A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?
- A. MD5-based envelope method
- B. HMAC_SHA256
- C. PBKDF2
- D. PGP
A security analyst for a managed service provider wants to implement the most up-to-date and effective security methodologies to provide clients with the best offerings. Which of the following resources would the analyst MOST likely adopt?
- A. OSINT
- B. ISO
- C. MITRE ATT&CK
- D. OWASP
A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Choose three.)
- A. Least privilege
- B. VPN
- C. Policy automation
- D. PKI
- E. Firewall
- F. Continuous validation
- G. Continuous integration
- H. IaaS
A security architect for a manufacturing company must ensure that a new acquisition of IoT devices is securely integrated into the company’s Infrastructure. The devices should not directly communicate with other endpoints on the network and must be subject to network traffic monitoring to identify anomalous traffic. Which of the following would be the BEST solution to meet these requirements?
- A. Block all outbound traffic and implement an inline firewall.
- B. Allow only wireless connections and proxy the traffic through a network tap.
- C. Establish an air-gapped network and implement an IDS.
- D. Use a separate VLAN with an ACL and implement network detection and response.
A digital forensics expert has obtained an ARM binary suspected of including malicious behavior. The expert would like to trace and analyze the ARM binary’s execution. Which of the following tools would BEST support this effort?
- A. objdump
- B. OllyDbg
- C. FTK Imager
- D. Ghidra
A software developer was just informed by the security team that the company’s product has several vulnerabilities. Most of these vulnerabilities were traced to code the developer did not write. The developer does not recognize some of the code, as it was in the software before the developer started on the program and is not tracked for licensing purposes. Which of the following would the developer MOST likely do to mitigate the risks and prevent further issues like these from occurring?
- A. Perform supply chain analysis and require third-party suppliers to implement vulnerability management programs.
- B. Perform software composition analysis and remediate vulnerabilities found in the software.
- C. Perform reverse engineering on the code and rewrite the code in a more secure manner.
- D. Perform fuzz testing and implement DAST in the code repositories to find vulnerabilities prior to deployment.
A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in the service being unavailable. Which of the following would BEST prevent this scenario form happening again?
- A. Performing routine tabletop exercises
- B. Implementing scheduled, full interruption tests
- C. Backing up system log reviews
- D. Performing department disaster recovery walk-throughs
An organization developed an incident response plan. Which of the following would be BEST to assess the effectiveness of the plan?
- A. Requesting a third-party review
- B. Generating a checklist by organizational unit
- C. Establishing role succession and call lists
- D. Creating a playbook
- E. Performing a tabletop exercise
A new mandate by the corporate security team requires that all endpoints must meet a security baseline before accessing the corporate network. All servers and desktop computers are scanned by the dedicated internal scanner appliance installed in each subnet. However, remote worker laptops do not access the network regularly. Which of the following is the BEST option for the security team to ensure remote worker laptops are scanned before being granted access to the corporate network?
- A. Implement network access control to perform host validation of installed patches.
- B. Create an 802.1X implementation with certificate-based device identification.
- C. Create a vulnerability scanning subnet for remote workers to connect to on the network at headquarters.
- D. Install a vulnerability scanning agent on each remote laptop to submit scan data.
A penetration tester is testing a company’s login form for a web application using a list of known usernames and a common password list. According to a brute-force utility, the penetration tester needs to provide the tool with the proper headers, POST URL with variable names, and the error string returned with an improper login. Which of the following would BEST help the tester to gather this information? (Choose two.)
- A. The new source feature of the web browser
- B. The logs from the web server
- C. The inspect feature from the web browser
- D. A tcpdump from the web server
- E. An HTTP interceptor
- F. The website certificate viewed via the web browser