance to brute-force attacks

Which of the following should be implemented to meet these requirements? (Select two.)

A.

PBKDF2

B.

RC5

C.

AES

D.

P256

E.

ECDSA

F.

RIPEMD

Full Access
Question # 14

A company is in the process of refreshing its entire infrastructure The company has a business-critical process running on an old 2008 Windows server If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company should take?

A.

Accept the risk as the cost of doing business

B.

Create an organizational risk register for project prioritization

C.

Calculate the ALE and conduct a cost-benefit analysis

D.

Purchase insurance to offset the cost if a failure occurred

Full Access
Question # 15

A developer implement the following code snippet.

Which of the following vulnerabilities does the code snippet resolve?

A.

SQL inject

B.

Buffer overflow

C.

Missing session limit

D.

Information leakage

Full Access
Question # 16

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

A.

Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.

B.

Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

C.

Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

D.

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’s rating. Report finding units that rely on the suppliers and the various risk teams.

Full Access
Question # 17

A company security engineer arrives at work to face the following scenario:

1) Website defacement

2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand

3) A Job offer from the company's competitor

4) A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data

Which of the following threat actors Is MOST likely involved?

A.

Organized crime

B.

Script kiddie

C.

APT/nation-state

D.

Competitor

Full Access
Question # 18

An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely. Which of the following features of these devices MOST likely led to this decision? (Select TWO.)

A.

Software-backed keystore

B.

Embedded cryptoprocessor

C.

Hardware-backed public key storage

D.

Support for stream ciphers

E.

Decentralized key management

F.

TPM 2.0 attestation services

Full Access
Question # 19

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice.

Which of the following should the organization consider FIRST to address this requirement?

A.

Implement a change management plan to ensure systems are using the appropriate versions.

B.

Hire additional on-call staff to be deployed if an event occurs.

C.

Design an appropriate warm site for business continuity.

D.

Identify critical business processes and determine associated software and hardware requirements.

Full Access
Question # 20

Users are reporting intermittent access issues with & new cloud application that was recently added to the network. Upon investigation, he scary administrator notices the human resources department Is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

A.

Modify the ACLs.

B.

Review the Active Directory.

C.

Update the marketing department's browser.

D.

Reconfigure the WAF.

Full Access
Question # 21

A company requires a task to be carried by more than one person concurrently. This is an example of:

A.

separation of d duties.

B.

dual control

C.

least privilege

D.

job rotation

Full Access
Question # 22

An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keepsfailing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?

A.

The NTP server is set incorrectly for the developers.

B.

The CA has included the certificate in its CRL_

C.

The certificate is set for the wrong key usage.

D.

Each application is missing a SAN or wildcard entry on the certificate.

Full Access
Question # 23

A help desk technician just informed the security department that a user downloaded a suspicious file from internet explorer last night. The user confirmed accessing all the files and folders before going home from work. the next morning, the user was no longer able to boot the system and was presented a screen with a phone number. The technician then tries to boot the computer using wake-on-LAN, but the system would not come up. which of the following explains why the computer would not boot?

A.

The operating system was corrupted.

B.

SElinux was in enforced status.

C.

A secure boot violation occurred.

D.

The disk was encrypted.

Full Access
Question # 24

A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.

Which of the following should the security administrator do to mitigate the risk?

A.

Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement.

B.

Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management.

C.

Suggest that the networking team contact the original embedded system’s vendor to get an update to the system that does not require Flash.

D.

Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.

Full Access
Question # 25

A cybersecurity analyst discovered a private key that could have been exposed.

Which of the following is the BEST way for the analyst to determine if the key has been compromised?

A.

HSTS

B.

CRL

C.

CSRs

D.

OCSP

Full Access
Question # 26

An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about theprogramming languages used on the PLCs. Which of the following programming languages is the MOST relevant for PLCs?

A.

Ladder logic

B.

Rust

C.

C

D.

Python

E.

Java

Full Access
Question # 27

A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements:

♦ Work at the application layer

♦ Send alerts on attacks from both privileged and malicious users

♦ Have a very low false positive

Which of the following should the architect recommend?

A.

FIM

B.

WAF

C.

NIPS

D.

DAM

E.

UTM

Full Access
Question # 28

A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.

Which of the following offers an authoritative decision about whether the evidence was obtained legally?

A.

Lawyers

B.

Court

C.

Upper management team

D.

Police

Full Access
Question # 29

A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations. Which of the following is the BEST course of action to help prevent this situation m the near future?

A.

Establish cross-account trusts to connect all VPCs via API for secure configuration scanning.

B.

Migrate the system to another larger, top-tier cloud provider and leverage the additional VPC peering flexibility.

C.

Implement a centralized network gateway to bridge network traffic between all VPCs.

D.

Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.

Full Access
Question # 30

A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

As part of the image process, which of the following is the FIRST step the analyst should take?

A.

Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts

B.

Validate the final "Received" header against the DNS entry of the domain.

C.

Compare the 'Return-Path" and "Received" fields.

D.

Ignore the emails, as SPF validation is successful, and it is a false positive

Full Access
Question # 31

A municipal department receives telemetry data from a third-party provider The server collecting telemetry sits in the municipal departments screened network and accepts connections from the third party over HTTPS. The daemon has a code execution vulnerability from a lack of input sanitization of out-of-bound messages, and therefore, the cybersecurity engineers would like to Implement nsk mitigations. Which of the following actions, if combined, would BEST prevent exploitation of this vulnerability? (Select TWO).

A.

Implementing a TLS inspection proxy on-path to enable monitoring and policy enforcement

B.

Creating a Linux namespace on the telemetry server and adding to it the servicing HTTP daemon

C.

Installing and configuring filesystem integrity monitoring service on the telemetry server

D.

Implementing an EDR and alert on Identified privilege escalation attempts to the SIEM

E.

Subscribing to a UTM service that enforces privacy controls between the internal network and the screened subnet

F.

Using the published data schema to monitor and block off nominal telemetry messages

Full Access
Question # 32

A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.

* Transactions being required by unauthorized individual

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attacker using email to distribute malware and ransom ware.

* Exfiltration of sensitivity company information.

The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board’s concerns for this email migration?

A.

Data loss prevention

B.

Endpoint detection response

C.

SSL VPN

D.

Application whitelisting

Full Access
Question # 33

A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.

Which of the following systems should the consultant review before making a recommendation?

A.

CAN

B.

ASIC

C.

FPGA

D.

SCADA

Full Access
Question # 34

An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security?

A.

Limit access to the system using a jump box.

B.

Place the new system and legacy system on separate VLANs

C.

Deploy the legacy application on an air-gapped system.

D.

Implement MFA to access the legacy system.

Full Access
Question # 35

A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee’ PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

A.

The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.

B.

The DHCP server has a reservation for the PC’s MAC address for the wired interface.

C.

The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.

D.

The DHCP server is unavailable, so no IP address is being sent back to the PC.

Full Access
Question # 36

The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

A.

Black-box testing

B.

Gray-box testing

C.

Red-team hunting

D.

White-box testing

E.

Blue-learn exercises

Full Access
Question # 37

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

A.

Hybrid IaaS solution in a single-tenancy cloud

B.

Pass solution in a multinency cloud

C.

SaaS solution in a community cloud

D.

Private SaaS solution in a single tenancy cloud.

Full Access
Question # 38

As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.

Which of the following BEST describes this kind of risk response?

A.

Risk rejection

B.

Risk mitigation

C.

Risk transference

D.

Risk avoidance

Full Access
Question # 39

Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

A.

Remote provider BCDR

B.

Cloud provider BCDR

C.

Alternative provider BCDR

D.

Primary provider BCDR

Full Access
Question # 40

The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?

A.

Root cause analysis

B.

Continuity of operations plan

C.

After-action report

D.

Lessons learned

Full Access
Question # 41

Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.

Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

A.

Compile a list of firewall requests and compare than against interesting cloud services.

B.

Implement a CASB solution and track cloud service use cases for greater visibility.

C.

Implement a user-behavior system to associate user events and cloud service creation events.

D.

Capture all log and feed then to a SIEM and then for cloud service events

Full Access
Question # 42

A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company’s managed database, exposing customer information.

The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

A.

The pharmaceutical company

B.

The cloud software provider

C.

The web portal software vendor

D.

The database software vendor

Full Access
Question # 43

Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a better picture of the risk while adhering to the organization's policy?

A.

Align the exploitability metrics to the predetermined system categorization.

B.

Align the remediation levels to the predetermined system categorization.

C.

Align the impact subscore requirements to the predetermined system categorization.

D.

Align the attack vectors to the predetermined system categorization.

Full Access
Question # 44

A security architect is given the following requirements to secure a rapidly changing enterprise with an increasingly distributed and remote workforce

• Cloud-delivered services

• Full network security stack

• SaaS application security management

• Minimal latency for an optimal user experience

• Integration with the cloud 1AM platform

Which of the following is the BEST solution?

A.

Routing and Remote Access Service (RRAS)

B.

NGFW

C.

Managed Security Service Provider (MSSP)

D.

SASE

Full Access
Question # 45

A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt the data using the keys from the website. Which of the following should the security analyst recommend to protect the affected data?

A.

Key rotation

B.

Key revocation

C.

Key escrow

D.

Zeroization

E.

Cryptographic obfuscation

Full Access
Question # 46

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

The technician will define this threat as:

A.

a decrypting RSA using obsolete and weakened encryption attack.

B.

a zero-day attack.

C.

an advanced persistent threat.

D.

an on-path attack.

Full Access
Question # 47

A security operations center analyst is investigating anomalous activity between a database server and an unknown external IP address and gathered the following data:

• dbadmin last logged in at 7:30 a.m. and logged out at 8:05 a.m.

• A persistent TCP/6667 connection to the external address was established at 7:55 a.m. The connection is still active.

• Other than bytes transferred to keep the connection alive, only a few kilobytes of data transfer every hour since the start of the connection.

• A sample outbound request payload from PCAP showed the ASCII content: "JOIN #community".

Which of the following is the MOST likely root cause?

A.

A SQL injection was used to exfiltrate data from the database server.

B.

The system has been hijacked for cryptocurrency mining.

C.

A botnet Trojan is installed on the database server.

D.

The dbadmin user is consulting the community for help via Internet Relay Chat.

Full Access
Question # 48

A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

A.

InherentLow

B.

Mitigated

C.

Residual

D.

Transferred

Full Access
Question # 49

Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?

A.

SLA

B.

BIA

C.

BCM

D.

BCP

E.

RTO

Full Access
Question # 50

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

A.

Text editor

B.

OOXML editor

C.

Event Viewer

D.

XML style sheet

E.

SCAP tool

F.

Debugging utility

Full Access
Question # 51

A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

A.

Community cloud service model

B.

Multinency SaaS

C.

Single-tenancy SaaS

D.

On-premises cloud service model

Full Access
Question # 52

A company’s Chief Information Security Officer is concerned that the company’s proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.

Which of the following compensating controls would be BEST to implement in this situation?

A.

EDR

B.

SIEM

C.

HIDS

D.

UEBA

Full Access
Question # 53

A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:

Support all phases of the SDLC.

Use tailored website portal software.

Allow the company to build and use its own gateway software.

Utilize its own data management platform.

Continue using agent-based security tools.

Which of the following cloud-computing models should the CIO implement?

A.

SaaS

B.

PaaS

C.

MaaS

D.

IaaS

Full Access
Question # 54

A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.

Which of the following solutions does this describe?

A.

Full tunneling

B.

Asymmetric routing

C.

SSH tunneling

D.

Split tunneling

Full Access
Question # 55

A software house is developing a new application. The application has the following requirements:

Reduce the number of credential requests as much as possible

Integrate with social networks

Authenticate users

Which of the following is the BEST federation method to use for the application?

A.

WS-Federation

B.

OpenID

C.

OAuth

D.

SAML

Full Access
Question # 56

A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials. Which of the following features will enable the business to meet this objective?

A.

Simultaneous Authentication of Equals

B.

Enhanced open

C.

Perfect forward secrecy

D.

Extensible Authentication Protocol

Full Access
Question # 57

A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation’s. Given the following output:

The penetration testers MOST likely took advantage of:

A.

A TOC/TOU vulnerability

B.

A plain-text password disclosure

C.

An integer overflow vulnerability

D.

A buffer overflow vulnerability

Full Access
Question # 58

A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for

the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which

of the following would BEST achieve this objective?

A.

Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.

B.

Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies.

C.

Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.

D.

Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.

Full Access
Question # 59

A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.

Which of the following will allow the inspection of the data without multiple certificate deployments?

A.

Include all available cipher suites.

B.

Create a wildcard certificate.

C.

Use a third-party CA.

D.

Implement certificate pinning.

Full Access
Question # 60

A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.

Which of the following would BEST safeguard the APIs? (Choose two.)

A.

Bot protection

B.

OAuth 2.0

C.

Input validation

D.

Autoscaling endpoints

E.

Rate limiting

F.

CSRF protection

Full Access
Question # 61

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

A.

Implement a VPN for all APIs.

B.

Sign the key with DSA.

C.

Deploy MFA for the service accounts.

D.

Utilize HMAC for the keys.

Full Access
Question # 62

A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:

Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

A.

The clients may not trust idapt by default.

B.

The secure LDAP service is not started, so no connections can be made.

C.

Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.

D.

Secure LDAP should be running on UDP rather than TCP.

E.

The company is using the wrong port. It should be using port 389 for secure LDAP.

F.

Secure LDAP does not support wildcard certificates.

G.

The clients may not trust Chicago by default.

Full Access
Question # 63

A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.

After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?

A.

Protecting

B.

Permissive

C.

Enforcing

D.

Mandatory

Full Access
Question # 64

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

A.

Create a full inventory of information and data assets.

B.

Ascertain the impact of an attack on the availability of crucial resources.

C.

Determine which security compliance standards should be followed.

D.

Perform a full system penetration test to determine the vulnerabilities.

Full Access
Question # 65

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

A.

The company will have access to the latest version to continue development.

B.

The company will be able to force the third-party developer to continue support.

C.

The company will be able to manage the third-party developer’s development process.

D.

The company will be paid by the third-party developer to hire a new development team.

Full Access
Question # 66

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Full Access
Question # 67

Company A is establishing a contractual with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements

A.

Company A-B SLA v2.docx

B.

Company A OLA v1b.docx

C.

Company A MSA v3.docx

D.

Company A MOU v1.docx

E.

Company A-B NDA v03.docx

Full Access
Question # 68

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

Which of the following historian server locations will allow the business to get the required reports in an ОТ and IT environment?

A.

In the ОТ environment, use a VPN from the IT environment into the ОТ environment.

B.

In the ОТ environment, allow IT traffic into the ОТ environment.

C.

In the IT environment, allow PLCs to send data from the ОТ environment to the IT environment.

D.

Use a screened subnet between the ОТ and IT environments.

Full Access
Question # 69

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

A.

Deploy an RA on each branch office.

B.

Use Delta CRLs at the branches.

C.

Configure clients to use OCSP.

D.

Send the new CRLs by using GPO.

Full Access
Question # 70

A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider’s network

Maintain compliance with company and regulatory guidelines

Detect and respond to insider threats, privileged user threats, and compromised accounts

Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these requirements?

A.

WAF

B.

CASB

C.

SWG

D.

DLP

Full Access
Question # 71

An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

A.

Kerberos and TACACS

B.

SAML and RADIUS

C.

OAuth and OpenID

D.

OTP and 802.1X

Full Access
Question # 72

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

A.

0.5

B.

8

C.

50

D.

36,500

Full Access
Question # 73

Which of the following are risks associated with vendor lock-in? (Choose two.)

A.

The client can seamlessly move data.

B.

The vendor can change product offerings.

C.

The client receives a sufficient level of service.

D.

The client experiences decreased quality of service.

E.

The client can leverage a multicloud approach.

F.

The client experiences increased interoperability.

Full Access
Question # 74

An HVAC contractor requested network connectivity permission to remotely support/troubleshoot equipment issues at a company location. Currently, the company does not have a process that allows vendors remote access to the corporate network Which of the following solutions represents the BEST course of action to allow the contractor access?

A.

Add the vendor's equipment to the existing network Give the vendor access through the standard corporate VPN

B.

Give the vendor a standard desktop PC to attach the equipment to Give the vendor access through the standard corporate VPN

C.

Establish a certification process for the vendor Allow certified vendors access to the VDI to monitor and maintain the HVAC equipment

D.

Create a dedicated segment with no access to the corporate network Implement dedicated VPN hardware for vendor access

Full Access
Question # 75

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select THREE).

A.

Temporal

B.

Availability

C.

Integrity

D.

Confidentiality

E.

Base

F.

Environmental

G.

Impact

Full Access
Question # 76

A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee's personal device has been set up to access company resources and does not comply with standard security controls. Which of the following should the security engineer recommend to reduce the risk of future reoccurrence?

A.

Require device certificates to access company resources.

B.

Enable MFA at the organization's SSO portal.

C.

Encrypt all workstation hard drives.

D.

Hide the company wireless SSID.

Full Access
Question # 77

The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company's data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored. Which of the following would meet these requirements?

A.

Near-field communication

B.

Short Message Service

C.

Geofencing

D.

Bluetooth

Full Access
Question # 78

A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

A.

NAC

B.

WAF

C.

NIDS

D.

Reverse proxy

E.

NGFW

F.

Bastion host

Full Access
Question # 79

Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition, Company A is requiring the following:

• Before the merger is complete, users from both companies should use a single set of usernames and passwords.

• Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.

• Users from Company B should be able to access Company A's available resources.

Which of the following are the BEST solutions? (Select TWO).

A.

Installing new Group Policy Object policies

B.

Establishing one-way trust from Company B to Company A

C.

Enabling multifactor authentication

D.

Implementing attribute-based access control

E.

Installing Company A's Kerberos systems in Company B's network

F.

Updating login scripts

Full Access
Question # 80

A security analyst has been tasked with providing key information in the risk register. Which of the following outputs or results would be used to BEST provide the information needed to determine the

security posture for a risk decision? (Select TWO).

A.

Password cracker

B.

SCAP scanner

C.

Network traffic analyzer

D.

Vulnerability scanner

E.

Port scanner

F.

Protocol analyzer

Full Access
Question # 81

An ASIC manufacturer wishing to best reduce downstream supply chain risk can provide validation instructions for consumers that:

A.

Leverage physically uncloneable functions.

B.

Analyze an emplaced holographic icon on the board.

C.

Include schematics traceable via X-ray interrogation.

D.

Incorporate MD5 hashes of the ASIC design file.

Full Access
Question # 82

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form Of web identity validation

• Encryption of all web transactions

• The strongest encryption in-transit

• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.

• The company wants to minimize total expenditure.

• The company wants to minimize complexity

Which of the following should the company implement on its new website? (Select TWO).

A.

Wildcard certificate

B.

EV certificate

C.

Mutual authentication

D.

Certificate pinning

E.

SSO

F.

HSTS

Full Access
Question # 83

A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs

in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

A.

Reviewing video from IP cameras within the facility

B.

Reconfiguring the SIEM connectors to collect data from the perimeter network hosts

C.

Implementing integrity checks on endpoint computing devices

D.

Looking for privileged credential reuse on the network

Full Access
Question # 84

A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:

• Access to critical web services at the edge must be redundant and highly available.

• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.

• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.

Which of the following solutions BEST meets these requirements?

A.

Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider

B.

Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.

C.

Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.

D.

Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.

Full Access
Question # 85

A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:

• Maintain customer trust

• Minimize data leakage

• Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

A.

Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.

B.

Disable file exchange, enable watermarking, and enable the user authentication requirement.

C.

Enable end-to-end encryption, disable video recording, and disable file exchange.

D.

Enable watermarking, enable the user authentication requirement, and disable video recording.

Full Access
Question # 86

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

A.

Execute never

B.

No-execute

C.

Total memory encryption

D.

Virtual memory encryption

Full Access
Question # 87

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

A.

Scan the code with a static code analyzer, change privileged user passwords, and provide security training.

B.

Change privileged usernames, review the OS logs, and deploy hardware tokens.

C.

Implement MFA, review the application logs, and deploy a WAF.

D.

Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

Full Access
Question # 88

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

A.

TPM

B.

Local secure password file

C.

MFA

D.

Key vault

Full Access
Question # 89

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:

Unstructured data being exfiltrated after an employee leaves the organization

Data being exfiltrated as a result of compromised credentials

Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

A.

Mobile device management, remote wipe, and data loss detection

B.

Conditional access, DoH, and full disk encryption

C.

Mobile application management, MFA, and DRM

D.

Certificates, DLP, and geofencing

Full Access
Question # 90

A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

A.

Certificate chain

B.

Root CA

C.

Certificate pinning

D.

CRL

E.

OCSP

Full Access
Question # 91

A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:

* www.mycompany.org

* www.mycompany.com

* campus.mycompany.com

* wiki. mycompany.org

The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

A.

Purchase one SAN certificate.

B.

Implement self-signed certificates.

C.

Purchase one certificate for each website.

D.

Purchase one wildcard certificate.

Full Access
Question # 92

During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that

was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

A.

Order of volatility

B.

Chain of custody

C.

Verification

D.

Secure storage

Full Access
Question # 93

A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in

the service being unavailable. V•Vh1ch of the following would BEST prevent this scenario from happening again?

A.

Performing routine tabletop exercises

B.

Implementing scheduled, full interruption tests

C.

Backing up system log reviews

D.

Performing department disaster recovery walk-throughs

Full Access
Question # 94

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile

client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

• Mobile clients should verify the identity of all social media servers locally.

• Social media servers should improve TLS performance of their certificate status

• Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Full Access
Question # 95

A software company is developing an application in which data must be encrypted with a cipher that requires the following:

* Initialization vector

* Low latency

* Suitable for streaming

Which of the following ciphers should the company use?

A.

Cipher feedback

B.

Cipher block chaining message authentication code

C.

Cipher block chaining

D.

Electronic codebook

Full Access
Question # 96

A cloud security architect has been tasked with finding a solution for hardening VMS. The solution must meet the following requirements:

• Data needs to be stored outside of the VMS.

• No unauthorized modifications to the VMS are allowed

• If a change needs to be done, a new VM needs to be deployed.

Which of the following is the BEST solution?

A.

Immutable system

B.

Data loss prevention

C.

Storage area network

D.

Baseline template

Full Access
Question # 97

A security manager has written an incident response playbook for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook?

A.

Automated vulnerability scanning

B.

Centralized logging, data analytics, and visualization

C.

Threat hunting

D.

Threat emulation

Full Access
Question # 98

A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components. Which of the following should the company implement to ensure the architecture is portable?

A.

Virtualized emulators

B.

Type 2 hypervisors

C.

Orchestration

D.

Containerization

Full Access
Question # 99

A company is preparing to deploy a global service.

Which of the following must the company do to ensure GDPR compliance? (Choose two.)

A.

Inform users regarding what data is stored.

B.

Provide opt-in/out for marketing messages.

C.

Provide data deletion capabilities.

D.

Provide optional data encryption.

E.

Grant data access to third parties.

F.

Provide alternative authentication techniques.

Full Access
Question # 100

A security analyst notices a number of SIEM events that show the following activity:

Which of the following response actions should the analyst take FIRST?

A.

Disable powershell.exe on all Microsoft Windows endpoints.

B.

Restart Microsoft Windows Defender.

C.

Configure the forward proxy to block 40.90.23.154.

D.

Disable local administrator privileges on the endpoints.

Full Access
Question # 101

An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.

Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

A.

Deploy a SOAR tool.

B.

Modify user password history and length requirements.

C.

Apply new isolation and segmentation schemes.

D.

Implement decoy files on adjacent hosts.

Full Access
Question # 102

A company has decided that only administrators are permitted to use PowerShell on their Windows computers. Which of the following is the BEST way for an administrator to implement this decision?

A.

Monitor the Application and Services Logs group within Windows Event Log.

B.

Uninstall PowerSheII from all workstations.

C.

Configure user settings in Group Policy.

D.

Provide user education and training.

E.

Block PowerSheII via HIDS.

Full Access
Question # 103

Which of the following is a security concern for DNP3?

A.

Free-form messages require support.

B.

Available function codes are not standardized.

C.

Authentication is not allocated.

D.

It is an open source protocol.

Full Access
Question # 104

A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltration a company report by visiting the following URL:

www.intranet.abc.com/get-files.jsp?file=report.pdf

Which of the following mitigation techniques would be BEST for the security engineer to recommend?

A.

Input validation

B.

Firewall

C.

WAF

D.

DLP

Full Access
Question # 105

A company has data it would like to aggregate from its PLCs for data visualization and predictive maintenance purposes. Which of the following is the most likely destination for the tag data from the PLCs?

A.

External drive

B.

Cloud storage

C.

System aggregator

D.

Local historian

Full Access
Question # 106

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process ‘memory location. Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

A.

Execute never

B.

Noexecute

C.

Total memory encryption

D.

Virtual memory protection

Full Access
Question # 107

A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.

Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

A.

Union filesystem overlay

B.

Cgroups

C.

Linux namespaces

D.

Device mapper

Full Access
Question # 108

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

A.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.

Required all laptops to connect to the VPN before accessing email.

C.

Implement cloud-based content filtering with sandboxing capabilities.

D.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Full Access
Question # 109

A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service. Which of the following AES modes should the security administrator recommend given these requirements?

A.

CTR

B.

ECB

C.

OF8

D.

GCM

Full Access
Question # 110

in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?

A.

Risk transfer

B.

Risk mitigation

C.

Risk acceptance

D.

Risk avoidance

Full Access
Question # 111

A security administrator is assessing the risk associated with using a software tool built by a small start-up company to provide product pricing updates. Which of the following risks would most likely be a factor?

A.

Privacy concerns

B.

Vendor viability

C.

Regulatory compliance

D.

Geographic location

Full Access
Question # 112

A security analyst is examining a former employee's laptop for suspected evidence of suspicious activity. The analyst usesddduring the investigation. Which of the following best explains why the analyst is using this tool?

A.

To capture an image of the hard drive

B.

To reverse engineer binary programs

C.

To recover deleted logs from the laptop

D.

To deduplicate unnecessary data from the hard drive

Full Access
Question # 113

In support of disaster recovery objectives, a third party agreed to provide 99.999% uptime. Recently, a hardware failure impacted a firewall without service degradation. Which of the following resiliency concepts was most likely in place?

A.

Clustering

B.

High availability

C.

Redundancy

D.

Replication

Full Access
Question # 114

An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted. Which of the following attack vectors does this registry address?

A.

Supply chain attack

B.

Cipher substitution attack

C.

Side-channel analysis

D.

On-path attack

E.

Pass-the-hash attack

Full Access
Question # 115

A security architect discovers the following while reviewing code for a company’s website:

selection = "SELECT Item FROM Catalog WHERE ItemID * " & Request("ItemID”)

Which of the following should the security architect recommend?

A.

Client-side processing

B.

Query parameterization

C.

Data normalization

D.

Escape character blocking

E.

URL encoding

Full Access
Question # 116

A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization.

Which of the following actions would BEST resolve the issue? (Choose two.)

A.

Conduct input sanitization.

B.

Deploy a SIEM.

C.

Use containers.

D.

Patch the OS

E.

Deploy a WAF.

F.

Deploy a reverse proxy

G.

Deploy an IDS.

Full Access
Question # 117

A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.

Which of the following should the company use to prevent data theft?

A.

Watermarking

B.

DRM

C.

NDA

D.

Access logging

Full Access
Question # 118

A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.

Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

A.

Designing data protection schemes to mitigate the risk of loss due to multitenancy

B.

Implementing redundant stores and services across diverse CSPs for high availability

C.

Emulating OS and hardware architectures to blur operations from CSP view

D.

Purchasing managed FIM services to alert on detected modifications to covered data

Full Access
Question # 119

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Which of the following is MOST likely the root cause?

A.

The client application is testing PFS.

B.

The client application is configured to use ECDHE.

C.

The client application is configured to use RC4.

D.

The client application is configured to use AES-256 in GCM.

Full Access
Question # 120

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.

Which of the following phases establishes the identification and prioritization of critical systems and functions?

A.

Review a recent gap analysis.

B.

Perform a cost-benefit analysis.

C.

Conduct a business impact analysis.

D.

Develop an exposure factor matrix.

Full Access
Question # 121

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

A.

Utilizing a trusted secrets manager

B.

Performing DAST on a weekly basis

C.

Introducing the use of container orchestration

D.

Deploying instance tagging

Full Access
Question # 122

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.

Which of the following actions would BEST address the potential risks by the activity in the logs?

A.

Alerting the misconfigured service account password

B.

Modifying the AllowUsers configuration directive

C.

Restricting external port 22 access

D.

Implementing host-key preferences

Full Access
Question # 123

A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.

Which of the following should be modified to prevent the issue from reoccurring?

A.

Recovery point objective

B.

Recovery time objective

C.

Mission-essential functions

D.

Recovery service level

Full Access
Question # 124

A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.

Which of the following does the business’s IT manager need to consider?

A.

The availability of personal data

B.

The right to personal data erasure

C.

The company’s annual revenue

D.

The language of the web application

Full Access
Question # 125

An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

A.

Peer-to-peer secure communications enabled by mobile applications

B.

Proxied application data connections enabled by API gateways

C.

Microsegmentation enabled by software-defined networking

D.

VLANs enabled by network infrastructure devices

Full Access
Question # 126

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

Which of the following ciphers should the security analyst remove to support the business requirements?

A.

TLS_AES_128_CCM_8_SHA256

B.

TLS_DHE_DSS_WITH_RC4_128_SHA

C.

TLS_CHACHA20_POLY1305_SHA256

D.

TLS_AES_128_GCM_SHA256

Full Access
Question # 127

A user logged in to a web application. Later, a SOC analyst noticed the user logged in to systems after normal business hours. The end user confirms the log-ins after hours were unauthorized. Following an investigation, the SOC analyst determined that the web server was running an outdated version of OpenSSL. No other suspicious user log-ins were found. Which of the following describes what happened and how to fix it?

A.

A downgrade attack occurred. Any use of old, outdated software should be disallowed.

B.

The attacker obtained the systems' private keys. New key pairs must be generated.

C.

Malware is present on the client machine. A full OS needs to be reinstalled.

D.

The user fell for a phishing attack. The end user must attend security training.

Full Access
Question # 128

A company's Chief Information Security Officer wants to prevent the company from being the target of ransomware. The company's IT assets need to be protected. Which of the following are the most secure options to address these concerns? (Select three).

A.

Antivirus

B.

EDR

C.

Sand boxing

D.

Application control

E.

Host-based firewall

F.

IDS

G.

SIEM

Full Access
Question # 129

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

A.

A trusted platform module

B.

A hardware security module

C.

A localized key store

D.

A public key infrastructure

Full Access
Question # 130

A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation:

graphic.linux_randomization.prg

Which of the following technologies would mitigate the manipulation of memory segments?

A.

NX bit

B.

ASLR

C.

DEP

D.

HSM

Full Access
Question # 131

An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information.

Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

A.

NIST

B.

GDPR

C.

PCI DSS

D.

ISO

Full Access
Question # 132

Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

Which of the following would be the BEST option to implement?

A.

Distributed connection allocation

B.

Local caching

C.

Content delivery network

D.

SD-WAN vertical heterogeneity

Full Access
Question # 133

A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.

Which of the following would be BEST to proceed with the transformation?

A.

An on-premises solution as a backup

B.

A load balancer with a round-robin configuration

C.

A multicloud provider solution

D.

An active-active solution within the same tenant

Full Access
Question # 134

A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.

Which of the following commands would be the BEST to run to view only active Internet connections?

A.

sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’

B.

sudo netstat -nlt -p | grep “ESTABLISHED”

C.

sudo netstat -plntu | grep -v “Foreign Address”

D.

sudo netstat -pnut -w | column -t -s $’\w’

E.

sudo netstat -pnut | grep -P ^tcp

Full Access
Question # 135

An organization has severallegacy systemsthat are critical to testing currently deployed assets. These systems have become aserious riskto the organization's security posture, and the securitymanager must implement protection measures to preventcritical infrastructurefrom being impacted. The systems must stayinterconnectedto allow communication with the deployed assets. Which of the following designs, if implemented, woulddecrease the most risksbut still meet the requirements?

A.

Software-defined networking

B.

Containerization

C.

Air gap

D.

Screened subnet

Full Access
Question # 136

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

The company can control what SaaS applications each individual user can access.

User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

A.

IAM gateway, MDM, and reverse proxy

B.

VPN, CASB, and secure web gateway

C.

SSL tunnel, DLP, and host-based firewall

D.

API gateway, UEM, and forward proxy

Full Access
Question # 137

A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.

Which of the following techniques would be BEST suited for this requirement?

A.

Deploy SOAR utilities and runbooks.

B.

Replace the associated hardware.

C.

Provide the contractors with direct access to satellite telemetry data.

D.

Reduce link latency on the affected ground and satellite segments.

Full Access
Question # 138

An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment.

Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?

A.

Migrating operations assumes the acceptance of all risk.

B.

Cloud providers are unable to avoid risk.

C.

Specific risks cannot be transferred to the cloud provider.

D.

Risks to data in the cloud cannot be mitigated.

Full Access
Question # 139

A threat hunting team receives a report about possible APT activity in the network.

Which of the following threat management frameworks should the team implement?

A.

NIST SP 800-53

B.

MITRE ATT&CK

C.

The Cyber Kill Chain

D.

The Diamond Model of Intrusion Analysis

Full Access
Question # 140

A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.

Which of the following encryption methods should the cloud security engineer select during the implementation phase?

A.

Instance-based

B.

Storage-based

C.

Proxy-based

D.

Array controller-based

Full Access
Question # 141

A security administrator is setting up a virtualization solution that needs to run services from a single host. Each service should be the only one running in its environment. Each environment needs to have its own operating system as a base but share the kernel version and properties of the running host. Which of the following technologies would best meet these requirements?

A.

Containers

B.

Type 1 hypervisor

C.

Type 2 hypervisor

D.

Virtual desktop infrastructure

E.

Emulation

Full Access
Question # 142

An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.

Which of the following describes the administrator’s discovery?

A.

A vulnerability

B.

A threat

C.

A breach

D.

A risk

Full Access
Question # 143

An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented.

Which of the following processes can be used to identify potential prevention recommendations?

A.

Detection

B.

Remediation

C.

Preparation

D.

Recovery

Full Access
Question # 144

A pharmaceutical company uses a cloud provider to host thousands of independent resources in object storage. The company needs a practical and effective means of discovering data, monitoring changes, and identifying suspicious activity. Which of the following would best meet these requirements?

A.

A machine-learning-based data security service

B.

A file integrity monitoring service

C.

A cloud configuration assessment and compliance service

D.

An automated data classification system

Full Access
Question # 145

In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?

A.

Application-specific data assets

B.

Application user access management

C.

Application-specific logic and code

D.

Application/platform software

Full Access
Question # 146

The primary advantage of an organization creating and maintaining a vendor risk registry is to:

A.

define the risk assessment methodology.

B.

study a variety of risks and review the threat landscape.

C.

ensure that inventory of potential risk is maintained.

D.

ensure that all assets have low residual risk.

Full Access
Question # 147

A security administrator is trying to securely provide public access to specific data from a web application. Clients who want to access the application will be required to:

• Only allow the POST and GET options.

• Transmit all data secured with TLS 1.2 or greater.

• Use specific URLs to access each type of data that is requested.

• Authenticate with a bearer token.

Which of the following should the security administrator recommend to meet these requirements?

A.

API gateway

B.

Application load balancer

C.

Web application firewall

D.

Reverse proxy

Full Access
Question # 148

During the development process, the team identifies major components that need to be rewritten. As a result, the company hires a security consultant to help address major process issues. Which of the following should the consultant recommend to best prevent these issues from reoccurring in the future?

A.

Implementing a static analysis tool within the CI/CD system

B.

Configuring a dynamic application security testing tool

C.

Performing software composition analysis on all third-party components

D.

Utilizing a risk-based threat modeling approach on new projects

E.

Setting up an interactive application security testing tool

Full Access
Question # 149

A security analyst is configuring an IPSec tunnel to use the strongest encryption currently available. Which of the following algorithms should be deployed to provide the most secure initial key exchange?

A.

3DES

B.

ECDSA

C.

ECDH

D.

AES

Full Access
Question # 150

A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing aCAPTCHAsystem on the web store to help reduce thenumber of video cards purchased through automated systems. Which of the following now describes the level of risk?

A.

Inherent

B.

Low

C.

Mitigated

D.

Residual

E.

Transferred

Full Access
Question # 151

A company wants to reduce its backup storage requirement and is undertaking a data cleanup project. Which of the following should a security administrator consider first when determining which data should be deleted?

A.

Retention schedules

B.

Classification levels

C.

Sanitization requirements

D.

Data labels

E.

File size

Full Access
Question # 152

loCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming. Which of the following would be the most appropriate recommendation?

A.

FIM

B.

SASE

C.

UEBA

D.

CSPM

E.

EAP

Full Access
Question # 153

An organization performed a risk assessment and discovered that less than 50% of its employees have been completing security awareness training. Which of the following should the ChiefInformation Security Officer highlight as an area of Increased vulnerability in a report to the management team?

A.

Social engineering

B.

Third-party compromise

C.

APT targeting

D.

Pivoting

Full Access
Question # 154

A forensic investigator started the process of gathering evidence on a laptop in response to an incident The investigator took a snapshof of the hard drive, copied relevant log files and then performed a memory dump Which of the following steps in the process should have occurred first?

A.

Preserve secure storage

B.

Clone the disk.

C.

Collect the most volatile data

D.

Copy the relevant log files

Full Access
Question # 155

A new requirement for legislators has forced a government security team to develop a validation process to verify the integrity of a downloaded file and the sender of the file Which of the following is the BEST way for the security team to comply with this requirement?

A.

Digital signature

B.

Message hash

C.

Message digest

D.

Message authentication code

Full Access
Question # 156

The security analyst discovers a new device on the company’s dedicated loT subnet during the most recent vulnerability scan. The scan results show numerous open ports and insecure protocols in addition to default usernames and passwords. A camera needs to transmit video to the security server in the loT subnet. Which of the following should the security analyst recommend to securely operate the camera?

A.

Harden the camera configuration.

B.

Send camera logs to the SIEM.

C.

Encrypt the camera's video stream.

D.

Place the camera on an isolated segment

Full Access
Question # 157

A security architect is reviewing the following organizational specifications for a new application:

• Be sessionless and API-based

• Accept uploaded documents with Pll, so all storage must be ephemeral

• Be able to scale on-demand across multiple nodes

• Restrict all network access except for the TLS port

Which of the following ways should the architect recommend the application be deployed in order to meet security and organizational infrastructure requirements?

A.

Utilizing the cloud container service

B.

On server instances with autoscaling groups

C.

Using scripted delivery

D.

With a content delivery network

Full Access
Question # 158

A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be best to use as part of the process to support copyright protections of the document?

A.

Steganography

B.

E-signature

C.

Watermarking

D.

Cryptography

Full Access
Question # 159

A security architect must mitigate the risks from what is suspected to be an exposed, private cryptographic key. Which of the following is the best step to take?

A.

Revoke the certificate.

B.

Inform all the users of the certificate.

C.

Contact the company's Chief Information Security Officer.

D.

Disable the website using the suspected certificate.

E.

Alert the root CA.

Full Access
Question # 160

A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?

A.

The SD-WAN provider would not be able to handle the organization's bandwidth requirements.

B.

The operating costs of the MPLS network are too high for the organization.

C.

The SD-WAN provider uses a third party for support.

D.

Internal IT staff will not be able to properly support remote offices after the migration.

Full Access
Question # 161

During a software assurance assessment, an engineer notices the source code contains multiple instances of strcpy. which does not verify the buffer length. Which of the following solutions should be integrated into the SDLC process to reduce future risks?

A.

Require custom IDS/IPS detection signatures for each type of insecure function found.

B.

Perform a penetration test before moving to the next step of the SDLC.

C.

Update the company's secure coding policy to exclude insecure functions.

D.

Perform DAST/SAST scanning before handoff to another team.

Full Access
Question # 162

A company underwent an audit in which the following issues were enumerated:

• Insufficient security controls for internet-facing services, such as VPN and extranet

• Weak password policies governing external access for third-party vendors

Which of the following strategies would help mitigate the risks of unauthorized access?

A.

2FA

B.

RADIUS

C.

Federation

D.

OTP

Full Access
Question # 163

An organization develops a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only data center are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:

Low latencyfor all mobile users to improve the users' experience

SSL offloadingto improve web server performance

Protection against DoS and DDoS attacks

High availability

Which of the following should the organization implement tobestensure all requirements are met?

A.

A cache server farm in its data center

B.

A load-balanced group of reverse proxy servers with SSL acceleration

C.

A CDN with the origin set to its data center

D.

Dual gigabit-speed internet connections with managed DDoS prevention

Full Access
Question # 164

During a network defense engagement, a red team is able to edit the following registry key:

Which of the following tools is the red team using to perform this action?

A.

PowerShell

B.

SCAP scanner

C.

Network vulnerability scanner

D.

Fuzzer

Full Access
Question # 165

A PKI engineer is defining certificate templates for an organization's CA and would like to ensure at least two of the possible SAN certificate extension fields populate for documentation purposes. Which of the following are explicit options within this extension? (Select two).

A.

Type

B.

Email

C.

OCSP responder

D.

Registration authority

E.

Common Name

F.

DNS name

Full Access
Question # 166

A cloud security architect has been tasked with selecting the appropriate solution given the following:

* The solution must allow the lowest RTO possible.

* The solution must have the least shared responsibility possible.

« Patching should be a responsibility of the CSP.

Which of the following solutions can BEST fulfill the requirements?

A.

Paas

B.

laas

C.

Private

D.

Saas

Full Access
Question # 167

A security researcher detonated some malware in a lab environment and identified the following commands running from the EDR tool:

With which of the following MITRE ATT&CK TTPs is the command associated? (Select TWO).

A.

Indirect command execution

B.

OS credential dumping

C.

Inhibit system recovery

D.

External remote services

E.

System information discovery

F.

Network denial of service

Full Access
Question # 168

An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic. The organization is not sure how well its products will be received. To address this issue, the organization needs to ensure that:

* System capacity is optimized.

* Cost is reduced.

Which of the following should be implemented to address these requirements? (Select TWO).

A.

Containerization

B.

Load balancer

C.

Microsegmentation

D.

Autoscaling

E.

CDN

F.

WAF

Full Access
Question # 169

A mobile administrator is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are applied to managed devices:

Which of the following mobile configuration settings is the mobile administrator verifying?

A.

Service set identifier authentication

B.

Wireless network auto joining

C.

802.1X with mutual authentication

D.

Association MAC address randomization

Full Access
Question # 170

A security analyst for a managed service provider wants to implement the most up-to-date and effective security methodologies to provide clients with the best offerings. Which of the following resources

would the analyst MOST likely adopt?

A.

OSINT

B.

ISO

C.

MITRE ATT&CK

D.

OWASP

Full Access
Question # 171

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

A.

E-discovery

B.

Review analysis

C.

Information governance

D.

Chain of custody

Full Access
Question # 172

A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.

Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?

A.

True negative

B.

False negative

C.

False positive

D.

Non-automated response

Full Access
Question # 173

A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways:

• Five numerical digits followed by a dash, followed by four numerical digits; or

• Five numerical digits

When one of these IOCs is identified, the online process stops working. Which of the following regular expressions should be implemented in the NIPS?

A.

^\d{4}(-\d{5})?$

B.

^\d{5}(-\d{4})?$

C.

^\d{5-4}$

D.

^\d{9}$

Full Access
Question # 174

A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems. Some of the requirements are:

• Handle an increase in customer demand of resources

• Provide quick and easy access to information

• Provide high-quality streaming media

• Create a user-friendly interface

Which of the following actions should be taken FIRST?

A.

Deploy high-availability web servers.

B.

Enhance network access controls.

C.

Implement a content delivery network.

D.

Migrate to a virtualized environment.

Full Access
Question # 175

The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

A.

Integrate the web proxy with threat intelligence feeds.

B.

Scan all downloads using an antivirus engine on the web proxy.

C.

Block known malware sites on the web proxy.

D.

Execute the files in the sandbox on the web proxy.

Full Access
Question # 176

Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Select TWO).

A.

proxy

B.

Tunneling

C.

VDI

D.

MDM

E.

RDP

F.

MAC address randomization

Full Access
Question # 177

To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within Its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?

A.

Include stable, long-term releases of third-party libraries instead of using newer versions.

B.

Ensure the third-party library implements the TLS and disable weak ciphers.

C.

Compile third-party libraries into the main code statically instead of using dynamic loading.

D.

Implement an ongoing, third-party software and library review and regression testing.

Full Access
Question # 178

A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encryption with associated data. Which of the following algorithms, when combined into a cipher suite, will meet these requirements? (Choose three.)

A.

EDE

B.

CBC

C.

GCM

D.

AES

E.

RSA

F.

RC4

G.

ECDSA

Full Access
Question # 179

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate undefined

Which of the following is the root cause of this issue?

A.

iOS devices have an empty root certificate chain by default.

B.

OpenSSL is not configured to support PKCS#12 certificate files.

C.

The VPN client configuration is missing the CA private key.

D.

The iOS keychain imported only the client public and private keys.

Full Access
Question # 180

A security consultant has been asked to recommend a secure network design that would:

• Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.

• Limit operational disruptions.

Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?

A.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.

B.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.

C.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.

D.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.

Full Access
Question # 181

Which of the following testing plans is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions?

A.

Disaster recovery checklist

B.

Tabletop exercise

C.

Full interruption test

D.

Parallel test

Full Access
Question # 182

Which of the following indicates when a company might not be viable after a disaster?

A.

Maximum tolerable downtime

B.

Recovery time objective

C.

Mean time to recovery

D.

Annual loss expectancy

Full Access
Question # 183

A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

A.

Resource exhaustion

B.

Geographic location

C.

Control plane breach

D.

Vendor lock-in

Full Access
Question # 184

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badgeto access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.

Which of the following should the security team recommend FIRST?

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Full Access
Question # 185

The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

A.

SLA

B.

ISA

C.

Permissions and access

D.

Rules of engagement

Full Access