QUESTION 41
A company decides to enable trust boundaries in the network architecture and reduce the overhead required to support operations. Which of the following is the best way for the organization to meet this objective?
A. VPN
B. Continuous authorization
C. Split-tunnel configuration
D. SASE
E. Context-based authentication
Correct Answer: D
QUESTION 42
An engineer is designing a solution that addresses the following requirements:
1. The security controls must be redundant.
2. The security operations cannot be entirely disrupted by a supply chain attack.
3. The systems must be resilient and better prepared for zero-day vulnerabilities.
Which of the following is the best way to meet these requirements?
A. Leveraging a managed service provider to support operations
B. Acquiring security solutions from a single vendor for seamless integration
C. Migrating current security solutions to the cloud
D. Deploying heterogeneous security solutions to offer a layered approach
Correct Answer: D
QUESTION 43
A security architect performs a baseline review on the SIEM. The findings indicate that multiple use cases are missing and coverage is limited for defense evasion techniques. Which of the following processes best describes what the architect should do?
A. Implement a TIP on the internal network to facilitate the creation of a use case.
B. Perform a penetration test on critical devices and document IOCs for use cases.
C. Create a list of use cases based on Snort detection rules.
D. Use Sigma to build the logic of the use cases and testing on the SIEM.
Correct Answer: D
QUESTION 44
A security researcher is working with a client in the financial sector to identify appropriate threat intelligence knowledge to protect the enterprise environment. Current threat intelligence sources include the following:
1. Financial ISAC for industry-related threat intelligence
2. Dark web monitoring for compromised credentials
3. Endpoint detection and response solution for endpoint-based attacks
The security researcher notes that the organization lacks awareness of ongoing attacks against web applications and external infrastructure. Which of the following is the best way to address the organization’s needs?
A. A secure access service edge solution enforced through an MDM solution
B. A honeynet placed at the perimeter boundary
C. A canary file placed within the production environment
D. Multifactor authentication enforced through context-based reauthentication
Correct Answer: B
QUESTION 45
A company developed a new solution that needs to track any changes to the data, and the changes need to be quickly identified. If any changes are attempted without prior approval, multiple events must be triggered, such as:
1. Raising alerts
2. Blocking the unapproved changes
3. Quickly removing access to the data
Which of the following solutions best meets these requirements?
A. Tracking all application logs, integrating them to the existing SIEM, fagging any changes, and making them visible on security dashboards
B. Implementing a file integrity monitoring tool and integrating it via orchestration and automation with other security tools
C. Introducing more granular access controls and allowing read-only access for non-privileged users
D. Configuring CASB rules, making access to the data available only to authorized personnel
Correct Answer: B
QUESTION 46
Which of the following encryption types allows mathematical operations on a subset of encrypted data without requiring complete decryption of the data?
A. Symmetric
B. Envelope
C. Elliptic curve
D. Homomorphic
Correct Answer: D
QUESTION 47
The Chief Information Security Officer must ensure that an organization’s baseline workload is standardized prior to deployment and any modifications are immediately returned to the approved configuration. Which of the following are the best ways to assist with meeting these goals? (Select two).
A. CNAPP
B. SIEM
C. IaC
D. PowerShell scripts
E. Automated patching
F. Code assist
Correct Answer: AC
QUESTION 48
Which of the following promotes fair competition amongst global consumer technology providers and social media platforms?
A. CIS
B. PCI DSS
C. CSA
D. PCI DSS
Correct Answer: D
QUESTION 49
As part of a new software development method, a program manager requires that unit tests be written for all code before being promoted to production. The program manager wants to ensure that requirements can be tested and approved. Any security concerns should also be addressed prior to code deployment. Which of the following is an additional benefit of this new requirement?
A. Dynamic analysis
B. Integration testing
C. Software composition analysis
D. Input fuzzing
Correct Answer: C
QUESTION 50
An organization recently implemented a new email DLP solution. Emails sent from company email addresses to matching personal email addresses generated a large number of alerts, but the content of the emails did not include company data. The security team needs to reduce the number of emails sent without blocking all emails to common personal email services. Which of the following should the security team implement first?
A. Automatically quarantine outgoing email.
B. Create an acceptable use policy.
C. Enforce email encryption standards.
D. Perform security awareness training focusing on phishing.
Correct Answer: B
QUESTION 51
A security architect wants to complete a security baseline scan on an OT environment. The company only has a production environment that controls critical operations. Which of the following actions should the architect take?
A. Execute an Nmap scan to detect live systems.
B. Implement a bastion host and run a CMDB tool.
C. Perform a passive vulnerability assessment.
D. Create a Scapy script to enumerate the environment.
Correct Answer: C
QUESTION 52
A security architect must design a solution that meets the following criteria:
1. All sensitive communications must have end-to-end encryption.
2. If the key is compromised, the attacker must not be able to decrypt future communications.
3. Secrets must be preshared with all parties.
Which of the following is the best solution to achieve this goal?
A. One-time pad issuance
B. Perfect forward secrecy
C. Mutual authentication
D. Key splitting routine
Correct Answer: B
QUESTION 53
An organization wants to manage specialized endpoints and needs a solution that provides the ability to:
1. Centrally manage configurations.
2. Push policies.
3. Remotely wipe devices.
4. Maintain asset inventory.
Which of the following should the organization do to best meet these requirements?
A. Use a configuration management database.
B. Implement a mobile device management solution.
C. Configure contextual policy management.
D. Deploy a software asset manager.
Correct Answer: B
QUESTION 54
A company currently uses manual processes to regularly address incidents occurring outside of working hours. Hiring or implementing a SOC is not an option because of budget limitations. Which of the following solutions would most likely decrease the current risk?
A. Improve logging capabilities, integrating those logs with the existing SIEM and creating better security dashboards.
B. Implement a NIPS integrated with the firewall raising new rules to block any malicious access attempts coming from the external perimeter.
C. Evaluate and implement new endpoint security tools, helping to prevent attack attempts.
D. Design proper runbooks and implement security orchestration and automation with integrated security tools.
Correct Answer: D
QUESTION 55
A company in a regulated industry experiences a data breach after an employee clicks on an email phishing link and enters credentials, leading to the exposure of sensitive information. Which of the following should the company do to prevent future attacks? (Select two).
A. Deploy a NAC.
B. Implement deep packet inspection.
C. Establish password complexity requirements.
D. Implement a WAF.
E. Enforce multifactor authentication.
F. Create a security awareness training program.
Correct Answer: EF
QUESTION 56
A company acquires a location with a large infrastructure of legacy devices. Because of the hardware’s age and the legacy software’s limitations, the OS cannot be upgraded, and the machines cannot be virtualized. these machines are not publicly facing, but they do have internet access. The following controls are currently in place.
1. EDR
2. Anti-malware
3. Logging and monitoring
4. Host-based firewall
5. Proxied internet access
A security architect needs to supplement the existing control strategy with one that restricts unauthorized software. Which of the following controls should the architect recommend to best supplement the existing environment?
A. SIEM
B. Isolation
C. Conditional access
D. Application control
Correct Answer: D
QUESTION 57
An IT team receives reports from an employee who is experiencing account lockouts. The analyst sees brute-force attempts from countries where the company does not have offices. Which of the following solutions would best address this issue?
A. Using conditional access for user accounts
B. Removing the maximum number of failed login attempts
C. Implementing SSO for all applications
D. Enforcing password rotations every 60 days
Correct Answer: A
QUESTION 58
An organization just learned its cloud provider suffered a major security breach. Some data may have been exfiltrated. Which of the following is the best solution to prevent data exposure in the future?
A. Using the strongest encryption method available from the cloud provider for encryption keys
B. Using a rotation schedule for the encryption keys on a regular basis via the cloud-provided key vault
C. Using encryption keys generated by the cloud provider’s service offering
D. Using a dedicated cluster in which the customer manages the encryption keys
Correct Answer: D
QUESTION 59
During a recent security event access from the non-production environment to the production environment enabled unauthorized users to install unapproved software and make unplanned configuration changes. During an investigation, the following findings are identified:
1. Several new users were added in bulk by the IAM team.
2. Additional firewall and routers were recently added to the network.
3. Vulnerability assessments have been disabled for all devices for more than 30 days.
4. The application allow list has not been modified in more than two weeks.
5. Logs were unavailable for various types of traffic.
6. Endpoints have not been patched in more than ten days.
Which of the following actions would most likely need to be taken to ensure proper monitoring is in place within the organization? (Select two).
A. Disable bulk user creations by the IAM team.
B. Extend log retention for all security and network devices for 180 days for all traffic.
C. Review the application allow list on a daily basis to make sure it is properly configured.
D. Routinely update all endpoints and network devices as soon as new patches/hot fixes are available.
E. Ensure all network and security devices are sending relevant data to the SIEM.
F. Configure rules on all firewalls to only allow traffic from the production environment to the non-production environment.
Correct Answer: BE
QUESTION 60
A medical device manufacturer is establishing a risk management strategy for its devices. Patient safety is its top concern. These devices automatically adapt to specific patient needs without human intervention and rely heavily on software. Which of the following is the most important risk factor to prioritize?
A. The integrity of the data provided as input to the device
B. The longevity of the device’s integrated battery backup
C. The availability of the device’s actuator history
D. The reliability of connectivity to monitoring peripherals
E. The confidentiality of PII
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.