A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:
• Access to critical web services at the edge must be redundant and highly available.
• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.
• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.
Which of the following solutions BEST meets these requirements?
- A. Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider.
- B. Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.
- C. Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.
- D. Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.
A software company decides to study and implement some new security features in the software it develops in C++ language. Developers are trying to find a way to avoid a malicious process that can access another process’s execution area. Which of the following techniques can the developers do?
- A. Enable NX.
- B. Move to Java.
- C. Execute SAST.
- D. Implement memory encryption.
A security architect recommends replacing the company’s monolithic software application with a containerized solution. Historically, secrets have been stored in the application’s configuration files. Which of the following changes should the security architect make in the new system?
- A. Use a secrets management tool.
- B. Save secrets in key escrow.
- C. Store the secrets inside the Dockerfiles.
- D. Run all Dockerfiles in a randomized namespace.
Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?
- A. Initiate a legal hold.
- B. Refer to the retention policy.
- C. Perform e-discovery.
- D. Review the subpoena.
A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine’s operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider’s limitations. Which of the following is the BEST course of action to help prevent this situation in the near future?
- A. Establish cross-account trusts to connect all VPCs via API for secure configuration scanning.
- B. Migrate the system to another larger, top-tier cloud provider and leverage the additional VPC peering flexibility.
- C. Implement a centralized network gateway to bridge network traffic between all VPCs.
- D. Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.
A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components. Which of the following should the company implement to ensure the architecture is portable?
- A. Virtualized emulators
- B. Type 2 hypervisors
- C. Orchestration
- D. Containerization
The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company’s data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored. Which of the following would meet these requirements?
- A. Near-field communication
- B. Short Message Service
- C. Geofencing
- D. Bluetooth
A startup software company recently updated its development strategy to incorporate the Software Development Life Cycle, including revamping the quality assurance and release processes for gold builds. Which of the following would most likely be developed FIRST as part of the overall strategy?
- A. Security requirements
- B. Code signing
- C. Application vetting
- D. Secure coding standards
An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?
- A. Properly configure a secure file transfer system to ensure file integrity.
- B. Have the external parties sign non-disclosure agreements before sending any images.
- C. Only share images with external parties that have worked with the firm previously.
- D. Utilize watermarks in the images that are specific to each external party.
A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert. Based on this information, the security analyst acknowledges this alert. Which of the following event classifications is MOST likely the reason for this action?
- A. True negative
- B. False negative
- C. False positive
- D. Non-automated response