A company has instituted a new policy in which all outbound traffic must go over TCP ports 80 and 443 for all its managed mobile devices. No other IP traffic is allowed to be initiated from a device. Which of the following should the organization consider implementing to ensure internet access continues without interruption?
- A. CYOD
- B. MDM
- C. WPA3
- D. DoH
A cloud security architect has been tasked with selecting the appropriate solution given the following:
• The solution must allow the lowest RTO possible.
• The solution must have the least shared responsibility possible.
• Patching should be a responsibility of the CSP.
Which of the following solutions can BEST fulfil the requirements?
- A. PaaS
- B. IaaS
- C. Private
- D. SaaS
A network administrator who manages a Linux web server notices the following traffic:
http://comptia.org/../../../../etc/shadow
Which of the following is the BEST action for the network administrator to take to defend against this type of web attack?
- A. Validate the server certificate and trust chain.
- B. Validate the server input and append the input to the base directory path.
- C. Validate that the server is not deployed with default account credentials.
- D. Validate that multifactor authentication is enabled on the server for all user accounts.
A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal?
- A. Utilize the SAN certificate to enable a single certificate for all regions.
- B. Deploy client certificates to all devices in the network.
- C. Configure certificate pinning inside the application.
- D. Enable HSTS on the application’s server side for all communication.
A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting?
- A. True positive
- B. False negative
- C. False positive
- D. True negative
An organization has just been breached, and the attacker is exfiltrating data from workstations. The security analyst validates this information with the firewall logs and must stop the activity immediately. Which of the following steps should the security analyst perform NEXT?
- A. Determine what data is being stolen and change the folder permissions to read only.
- B. Determine which users may have clicked on a malicious email link and suspend their accounts.
- C. Determine where the data is being transmitted and create a block rule.
- D. Determine if a user inadvertently installed malware from a USB drive and update antivirus definitions.
- E. Determine if users have been notified to save their work and turn off their workstations.
A security architect is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been implemented to prevent these types of risks?
- A. Code reviews
- B. Supply chain visibility
- C. Software audits
- D. Source code escrows
A company has decided that only administrators are permitted to use PowerShell on their Windows computers. Which of the following is the BEST way for an administrator to implement this decision?
- A. Monitor the Application and Services Logs group within Windows Event Log.
- B. Uninstall PowerShell from all workstations.
- C. Configure user settings In Group Policy.
- D. Provide user education and training.
- E. Block PowerShell via HIDS.
A recent security audit identified multiple endpoints have the following vulnerabilities:
• Various unsecured open ports
• Active accounts for terminated personnel
• Endpoint protection software with legacy versions
• Overly permissive access rules
Which of the following would BEST mitigate these risks? (Choose three).
- A. Local drive encryption
- B. Secure boot
- C. Address space layout randomization
- D. Unneeded services disabled
- E. Patching
- F. Logging
- G. Removal of unused accounts
- H. Enabling BIOS password
A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client’s systems?
- A. The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.
- B. The change control board must review and approve a submission.Â
- C. The information system security officer provides the systems engineer with the system updates.
- D. The security engineer asks the project manager to review the updates for the client’s system.