A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:
(&(objectClass=*)(objectClass=*))(&(objectClass=void)(type=admin))
Which of the following would BEST mitigate this vulnerability?
- A. Network intrusion prevention
- B. Data encoding
- C. Input validation
- D. CAPTCHA
A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.
Which of the following systems should the consultant review before making a recommendation?
- A. CAN
- B. ASIC
- C. FPGA
- D. SCADA
Company A acquired Company ׀’. During an audit, a security engineer found Company B’s environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B’s infrastructure could be integrated into Company A’s security program.
Which of the following risk-handling techniques was used?
- A. Accept
- B. Avoid
- C. Transfer
- D. Mitigate
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.
Which of the following should the organization perform NEXT?
- A. Assess the residual risk.
- B. Update the organization’s threat model.
- C. Move to the next risk in the register.
- D. Recalculate the magnitude of impact.
A software house is developing a new application. The application has the following requirements:
– Reduce the number of credential requests as much as possible
– Integrate with social networks
– Authenticate users
Which of the following is the BEST federation method to use for the application?
- A. WS-Federation
- B. OpenID
- C. OAuth
- D. SAML
A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements:
– Be efficient at protecting the production environment
– Not require any change to the application
– Act at the presentation layer
Which of the following techniques should be used?
- A. Masking
- B. Tokenization
- C. Algorithmic
- D. Random substitution
A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.
Which of the following offers an authoritative decision about whether the evidence was obtained legally?
- A. Lawyers
- B. Court
- C. Upper management team
- D. Police
Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.
Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?
- A. Drive wiping
- B. Degaussing
- C. Purging
- D. Physical destruction
A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.
Which of the following techniques would BEST support this?
- A. Configuring systemd services to run automatically at startup
- B. Creating a backdoor
- C. Exploiting an arbitrary code execution exploit
- D. Moving laterally to a more authoritative server/service
A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.
When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ׀׀¢ network?
- A. Packets that are the wrong size or length
- B. Use of any non-DNP3 communication on a DNP3 port
- C. Multiple solicited responses over time
- D. Application of an unsupported encryption algorithm