A company’s Chief Information Officer requires that all visitors who connect to the Wi-Fi on an unused network port must have a posture assessment performed on their devices before being allowed network access. The company also requires that all wireless traffic be scanned for any abnormal behavior and the security team be notified before any actions are performed. Which of the following services should be configured to accommodate these requirements? (Choose two.)
- A. NAC
- B. WAF
- C. WLC
- D. WDS
- E. NIPS
- F. NACL
An organization is implementing advanced security controls associated with the execution of software applications on corporate endpoints. The organization must implement a deny-all, permit-by-exception approach to software authorization for all systems regardless of OS. Which of the following should be implemented to meet these requirements?
- A. SELinux
- B. MDM
- C. XDR
- D. Block list
- E. Atomic execution
An organization’s board of directors has asked the Chief Information Security Officer to build a third-party management program. Which of the following best explains a reason for this request?
- A. Risk transference
- B. Supply chain visibility
- C. Support availability
- D. Vulnerability management
A global financial firm wants to onboard a new vendor that sells a very specific SaaS application. The application is only hosted in the vendor’s home country, and the firm cannot afford any significant downtime. Which of the following is the GREATEST risk to the firm, assuming the decision is made to work with the new vendor?
- A. The application’s performance will be different in regional offices.
- B. There are regulatory concerns with using SaaS applications.
- C. The SaaS application will only be available to users in one country.
- D. There is no geographical redundancy in case of network outages.
An organization wants to set up an internal PKI to support encrypting traffic between internal support web applications and user’s endpoint devices. A security policy requires that certificates must validate for each request to reduce the risk of an on-path attack. The business requires that the solution does not reduce the response of the web applications. Which of the following solutions would best satisfy both the security and business requirements?
- A. Require each endpoint to validate using a CRL.
- B. Implement certificate pinning for all web applications.
- C. Outsource PKI management to a managed service provider.
- D. Configure the CA to support OCSP responder services.
A company recently suffered a ransomware outbreak within its virtualized server environment. After the incident, the Chief Information Security Officer created the following requirements for all server environments:
• Only explicitly allowed traffic shall be permitted.
• Inter-VLAN traffic must be filtered.
• Intra-VLAN traffic must be filtered.
• VM traffic residing on the same host must be filtered.
Which of the following best meets these requirements?
- A. NGFW
- B. Microsegmentation
- C. Screened subnet
- D. NAC
- E. VNET
An organization has been using self-managed encryption keys rather than the free keys managed by the cloud provider. The Chief Information Security Officer (CISO) reviews the monthly bill and realizes the self-managed keys are more costly than anticipated. Which of the following should the CISO recommend to reduce costs while maintaining a strong security posture?
- A. Utilize an on-premises HSM to locally manage keys.
- B. Adjust the configuration for cloud provider keys on data that is classified as public.
- C. Being using cloud-managed keys on all new resources deployed in the cloud.
- D. Extend the key rotation period to one year so that the cloud provider can use cached keys.
Based on third-party software assurance assessments, a company needs to improve its quality and security practices. The common findings include:
• Deprecated functions
• Various race conditions
• Pointer dereferences
• Insecure system calls
Which of the following recommendations would most likely help the company reduce the frequency of these code quality issues?
- A. Automated fuzzing and dynamic analysis
- B. IDE-integrated static analysis
- C. Third-party resource management
- D. Two-person control process for code commits
- E. Containerization of any included legacy code
A company is implementing a BYOD policy and needs a PKI certificate issuance approach that will enable mobile devices to be enrolled under the company’s domain. Which of the following certificates should the company purchase?
- A. General purpose
- B. Multidomain
- C. Wildcard
- D. Extended validation
A security engineer is responsible for configuring and implementing MAC on a Linux system using basic SELinux utilities. Which of the following commands represents the correct sequence to implement MAC?
- A. apt-get install selinux-basics selinux-policy-default auditd
selinux-activate
reboot - B. apt-get install selinux-basics selinux-policy-default
selinux-activate
reboot - C. apt-get install selinux-policy-default auditd
selinux-activate
reboot - D. apt-get install selinux-basics selinux-policy-default syslogd selinux-activate reboot
A systems administrator is developing an implementation plan for mobile device use within the corporate environment. Currently, there are no controls in place limiting the ability to install corporate applications on personal devices. The systems administrator needs to ensure devices that access corporate data meet minimum security requirements and maintain segmentation between personal and corporate data. Which of the following functions would be best to implement to support the stated requirements? (Choose two.)
- A. Containerization
- B. Allow list
- C. Block list
- D. Token-based access,
- E. Conditional access
- F. Geofencing
- G. Firmware over-the-air