Which of the following is used to assess compliance with internal and external requirements?
- A. RACI matrix
- B. Audit report
- C. After-action report
- D. Business continuity plan
A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?
- A. Reviewing video from IP cameras within the facility
- B. Reconfiguring the SIEM connectors to collect data from the perimeter network hosts
- C. Implementing integrity checks on endpoint computing devices
- D. Looking for privileged credential reuse on the network
A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?
- A. Reviewing video from IP cameras within the facility
- B. Reconfiguring the SIEM connectors to collect data from the perimeter network hosts
- C. Implementing integrity checks on endpoint computing devices
- D. Looking for privileged credential reuse on the network
A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encryption with associated data. Which of the following algorithms, when combined into a cipher suite, will meet these requirements? (Choose three.)
- A. EDE
- B. CBC
- C. GCM
- D. AES
- E. RSA
- F. RC4
- G. ECDSA
- H. DH
A security architect is advising the application team to implement the following controls in the application before it is released:
• Least privilege
• Blocklist input validation for the following characters: \<>;, =”#+
Based on the requirements, which of the following attacks is the security architect trying to prevent?
- A. XML injection
- B. LDAP injection
- C. CSRF
- D. XSS
A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be BEST to use as part of the process to support copyright protections of the document?
- A. Steganography
- B. E-signature
- C. Watermarking
- D. Cryptography
An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PII and identity information, such as passport numbers. The SaaS CRM system does not meet the organization’s current security standards. Post remediation work, the assessment recorded the following:
1. There will be a $20.000 per day revenue loss for each day the system is delayed going into production.
2. The inherent risk was high.
3. The residual risk is now low.
4. The solution rollout to the contact center will be a staged deployment.
Which of the following risk-handling techniques will BEST meet the organization’s requirements post remediation?
- A. Apply for a security exemption, as the risk is too high to accept.
- B. Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.
- C. Accept the risk, as compensating controls have been implemented to manage the risk.
- D. Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.
A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Choose three.)
- A. Temporal
- B. Availability
- C. Integrity
- D. Confidentiality
- E. Base
- F. Environmental
- G. Impact
- H. Attack vector
During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. Upon rebooting the machine, a malicious script that was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?
- A. Order of volatility
- B. Chain of custody
- C. Verification
- D. Secure storage
A global organization’s Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization’s current MPLS-based WAN network to use commodity internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
- A. The SD-WAN provider would not be able to handle the organization’s bandwidth requirements.
- B. The operating costs of the MPLS network are too high for the organization.
- C. The SD-WAN provider may not be able to support the required troubleshooting and maintenance.
- D. Internal IT staff will not be able to properly support remote offices after the migration.