MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A software development manager is running a project using agile development methods. The companycybersecurity engineer has noticed a high number of vulnerabilities have been making it into productioncode on the project.Which of the following methods could be used in addition to an integrated development environment toreduce the severity of the issue?
Question2: A software development team has spent the last 18 months developing a new web-based front-end thatwill allow clients to check the status of their orders as they proceed through manufacturing. The marketingteam schedules a launch party to present the new application to the client base in two weeks. Before thelaunch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowingdirect access to a database used by manufacturing. The development team did not plan to remediatethese vulnerabilities during development. Which of the following SDLC best practices should thedevelopment team have followed?
Question3: The Chief Information Security Officer (CISO) has asked the security team to determine whether theorganization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution ispossible. The CISO has asked what process would be utilized to gather the information, and then wants toapply signatureless controls to stop these kinds of attacks in the future. Which of the following are theMOST appropriate ordered steps to take to meet the CISO's request?
Question4: Legal authorities notify a company that its network has been compromised for the second time in twoyears. The investigation shows the attackers were able to use the same vulnerability on different systemsin both attacks. Which of the following would have allowed the security team to use historical information toprotect against the second attack?
Question5: A security engineer is deploying an IdP to broker authentication between applications. These applicationsall utilize SAML 2.0 for authentication. Users log into the IdP with their credentials and are given a list ofapplications they may access. One of the application's authentications is not functional when a userinitiates an authentication attempt from the IdP. The engineer modifies the configuration so users browseto the application first, which corrects the issue. Which of the following BEST describes the root cause?
Question6: The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevantmetrics. The board of directors will use the dashboard to monitor and track the overall security posture ofthe organization. The CIO produces a basic report containing both KPI and KRI data in two separatesections for the board to review.Which of the following BEST meets the needs of the board?
Question7: At a meeting, the systems administrator states the security controls a company wishes to implement seemexcessive, since all of the information on the company's web servers can be obtained publicly and is notproprietary in any way. The next day the company's website is defaced as part of an SQL injection attack,and the company receives press inquiries about the message the attackers displayed on the website.Which of the following is the FIRST action the company should take?
Question8: A company's chief cybersecurity architect wants to configure mutual authentication to access an internalpayroll website. The architect has asked the administration team to determine the configuration that wouldprovide the best defense against MITM attacks. Which of the following implementation approaches wouldBEST support the architect's goals?
Question9: A security administrator wants to allow external organizations to cryptographically validate the company'sdomain name in email messages sent by employees. Which of the following should the securityadministrator implement?
Question10: With which of the following departments should an engineer for a consulting firm coordinate whendetermining the control and reporting requirements for storage of sensitive, proprietary customerinformation?
Question11: A technician is validating compliance with organizational policies. The user and machine accounts in theAD are not set to expire, which is non-compliant. Which of the following network tools would provide thistype of information?
Question12: A security engineer has been hired to design a device that will enable the exfiltration of data from within awell-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDSin place, as well as allow for the upload of commands from a centralized command and control answer.The total cost of the device must be kept to a minimum in case the device is discovered during anassessment. Which of the following tools should the engineer load onto the device being designed?
Question13: The risk subcommittee of a corporate board typically maintains a master register of the most prominentrisks to the company. A centralized holistic view of risk is particularly important to the corporate ChiefInformation Security Officer (CISO) because:
Question14: A security engineer is working with a software development team. The engineer is tasked with ensuring allsecurity requirements are adhered to by the developers.Which of the following BEST describes the contents of the supporting document the engineer is creating?
Question15: An organization's network engineering team recently deployed a new software encryption solution toensure the confidentiality of data at rest, which was found to add 300ms of latency to data read-writerequests in storage, impacting business operations.Which of the following alternative approaches would BEST address performance requirements whilemeeting the intended security objective?
Question16: A security analyst who is concerned about sensitive data exfiltration reviews the following:Which of the following tools would allow the analyst to confirm if data exfiltration is occuring?
Question17: A recent assessment identified that several users' mobile devices are running outdated versions ofendpoint security software that do not meet the company's security policy. Which of the following should beperformed to ensure the users can access the network and meet the company's security requirements?
Question18: A database administrator is required to adhere to and implement privacy principles when executing dailytasks. A manager directs the administrator to reduce the number of unique instances of PII stored within anorganization's systems to the greatest extent possible.Which of the following principles is being demonstrated?
Question19: A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes thefollowing command:dd if=/dev/ram of=/tmp/mem/dmpThe analyst then reviews the associated output:^34^#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/bin/bash^21^03#45However, the analyst is unable to find any evidence of the running shell.Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?
Question20: A web developer has implemented HTML5 optimizations into a legacy web application. One of themodifications the web developer made was the following client side optimization:localStorage.setItem("session-cookie", document.cookie);Which of the following should the security engineer recommend?
Question21: A security architect is determining the best solution for a new project. The project is developing a newintranet with advanced authentication capabilities, SSO for users, and automated provisioning tostreamline Day 1 access to systems. The security architect has identified the following requirements:1. Information should be sourced from the trusted master data source.2. There must be future requirements for identity proofing of devices and users.3. A generic identity connector that can be reused must be developed.4. The current project scope is for internally hosted applications only.Which of the following solution building blocks should the security architect use to BEST meet therequirements?
Question22: An organization is in the process of integrating its operational technology and information technologyareas. As part of the integration, some of the cultural aspects it would like to see include more efficient useof resources during change windows, better protection of critical infrastructure, and the ability to respond toincidents. The following observations have been identified:1. The ICS supplier has specified that any software installed will result in lack of support.2. There is no documented trust boundary defined between the SCADA and corporate networks.3. Operational technology staff have to manage the SCADA equipment via the engineering workstation.4. There is a lack of understanding of what is within the SCADA network.Which of the following capabilities would BEST improve the security position?
Question23: A security analyst is troubleshooting a scenario in which an operator should only be allowed to rebootremote hosts but not perform other activities. The analyst inspects the following portions of differentconfiguration files:Configuration file 1:Operator ALL=/sbin/rebootConfiguration file 2:Command="/sbin/shutdown now", no-x11-forwarding, no-pty, ssh-dssConfiguration file 3:Operator:x:1000:1000::/home/operator:/bin/bashWhich of the following explains why an intended operator cannot perform the intended action?
Question24: A security controls assessor intends to perform a holistic configuration compliance test of networkedassets. The assessor has been handed a package of definitions provided in XML format, and many of thefiles have two common tags within them: "<object object_ref=... />"and "<state state_ref=.../>".Which of the following tools BEST supports the use of these definitions?
Question25: An organization has established the following controls matrix:The following control sets have been defined by the organization and are applied in aggregate fashion:Systems containing PII are protected with the minimum control set.Systems containing medical data are protected at the moderate level.Systems containing cardholder data are protected at the high level.The organization is preparing to deploy a system that protects the confidentially of a database containingPII and medical data from clients. Based on the controls classification, which of the following controlswould BEST meet these requirements?
Question26: Which of the following describes a contract that is used to define the various levels of maintenance to beprovided by an external business vendor in secure environment?
Question27: An infrastructure team is at the end of a procurement process and has selected a vendor. As part of thefinal negotiations, there are a number of outstanding issues, including:1. Indemnity clauses have identified the maximum liability2. The data will be hosted and managed outside of the company's geographical locationThe number of users accessing the system will be small, and no sensitive data will be hosted in thesolution. As the security consultant on the project, which of the following should the project's securityconsultant recommend as the NEXT step?
Question28: A security analyst has requested network engineers integrate sFlow into the SOC's overall monitoringpicture. For this to be a useful addition to the monitoring capabilities, which of the following must beconsidered by the engineering team?
Question29: A government organization operates and maintains several ICS environments. The categorization of one ofthe ICS environments led to a moderate baseline. The organization has complied a set of applicablesecurity controls based on this categorization.Given that this is a unique environment, which of the following should the organization do NEXT todetermine if other security controls should be considered?
Question30: An internal staff member logs into an ERP platform and clicks on a record. The browser URL changes to:URL: http://192.168.0.100/ERP/accountId=5&action=SELECTWhich of the following is the MOST likely vulnerability in this ERP platform?
Question31: A hospital uses a legacy electronic medical record system that requires multicast for traffic between theapplication servers and databases on virtual hosts that support segments of the application. Following aswitch upgrade, the electronic medical record is unavailable despite physical connectivity between thehypervisor and the storage being in place. The network team must enable multicast traffic to restoreaccess to the electronic medical record. The ISM states that the network team must reduce the footprint ofmulticast traffic on the network.Using the above information, on which VLANs should multicast be enabled?
Question32: After embracing a BYOD policy, a company is faced with new security challenges from unmanaged mobiledevices and laptops. The company's IT department has seen a large number of the following incidents:Duplicate IP addressesRogue network devicesInfected systems probing the company's networkWhich of the following should be implemented to remediate the above issues? (Choose two.)
Question33: A security engineer is attempting to increase the randomness of numbers used in key generation in asystem. The goal of the effort is to strengthen the keys against predictive analysis attacks.Which of the following is the BEST solution?
Question34: During a security assessment, activities were divided into two phases; internal and external exploitation.The security assessment team set a hard time limit on external activities before moving to a compromisedbox within the enterprise perimeter.Which of the following methods is the assessment team most likely to employ NEXT?
Question35: A security architect is implementing security measures in response to an external audit that foundvulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism toprovide confidentiality for electronic correspondence between users and between users and groupmailboxes. Which of the following controls would BEST mitigate the identified vulnerability?
Question36: A systems administrator has installed a disk wiping utility on all computers across the organization andconfigured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. Thecompany has also instituted a policy that requires users to erase files containing sensitive informationwhen they are no longer needed.To ensure the process provides the intended results, an auditor reviews the following content from arandomly selected decommissioned hard disk:Which of the following should be included in the auditor's report based on the above findings?
Question37: Click on the exhibit buttons to view the four messages.A security architect is working with a project team to deliver an important service that stores and processescustomer banking details. The project, internally known as ProjectX, is due to launch its first set of featurespublicly within a week, but the team has not been able to implement encryption-at-rest of the customerrecords. The security architect is drafting an escalation email to senior leadership.Which of the following BEST conveys the business impact for senior leadership?
Question38: A security engineer is attempting to convey the importance of including job rotation in a company'sstandard security policies. Which of the following would be the BEST justification?
Question39: A security incident responder discovers an attacker has gained access to a network and has overwrittenkey system files with backdoor software. The server was reimaged and patched offline. Which of thefollowing tools should be implemented to detect similar attacks?
Question40: Which of the following BEST represents a risk associated with merging two enterprises during anacquisition?
Question41: Providers at a healthcare system with many geographically dispersed clinics have been fined five timesthis year after an auditor received notice of the following SMS messages:Which of the following represents the BEST solution for preventing future fines?
Question42: Company.org has requested a black-box security assessment be performed on key cyber terrain. On areaof concern is the company's SMTP services. The security assessor wants to run reconnaissance beforetaking any additional action and wishes to determine which SMTP server is Internet-facing.Which of the following commands should the assessor use to determine this information?
Question43: A medical device company is implementing a new COTS antivirus solution in its manufacturing plant. Allvalidated machines and instruments must be retested for interoperability with the new software.Which of the following would BEST ensure the software and instruments are working as designed?
Question44: An organization is currently working with a client to migrate data between a legacy ERP system and acloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization isperforming data deduplication and sanitization of client data to ensure compliance with regulatoryrequirements. Which of the following is the MOST likely reason for the need to sanitize the client data?
Question45: The Chief Information Officer (CISO) is concerned that certain systems administrators will privilegedaccess may be reading other users' emails. Review of a tool's output shows the administrators have usedweb mail to log into other users' inboxes.Which of the following tools would show this type of output?
Question46: Developers are working on anew feature to add to a social media platform. Thew new feature involvesusers uploading pictures of what they are currently doing. The data privacy officer (DPO) is concernedabout various types of abuse that might occur due to this new feature. The DPO state the new featurecannot be released without addressing the physical safety concerns of the platform's users. Which of thefollowing controls would BEST address the DPO's concerns?
Question47: A security consultant is attempting to discover if the company is utilizing databases on client machines tostore the customer data. The consultant reviews the following information:Which of the following commands would have provided this output?
Question48: After a large organization has completed the acquisition of a smaller company, the smaller company mustimplement new host-based security controls to connect its employees' devices to the network. Given thatthe network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following shouldthe security administrator do to integrate the new employees' devices into the network securely?
Question49: A system owner has requested support from data owners to evaluate options for the disposal of equipmentcontaining sensitive data. Regulatory requirements state the data must be rendered unrecoverable vialogical means or physically destroyed. Which of the following factors is the regulation intended to address?
Question50: To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200vulnerabilities on production servers to be remediated. The security engineer must determine whichvulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate themost dangerous risks. The CISO wants the security engineer to act in the same manner as would anexternal threat, while using vulnerability scan results to prioritize any actions. Which of the followingapproaches is described?
Question51: Ann, a member of the finance department at a large corporation, has submitted a suspicious email shereceived to the information security team. The team was not expecting an email from Ann, and it contains aPDF file inside a ZIP compressed archive. The information security learn is not sure which files wereopened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be asocial engineering attempt to deliver an exploit.Which of the following would provide greater insight on the potential impact of this attempted attack?
Question52: A security analyst is inspecting pseudocode of the following multithreaded application:1. perform daily ETL of data1.1 validate that yesterday's data model file exists1.2 validate that today's data model file does not exist1.2 extract yesterday's data model1.3 transform the format1.4 load the transformed data into today's data model file1.5 exitWhich of the following security concerns is evident in the above pseudocode?
Question53: Given the following output from a security tool in Kali:
Question54: A security manager recently categorized an information system. During the categorization effort, themanager determined the loss of integrity of a specific information type would impact business significantly.Based on this, the security manager recommends the implementation of several solutions. Which of thefollowing, when combined, would BEST mitigate this risk? (Select TWO.)
Question55: A newly hired security analyst has joined an established SOC team. Not long after going through corporateorientation, a new attack method on web-based applications was publicly revealed. The security analystimmediately brings this new information to the team lead, but the team lead is not concerned about it.Which of the following is the MOST likely reason for the team lead's position?
Question56: An organization enables BYOD but wants to allow users to access the corporate email, calendar, andcontacts from their devices. The data associated with the user's accounts is sensitive, and therefore, theorganization wants to comply with the following requirements:Active full-device encryptionEnabled remote-device wipeBlocking unsigned applicationsContainerization of email, calendar, and contactsWhich of the following technical controls would BEST protect the data from attack or loss and meet theabove requirements?
Question57: The Chief Information Security Officer (CISO) for an organization wants to develop custom IDS rulesetsfaster, prior to new rules being released by IDS vendors. Which of the following BEST meets thisobjective?
Question58: A security analyst, who is working in a Windows environment, has noticed a significant amount of IPv6traffic originating from a client, even though IPv6 is not currently in use. The client is a stand-alone device,not connected to the AD that manages a series of SCADA devices used for manufacturing. Which of thefollowing is the appropriate command to disable the client's IPv6 stack?A:B:C:D:
Question59: A project manager is working with a team that is tasked to develop software applications in a structuredenvironment and host them in a vendor's cloud-based infrastructure. The organization will maintainresponsibility for the software but will not manage the underlying server applications. Which of the followingdoes the organization plan to leverage?
Question60: A recent CRM upgrade at a branch office was completed after the desired deadline. Several technicalissues were found during the upgrade and need to be discussed in depth before the next branch office isupgraded.Which of the following should be used to identify weak processes and other vulnerabilities?
Question61: An engineer is evaluating the control profile to assign to a system containing PII, financial, and proprietarydata.Based on the data classification table above, which of the following BEST describes the overallclassification?
Question62: During a security assessment, an organization is advised of inadequate control over networksegmentation. The assessor explains that the organization's reliance on VLANs to segment traffic isinsufficient to provide segmentation based on regulatory standards. Which of the following should theorganization consider implementing along with VLANs to provide a greater level of segmentation?
Question63: The legal department has required that all traffic to and from a company's cloud-based word processingand email system is logged. To meet this requirement, the Chief Information Security Officer (CISO) hasimplemented a next-generation firewall to perform inspection of the secure traffic and has decided to use acloud-based log aggregation solution for all traffic that is logged.Which of the following presents a long-term risk to user privacy in this scenario?
Question64: The government is concerned with remote military missions being negatively being impacted by the use oftechnology that may fail to protect operational security. To remediate this concern, a number of solutionshave been implemented, including the following:End-to-end encryption of all inbound and outbound communication, including personal email and chatsessions that allow soldiers to securely communicate with families.Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and443 and approved applicationsA host-based whitelist of approved websites and applications that only allow mission-related tools andsitesThe use of satellite communication to include multiple proxy servers to scramble the source IP addressWhich of the following is of MOST concern in this scenario?
Question65: A deployment manager is working with a software development group to assess the security of a newversion of the organization's internally developed ERP tool. The organization prefers to not performassessment activities following deployment, instead focusing on assessing security throughout the lifecycle. Which of the following methods would BEST assess the security of the product?
Question66: Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). TheCISO is very concerned about the response time to the previous breach and wishes to know how thesecurity team expects to react to a future attack. Which of the following is the BEST method to achieve thisgoal while minimizing disruption?
Question67: A managed service provider is designing a log aggregation service for customers who no longer want tomanage an internal SIEM infrastructure. The provider expects that customers will send all types of logs tothem, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs to be stored in this new service. An engineer, who isdesigning the new service, is deciding how to segment customers.Which of the following is the BEST statement for the engineer to take into consideration?
Question68: Given the following output from a local PC:Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranetwebsite?
Question69: Security policies that are in place at an organization prohibit USB drives from being utilized across theentire enterprise, with adequate technical controls in place to block them. As a way to still be able to workfrom various locations on different computing resources, several sales staff members have signed up for aweb-based storage solution without the consent of the IT department. However, the operations departmentis required to use the same service to transmit certain business partner documents.Which of the following would BEST allow the IT department to monitor and control this behavior?
Question70: While attending a meeting with the human resources department, an organization's information securityofficer sees an employee using a username and password written on a memo pad to log into a specificservice. When the information security officer inquires further as to why passwords are being written down,the response is that there are too many passwords to remember for all the different services the humanresources department is required to use.Additionally, each password has specific complexity requirements and different expiration time frames.Which of the following would be the BEST solution for the information security officer to recommend?
Question71: An information security manager is concerned that connectivity used to configure and troubleshoot criticalnetwork devices could be attacked. The manager has tasked a network security engineer with meeting thefollowing requirements:Encrypt all traffic between the network engineer and critical devices.Segregate the different networking planes as much as possible.Do not let access ports impact configuration tasks.Which of the following would be the BEST recommendation for the network security engineer to present?
Question72: A company has created a policy to allow employees to use their personally owned devices. The ChiefInformation Officer (CISO) is getting reports of company data appearing on unapproved forums and anincrease in theft of personal electronic devices.Which of the following security controls would BEST reduce the risk of exposure?
Question73: Given the code snippet below:Which of the following vulnerability types in the MOST concerning?
Question74: An engineer maintains a corporate-owned mobility infrastructure, and the organization requires that all webbrowsing using corporate-owned resources be monitored. Which of the following would allow theorganization to meet its requirement? (Choose two.)
Question75: A security architect has been assigned to a new digital transformation program. The objectives are toprovide better capabilities to customers and reduce costs. The program has highlighted the followingrequirements:1. Long-lived sessions are required, as users do not log in very often.2. The solution has multiple SPs, which include mobile and web applications.3. A centralized IdP is utilized for all customer digital channels.4. The applications provide different functionality types such as forums and customer portals.5. The user experience needs to be the same across both mobile and web-based applications.Which of the following would BEST improve security while meeting these requirements?
Question76: A company has gone through a round of phishing attacks. More than 200 users have had their workstationinfected because they clicked on a link in an email. An incident analysis has determined an executable ranand compromised the administrator account on each workstation. Management is demanding theinformation security team prevent this from happening again.Which of the following would BEST prevent this from happening again?
Question77: An organization's Chief Financial Officer (CFO) was the target of several different social engineeringattacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer(CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO'sinbox from a familiar name with an attachment. Which of the following should the CISO task a securityanalyst with to determine whether or not the attachment is safe?
Question78: A newly hired systems administrator is trying to connect a new and fully updated, but very customized,Android device to access corporate resources. However, the MDM enrollment process continually fails.The administrator asks a security team member to look into the issue. Which of the following is the MOSTlikely reason the MDM is not allowing enrollment?
Question79: An agency has implemented a data retention policy that requires tagging data according to type beforestoring it in the data repository. The policy requires all business emails be automatically deleted after twoyears. During an open records investigation, information was found on an employee's work computerconcerning a conversation that occurred three years prior and proved damaging to the agency'sreputation. Which of the following MOST likely caused the data leak?
Question80: A security engineer is embedded with a development team to ensure security is built into products beingdeveloped. The security engineer wants to ensure developers are not blocked by a large number ofsecurity requirements applied at specific schedule points.Which of the following solutions BEST meets the engineer's goal?
Question81: A user asks a security practitioner for recommendations on securing a home network. The user recentlypurchased a connected home assistant and multiple IoT devices in an effort to automate the home. Someof the IoT devices are wearables, and other are installed in the user's automobiles. The current homenetwork is configured as a single flat network behind an ISP-supplied router. The router has a single IPaddress, and the router performs NAT on incoming traffic to route it to individual devices.Which of the following security controls would address the user's privacy concerns and provide the BESTlevel of security for the home network?
Question82: After investigating virus outbreaks that have cost the company $1000 per incident, the company's ChiefInformation Security Officer (CISO) has been researching new antivirus software solutions to use and befully supported for the next two years. The CISO has narrowed down the potential solutions to fourcandidates that meet all the company's performance and capability requirements:Using the table above, which of the following would be the BEST business-driven choice among fivepossible solutions?
Question83: An organization just merged with an organization in another legal jurisdiction and must improve its networksecurity posture in ways that do not require additional resources to implement data isolation. Onerecommendation is to block communication between endpoint PCs. Which of the following would be theBEST solution?
Question84: A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outsidecybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found thefollowing:High-impact controls implemented: 6 out of 10Medium-impact controls implemented: 409 out of 472Low-impact controls implemented: 97 out of 1000The report includes a cost-benefit analysis for each control gap. The analysis yielded the followinginformation:Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact controlgap: $95,000Average medium-impact control implementation cost: $6,250; Probable ALE for each medium-impactcontrol gap: $11,000Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% ofthe medium-impact controls will take two years to fully implement. Which of the following conclusions couldthe CISO draw from the analysis?
Question85: A software development team is conducting functional and user acceptance testing of internally developedweb applications using a COTS solution. For automated testing, the solution uses valid user credentialsfrom the enterprise directory to authenticate to each application. The solution stores the username in plaintext and the corresponding password as an encoded string in a script within a file, located on a globallyaccessible network share. The account credentials used belong to the development team lead. To reducethe risks associated with this scenario while minimizing disruption to ongoing testing, which of the followingare the BEST actions to take? (Choose two.)
Question86: A company has adopted and established a continuous-monitoring capability, which has proven to beeffective in vulnerability management, diagnostics, and mitigation. The company wants to increase thelikelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle.Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)
Question87: A systems administrator at a medical imaging company discovers protected health information (PHI) on ageneral purpose file server. Which of the following steps should the administrator take NEXT?
Question88: A security analyst is reviewing the following company requirements prior to selecting the appropriatetechnical control configuration and parameter:RTO: 2 daysRPO: 36 hoursMTTR: 24 hoursMTBF: 60 daysWhich of the following solutions will address the RPO requirements?
Question89: A company contracts a security engineer to perform a penetration test of its client-facing web portal. Whichof the following activities would be MOST appropriate?
Question90: A systems security engineer is assisting an organization's market survey team in reviewing requirementsfor an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team abouta particular class of devices that uses a separate SoC for baseband radio I/O. For which of the followingreasons is the engineer concerned?
Question91: An administrator has noticed mobile devices from an adjacent company on the corporate wireless network.Malicious activity is being reported from those devices. To add another layer of security in an enterpriseenvironment, an administrator wants to add contextual authentication to allow users to access enterpriseresources only while present in corporate buildings. Which of the following technologies would accomplishthis?
Question92: Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has accessto them. Ann emails her previous manager and asks to get her personal photos back.Which of the following BEST describes how the manager should respond?
Question93: Two competing companies experienced similar attacks on their networks from various threat actors. Toimprove response times, the companies wish to share some threat intelligence about the sources andmethods of attack. Which of the following business documents would be BEST to document thisengagement?
Question94: Due to a recent breach, the Chief Executive Officer (CEO) has requested the following activities beconducted during incident response planning:Involve business owners and stakeholdersCreate an applicable scenarioConduct a biannual verbal review of the incident response planReport on the lessons learned and gaps identifiedWhich of the following exercises has the CEO requested?