A common industrial protocol has the following characteristics:
• Provides for no authentication/security
• Is often implemented in a client/server relationship
• Is implemented as either RTU or TCP/IP
Which of the following is being described?
- A. Profinet
- B. Modbus
- C. Zigbee
- D. Z-Wave
After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst create to address future incidents?
- A. Root cause analysis
- B. Communication plan
- C. Runbook
- D. Lessons learned
A control systems analyst is reviewing the defensive posture of engineering workstations on the shop floor. Upon evaluation, the analyst makes the following observations:
• Unsupported, end-of-life operating systems were still prevalent on the shop floor.
• There are no security controls for systems with supported operating systems.
• There is little uniformity of installed software among the workstations.
Which of the following would have the greatest impact on the attack surface?
- A. Deploy antivirus software to all of the workstations.
- B. Increase the level of monitoring on the workstations.
- C. Utilize network-based allow and block lists.
- D. Harden all of the engineering workstations using a common strategy.
An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities. Which of the following service models best meets these requirements?
- A. PaaS
- B. SaaS
- C. IaaS
- D. MaaS
An application engineer is using the Swagger framework to leverage REST APIs to authenticate endpoints. The engineer is receiving HTTP 403 responses. Which of the following should the engineer do to correct this issue? (Choose two.)
- A. Obtain a security token.
- B. Obtain a public key.
- C. Leverage Kerberos for authentication
- D. Leverage OAuth for authentication.
- E. Leverage LDAP for authentication.
- F. Obtain a hash value.
A company’s software developers have indicated that the security team takes too long to perform application security tasks. A security analyst plans to improve the situation by implementing security into the SDLC. The developers have the following requirements:
1. The solution must be able to initiate SQL injection and reflected XSS attacks.
2. The solution must ensure the application is not susceptible to memory leaks.
Which of the following should be implemented to meet these requirements? (Choose two.)
- A. Side-channel analysis
- B. Protocol scanner
- C. HTTP interceptor
- D. DAST
- E. Fuzz testing
- F. SAST
- G. SCAP
To bring digital evidence in a court of law, the evidence must be:
- A. material.
- B. tangible.
- C. consistent.
- D. conserved.
A compliance officer is responsible for selecting the right governance framework to protect individuals’ data. Which of the following is the appropriate framework for the company to consult when collecting international user data for the purpose of processing credit cards?
- A. ISO 27001
- B. COPPA
- C. NIST 800-53
- D. PCI DSS
Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?
- A. At the individual product level
- B. Through the selection of a random product
- C. Using a third-party audit report
- D. By choosing a major product
An application security engineer is performing a vulnerability assessment against a new web application that uses SAML. The engineer wants to identify potential authentication issues within the application. Which of the following methods would be most appropriate for the engineer to perform?
- A. Fuzz testing
- B. Static analysis
- C. Side-channel analysis
- D. Dynamic analysis