MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A network engineer must ensure that always-on VPN access is enabled Curt restricted to company assets Which of the following best describes what the engineer needs to do''
Question2: A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment. Which of the following is the best solution?
Question3: A company that relies on an COL system must keep it operating until a new solution is available Which of the following is the most secure way to meet this goal?
Question4: A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:Which of the following is the most appropriate action for the analyst to take?
Question5: SIMULATIONA security engineer needs to review the configurations of several devices on the network to meet the following requirements:* The PostgreSQL server must only allow connectivity in the 10.1.2.0/24 subnet.* The SSH daemon on the database server must be configured to listento port 4022.* The SSH daemon must only accept connections from a Singleworkstation.* All host-based firewalls must be disabled on all workstations.* All devices must have the latest updates from within the past eightdays.* All HDDs must be configured to secure data at rest.* Cleartext services are not allowed.* All devices must be hardened when possible.Instructions:Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA sshWAP APC ALaptop ASwitch ASwitch B:Laptop BPC BPC CServer A
Question6: A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic. Which of the following should the analyst use to determine whether the requests are malicious?
Question7: A software company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application Which of the following is the most likely cause of the alerts?
Question8: Which of the following AI concerns is most adequately addressed by input sanitation?
Question9: A security engineer needs 10 secure the OT environment based on me following requirements* Isolate the OT network segment* Restrict Internet access.* Apply security updates two workstations* Provide remote access to third-party vendorsWhich of the following design strategies should the engineer implement to best meet these requirements?
Question10: While reviewing recent modem reports, a security officer discovers that several employees were contacted by the same individual who impersonated a recruiter. Which of the following best describes this type of correlation?
Question11: The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep. Which of the following solutions are the best ways to mitigate this issue? (Select two).Setting different access controls defined by business area
Question12: A security analyst wants to use lessons learned from a poor incident response to reduce dwell lime in the future The analyst is using the following data pointsWhich of the following would the analyst most likely recommend?
Question13: The security team is looking into aggressive bot behavior that is resulting in performance issues on the web server. After further investigation, the security engineer determines that the bot traffic is legitimate. Which of the following is the best course of action to reduce performance issues without allocating additional resources to the server?
Question14: A hospital provides tablets to its medical staff to enable them to more quickly access and edit patients' charts. The hospital wants to ensure that if a tablet is Identified as lost or stolen and a remote command is issued, the risk of data loss can be mitigated within seconds. The tablets are configured as follows to meet hospital policy* Full disk encryption is enabled* "Always On" corporate VPN is enabled* ef-use-backed keystore is enabled'ready.* Wi-Fi 6 is configured with SAE.* Location services is disabled.* Application allow list is configured
Question15: The security team is looking into aggressive bot behavior that is resulting in performance issues on the web server. After further investigation, the security engineer determines that the bot traffic is legitimate. Which of the following is the best course of action to reduce performance issues without allocating additional resources to the server?
Question16: A security operations engineer needs to prevent inadvertent data disclosure when encrypted SSDs are reused within an enterprise. Which of the following is the most secure way to achieve this goal?
Question17: A security professional is investigating a trend in vulnerability findings for newly deployed cloud systems Given the following output:Which of the following actions would address the root cause of this issue?
Question18: A company hosts a platform-as-a-service solution with a web-based front end, through which customer interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks. Which of the following most directly supports the administrator's objective'
Question19: A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?
Question20: A security analyst is reviewing the following authentication logs:Which of the following should the analyst do first?
Question21: SIMULATIONA product development team has submitted code snippets for review prior to release.INSTRUCTIONSAnalyze the code snippets, and then select one vulnerability, and one fix for each code snippet.Code Snippet 1Code Snippet 2Vulnerability 1:SQL injectionCross-site request forgeryServer-side request forgeryIndirect object referenceCross-site scriptingFix 1:Perform input sanitization of the userid field.Perform output encoding of queryResponse,Ensure usex:ia belongs to logged-in user.Inspect URLS and disallow arbitrary requests.Implement anti-forgery tokens.Vulnerability 21) Denial of service2) Command injection3) SQL injection4) Authorization bypass5) Credentials passed via GETFix 2A) Implement prepared statements and bindvariables.B) Remove the serve_forever instruction.C) Prevent the "authenticated" value from being overridden by a GET parameter.D) HTTP POST should be used for sensitive parameters.E) Perform input sanitization of the userid field.
Question22: A company wants to use loT devices to manage and monitor thermostats at all facilities The thermostats must receive vendor security updates and limit access to other devices within the organization Which of the following best addresses the company's requirements''
Question23: A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP.Which of the following is me best way to reduce the risk oi reoccurrence?
Question24: A company detects suspicious activity associated with external connections Security detection tools are unable to categorize this activity. Which of the following is the best solution to help the company overcome this challenge?
Question25: SIMULATIONAn IPSec solution is being deployed. The configuration files for both the VPN concentrator and the AAA server are shown in the diagram.Complete the configuration files to meet the following requirements:* The EAP method must use mutual certificate-based authentication (With issued client certificates).* The IKEv2 Cipher suite must be configured to the MOST secureauthenticated mode of operation,* The secret must contain at least one uppercase character, one lowercase character, one numeric character, and one special character, and it must meet a minimum length requirement of eight characters, INSTRUCTIONS Click on the AAA server and VPN concentrator to complete the configuration.Fill in the appropriate fields and make selections from the drop-down menus.VPN Concentrator:AAA Server:
Question26: Which of the following best explains the importance of determining organization risk appetite when operating with a constrained budget?
Question27: A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?
Question28: SIMULATIONYou are tasked with integrating a new B2B client application with an existing OAuth workflow that must meet the following requirements:. The application does not need to know the users' credentials.. An approval interaction between the users and the HTTP service must be orchestrated.. The application must have limited access to users' data.INSTRUCTIONSUse the drop-down menus to select the action items for the appropriate locations. All placeholders must be filled.
Question29: A company's help desk is experiencing a large number of calls from the finance department slating access issues to www bank com The security operations center reviewed the following security logs:Which of the following is most likely the cause of the issue?
Question30: An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform. Which of the following should the company do to secure the Al environment?
Question31: An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability. Which of the following components provides the best foundation to achieve this goal?
Question32: A systems engineer is configuring a system baseline for servers that will provide email services. As part of the architecture design, the engineer needs to improve performance of the systems by using an access vector cache, facilitating mandatory access control and protecting against:* Unauthorized reading and modification of data and programs* Bypassing application security mechanisms* Privilege escalation* interference with other processesWhich of the following is the most appropriate for the engineer to deploy?
Question33: An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted. Which of the following attack vectors does this registry address?
Question34: A user reports application access issues to the help desk. The help desk reviews the logs for the userWhich of the following is most likely The reason for the issue?
Question35: A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin. Which of the following best describes the cyberthreat to the bank?
Question36: A news organization wants to implement workflows that allow users to request that untruthful data be retraced and scrubbed from online publications to comply with the right to be forgotten Which of the following regulations is the organization most likely trying to address'
Question37: A security engineer is developing a solution to meet the following requirements?* All endpoints should be able to establish telemetry with a SIEM.* All endpoints should be able to be integrated into the XDR platform.* SOC services should be able to monitor the XDR platformWhich of the following should the security engineer implement to meet the requirements?
Question38: A security officer performs due diligence activities before implementing a third-party solution into the enterprise environment. The security officer needs evidence from the third party that a data subject access request handling process is in place. Which of the following is the security officer most likely seeking to maintain compliance?
Question39: A security engineer wants to stay up-to-date on new detections that are released on a regular basis. The engineer's organization uses multiple tools rather than one specific vendor security stack. Which of the following rule-based languages is the most appropriate to use as a baseline for detection rules with the multiple security tool setup?
Question40: A company receives reports about misconfigurations and vulnerabilities in a third-party hardware device that is part of its released products. Which of the following solutions is the best way for the company to identify possible issues at an earlier stage?
Question41: A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors Which of the following is the most relevant to the DevSecOps team's task'
Question42: Company A and Company D ate merging Company A's compliance reports indicate branch protections are not in place A security analyst needs to ensure that potential threats to the software development life cycle are addressed. Which of the following should me analyst cons<der when completing this basic?
Question43: A developer needs to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module. Which of the following is the most appropriate technique?
Question44: A security team is responding to malicious activity and needs to determine the scope of impact the malicious activity appears to affect certain version of an application used by the organization Which of the following actions best enables the team to determine the scope of Impact?
Question45: A systems administrator wants to use existing resources to automate reporting from disparate security appliances that do not currently communicate. Which of the following is the best way to meet this objective?
Question46: A developer makes a small change to a resource allocation module on a popular social media website and causes a memory leak. During a peak utilization period, several web servers crash, causing the website to go offline. Which of the following testing techniques is the most efficient way to prevent this from reoccurring?
Question47: A company is developing a new service product offering that will involve the Security Officer (CISO) researching the relevant compliance regulations. Which of the following best describes the CISO's action?
Question48: A security analyst received a notification from a cloud service provider regarding an attack detected on a web server The cloud service provider shared the following information about the attack:* The attack came from inside the network.* The attacking source IP was from the internal vulnerability scanners.* The scanner is not configured to target the cloud servers.Which of the following actions should the security analyst take first?
Question49: Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Select two).Implementing DLP controls preventing sensitive data from leaving Company B's network
Question50: Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment. Which of the following actions should be taken to address this requirement?
Question51: A financial services organization is using Al lo fully automate the process of deciding client loan rates Which of the following should the organization be most concerned about from a privacy perspective?
Question52: A company is having issues with its vulnerability management program New devices/lPs are added and dropped regularly, making the vulnerability report inconsistent Which of the following actions should the company lake to most likely improve the vulnerability management process'
Question53: An endpoint security engineer finds that a newly acquired company has a variety of non-standard applications running and no defined ownership for those applications. The engineer needs to find a solution that restricts malicious programs and software from running in that environment, while allowing the non-standard applications to function without interruption. Which of the following application control configurations should the engineer apply?
Question54: An audit finding reveals that a legacy platform has not retained loos for more than 30 days The platform has been segmented due to its interoperability with newer technology. As a temporary solution, the IT department changed the log retention to 120 days. Which of the following should the security engineer do to ensure the logs are being properly retained?
Question55: Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation. The analyst generates the following output:Which of the following would the analyst most likely recommend?
Question56: An organization is required to* Respond to internal and external inquiries in a timely manner* Provide transparency.* Comply with regulatory requirementsThe organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?
Question57: All organization is concerned about insider threats from employees who have individual access to encrypted material. Which of the following techniques best addresses this issue?
Question58: Third parties notified a company's security team about vulnerabilities in the company's application. The security team determined these vulnerabilities were previously disclosed in third-party libraries. Which of the following solutions best addresses the reported vulnerabilities?