QUESTION 141
A security administrator is performing a gap assessment against a specific OS benchmark The benchmark requires the following configurations be applied to endpoints:
1. Full disk encryption
2. Host-based firewall
3. Time synchronization
4. Password policies
5. Application allow listing
6. Zero Trust application access
Which of the following solutions best addresses the requirements? (Select two).
A. MDM
B. CASB
C. SBoM
D. SCAP
E. SASE
F. HIDS
Correct Answer: AD
QUESTION 142
A security architect is working with a client to develop cloud-focused zero trust solutions to protect employee access to the organization’s resources. The client organization wants to replace a traditional SSL VPN solution with a clientless solution that secures access to web-based applications. Which of the following best addresses the requirements?
A. SD-WAN
B. Always-on VPN
C. SASE
D. PAM
E. Conditional access
Correct Answer: C
QUESTION 143
A malicious actor exploited firmware vulnerabilities and used rootkits in an attack on an organization. After the organization recovered from the incident, an engineer needs to recommend a solution that reduces the likelihood of the same type of attack in the future. Which of the following is the most relevant solution?
A. Enabling software integrity checks
B. Installing self-encrypting drives
C. Implementing measured boot
D. Configuring host-based encryption
Correct Answer: C
QUESTION 144
An organization currently has IDS, firewall, and DLP systems in place. The systems administrator needs to integrate the tools in the environment to reduce response time. Which of the following should the administrator use?
A. SOAR
B. CWPP
C. XCCDF
D. CMDB
Correct Answer: A
QUESTION 145
A remote attacker successfully adds their own access credential to a physical access control system without any evidence of any hosts or employee credentials being compromised. The organization has the following controls in place:
1. Operating the system on a dedicated VLAN without internet or WLAN access
2. Enforcing mutual EAP-TLS for access to out-of-band network management infrastructure
3. Requiring a badge and a PIN for all building and room access
Which of the following configuration changes is the best way to reduce the risk of similar compromises in the future?
A. Updating network infrastructure devices to the latest OS versions with secure configurations
B. Upgrading the authentication protocol to EAP-TTLS for the infrastructure management system
C. Performing routine audits of changes to the roster of authorized badge and PIN combinations
D. Encapsulating traffic via an additional point-to-multipoint encrypted network
Correct Answer: C
QUESTION 146
A Chief Information Security Officer requests an action plan to remediate vulnerabilities. A security analyst reviews the output from a recent vulnerability scan and notices hundreds of unique vulnerabilities. The output includes the CVSS score, IP address, hostname, and the list of vulnerabilities. The analyst determines more information is needed in order to decide which vulnerabilities should be fixed immediately. Which of the following is the best source for this information?
A. Third-party risk review
B. Business impact analysis
C. Incident response playbook
D. Crisis management plan
Correct Answer: B
QUESTION 147
A company notices that cloud environment costs increased after using a new serverless solution based on API requests. Many invalid requests from unknown IPs were found, often within a short time. Which of the following solutions would most likely solve this issue, reduce cost, and improve security?
A. Using digital certificates for known customers and performing API authorization through those certificates
B. Defining request rate limits and comparing new requests from unknown IPs with a list of known-malicious IPs
C. Setting authentication processes for the API requests as well as proper rate limits according to regular usage
D. Only allowing API requests coming from regions with known customers
Correct Answer: C
QUESTION 148
Which of the following includes best practices for validating perimeter firewall configurations?
A. CIS controls
B. MITRE ATT&CK
C. NIST CSF
D. ISO 27001
Correct Answer: A
QUESTION 149
A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following:
1. An administrator’s account was hijacked and used on several Autonomous System Numbers within 30 minutes.
2. All administrators use named accounts that require multifactor authentication.
3. Single sign-on is used for all company applications.
Which of the following should the security architect do to mitigate the issue?
A. Configure token theft detections on the single sign-on system with automatic account lockouts.
B. Enable context-based authentication when network locations change on administrator login attempts.
C. Decentralize administrator accounts and force unique passwords for each application.
D. Enforce biometric authentication requirements for the administrator’s named accounts.
Correct Answer: B
QUESTION 150
An organization is increasing its focus on training that addresses new social engineering and phishing attacks. Which of the following is the organization most concerned about?
A. Meeting existing regulatory compliance
B. Overreliance on Al support bots
C. Generative Al tools increasing the quality of exploits
D. Differential analysis using Al models
Correct Answer: C
QUESTION 151
A security manager at a local hospital wants to secure patient medical records. The manager needs to:
1. Choose an access control model that clearly defines who has access to sensitive information.
2. Prevent those who enter new patient information from specifying who has access to this data.
Which of the following access control models is the best way to ensure the lowest risk of granting unintentional access?
A. Rule-based
B. Attribute-based
C. Mandatory
D. Discretionary
Correct Answer: C
QUESTION 152
An organization determines existing business continuity practices are inadequate to support critical internal process dependencies during a contingency event. A compliance analyst wants the Chief Information Officer (CIO) to identify the level of residential risk that is acceptable to guide remediation activities. Which of the following does the CIO need to clarify?
A. Mitigation
B. Impact
C. Likelihood
D. Appetite
Correct Answer: D
QUESTION 153
A system of globally distributed certificate servers connected to HSMs provide certificate security services for a publicly available PKI. These services include OCSP, certificate revocation list issuance, and certificate signing/issuance. The HSMs are all physical devices. All other servers are virtualized. Each global site has a network load balancer, and the sites are configured to load balance between sites. Users report occasional but persistent log-on failures to different PKI-enabled websites. There is no apparent pattern to the failures. Some OCSP responses must be signed by the HSM. Each HSM is connected to a physical server containing multiple VMs for the local site with CAT8 ethernet cabling. The backplane connecting the VMs is fiber based. Which of the following would best reduce the OCSP response time in order to rule out the connection between the certificate server and HSM as a cause of the user-reported issues?
A. Virtualize the HSMs and convert the virtualized servers to physical systems.
B. Increase the number of load balancers at each global site.
C. Shorten the time the duration certificates are valid to 72 hours and implement ACME.
D. Reduce the number of global sites while increasing the number of HSMs.
Correct Answer: D
QUESTION 154
A systems administrator works for an organization that is merging with another one. The systems administrator needs to produce specific reports for the board of directors. Which of the following actions is the board of directors most likely taking?
A. Exercising due diligence
B. Enforcing a non-disclosure agreement
C. Investigating their right of first refusal
D. Performing third-party attestations
Correct Answer: A
QUESTION 155
An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability. Which of the following components provides the best foundation to achieve this goal?
A. SASE
B. CMDB
C. SBoM
D. SIEM
Correct Answer: B
QUESTION 156
A company’s security team is notified about vulnerabilities in the company’s application. The security team determines that these vulnerabilities were previously disclosed in third-party libraries. Which of the following solutions best allows the company to identify third-party vulnerabilities in the future?
A. Using IaC to include the newest dependencies
B. Creating a bug bounty program
C. Implementing a continuous security assessment program
D. Integrating an SCA tool as part of the pipeline
Correct Answer: D
QUESTION 157
A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response. Which of the following should the team do to best accomplish this goal?
A. Integrate a file-monitoring tool with the SIEM.
B. Change the log solution and integrate it with the existing SIEM.
C. Implement a central logging server, allowing only log ingestion.
D. Rotate and back up logs every 24 hours, encrypting the backups.
Correct Answer: C
QUESTION 158
An organization recently hired a third party to audit the information security controls present in the environment. After reviewing the audit findings, the Chief Information Security Officer (CISO) approved the budget for an in-depth defense strategy for network security. Which of the following is the most likely reason the CISO approved the additional budget?
A. Other departments had unused budget, which was transferred to IT security.
B. Potential customers increasingly asked for security compliance reports.
C. The previous network architecture contained controls that could be easily bypassed.
D. The auditor reported a low score on the PCI DSS self-assessment questionnaire.
Correct Answer: C
QUESTION 159
A company is adopting microservice architecture in order to quickly remediate vulnerabilities and deploy to production. All of the microservices run on the same Linux platform. Significant time was spent updating the base OS before deploying code. Which of the following should the company do to make the process efficient?
A. Use Terraform scripts while creating golden images.
B. Create a cron job to run apt-update every 30 days.
C. Use snapshots to deploy code to existing compute instances.
D. Deploy a centralized update server.
Correct Answer: A
QUESTION 160
A game developer wants to reach new markets and is advised by legal counsel to include specific age-related sign-up requirements. Which of the following best describes the legal counsel’s concerns?
A. GDPR
B. LGPD
C. PCI DSS
D. COPPA
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.