An organization wants to ensure that its website is free of certain vulnerabilities before the final handoff to the client. What testing method should the organization use to inspect traffic and detect potential issues?
A company wants to improve the security of its software development process and reduce the risk of vulnerabilities in its applications. The company is looking for a solution that can isolate its applications and provide a secure environment for development and testing.
Which security technology meets the needs of this company?
What is the role of the CPU in a computing environment?
Choose 2 answers
Which peripheral replaces the mouse on a mobile device?
An application team manages a large farm of web servers on virtual machines in the cloud. The team wants to reduce the server load by caching static content. Adding a second layer of protection is also a requirement.
What should this team recommend in this scenario?
A retail company has recently implemented a new point of sale (POS) system that is critical to its business.
Which security control is essential for protecting the availability of the POS system?
A company has recently implemented a hybrid cloud deployment. The security team has been notified about thousands of failed attempts to connect to routers and switches in the on-premises network. A solution must be implemented to block connections after three unsuccessful SSH attempts on any network device.
A healthcare provider is developing a disaster recovery plan and wants to determine the longest duration that its systems or applications can be down before causing significant damage to the business.
What is the term used to describe this metric?
What is scope creep?
Which life cycle is part of the process for planning, creating, testing, and deploying information systems?
Which characteristic identifies intranet application software?
What signals the development of scope creep?
A small start-up is setting up its first network, and it needs to ensure that its network security is adequate. The start-up is aware of the latest cybersecurity threats and the need for strong security measures. In addition to network security, the start-up wants to ensure that it has a disaster recovery plan in place in case of any unexpected events.
Which approach will meet the needs of the start-up?
A company has recently experienced a data breach in which customer information was stolen. The company is concerned about the potential for future data breaches. A review of the incident revealed that the breach originated from stolen credentials.
Which security measure will meet the needs of this company?
What is a characteristic of algorithms?
Which method is frequently used to protect software?
Which encryption technique can be used to enable a third-party provider to perform calculations on encrypted data without decrypting the data?
What is the typical organizing principle of a database?
An employee needs to execute a program from the command line.
Which peripheral device should be used?
Which block cipher mode of operation for encrypting data is simple and efficient but provides no confidentiality beyond that of the underlying block cipher?
A security team is investigating multiple man-in-the-middle (MITM) attacks that have taken place on the corporate network over the past few months. The team needs a solution that will ensure that data is not exposed if a man-in-the-middle attack occurs in the future.
Which action should an IT department take if an organization decides to expand its business by selling products online?
Which task is the responsibility of a database administrator?
What are three operating systems that are commonly used today?
Choose 3 answers
An organization's board of directors is reviewing the risk register and attempting to evaluate whether there is too much risk for the organization.
Which metric should the board review?
An insurance agency is concerned that some employees could be mishandling funds and covering it up. The agency wants to temporarily block these employees from working and ensure that operations continue.
Which strategy should the agency implement?
Why is business continuity planning essential?
Which IT department goal would support business goals?
A company has identified a potential risk associated with a new software implementation, which could result in a significant data breach.
Which step of the risk management life cycle involves implementing security controls to prevent the risk?
What type of a system requirement involves preventing unauthorized access to data?
Which encryption technique can be used to enable a third-party provider to perform calculations on encrypted data without decrypting the data?
An organization wants to implement a new encryption solution for a real-time video conferencing application. The organization wants to ensure that the encryption solution provides protection for the video stream without causing significant delays or latency in the conference.
Which type of encryption will meet the needs of the organization?
The security team has been notified about multiple man-in-the-middle (MITM) attacks happening on the wireless network over the past thirty days. Management has agreed to upgrade the network infrastructure to help eliminate these attacks.
The security team has been notified about multiple man-in-the-middle (MITM) attacks happening on the wireless network over the past thirty days. Management has agreed to upgrade the network infrastructure to help eliminate these attacks.
Which solution fulfills these requirements?
Which block cipher mode of operation for encrypting data is simple and efficient and provides no confidentiality beyond that of the underlying block cipher?
Management has asked its networking team to recommend a solution for direct communication between multiple virtual networks in the cloud. The solution must utilize the least amount of administrative effort.
A healthcare organization is required to comply with the Health Insurance Portability and Accountability Act (HIPAA), which regulates the privacy and security of personal health information. The organization uses simple network management protocol (SNMP) to manage and monitor its network devices.
Which security control will protect the confidentiality of network device information within this organization?
Which security technique should be used to prevent data exfiltration?
A consultancy organization has many employees who travel with different mobile devices. Having the employees visit an office to update their devices is not feasible due to their travel schedule.
How should the organization ensure that its employees receive the latest security updates?
What is a function of a proxy server?
A company is looking to monitor and detect any suspicious activity on its servers. The company wants to implement a security solution that can detect any unauthorized access or unusual activity on the servers.
Which security technology will meet the needs of this company?
Which risk management strategy will help defeat piracy efforts on a new patient management system?
A company is planning to implement a new cloud-based system to store sensitive customer information.
What should be identified in the first step of the risk management process for this project?
An IT organization has seen a surge of ransomware and Trojan horse attacks recently.
Which action should the security team recommend to protect the IT infrastructure from commodity malware threats?
Which device does a Local Area Network (LAN) need to communicate over the Internet?
A corporate website is currently being redesigned, which leaves it vulnerable to security threats. Management does not want to provide an attacker with any information about the web server. Which strategy should be used to prevent an attacker from gaining unauthorized information?
A company wants to ensure that the integrity of its systems is maintained during the startup process.
Which security technology can ensure the integrity of the system during startup by verifying that the system has not been compromised?
Which risk management strategy will ensure the secure configuration and deployment of a new online banking system and help prevent credit card fraud?
Which IT role is responsible for installing new hardware and troubleshooting existing hardware?
An IT organization needs to enable secure communication across virtual networks in Microsoft Azure and Amazon Web Services.
Which protocol will offer the most reliable and secure method for data transport?
A cybersecurity analyst at a manufacturing company is tasked with analyzing the indicators of compromise (IOCs) to identify potential threats and vulnerabilities within the organization. While viewing the security information and event management (SIEM), the analyst notices an unknown IP address logging on to the company's Secure Shell (SSH) server.
Which potential vulnerability is the manufacturing company facing?
Which system conversion method deploys the new system while the old system is still operational in order to compare output?
After a recent security assessment, it was discovered that many company devices have unnecessary ports opened to the network.
What should the company configure to fix this?
An on-call security engineer has been notified after business hours that a possible threat could be impacting production applications.
Which type of threat intelligence should be used by first responders?
A retail company wants to establish the frequency at which it needs to backup its critical data to ensure it can be restored in case of a disruption with the least amount of acceptable loss in recovery.
What is the term used to describe this metric?
Which protocol can be used to provide secure email communication and ensure the confidentiality, integrity, and authenticity of email messages?
Which type of services are Google Apps, Dropbox. and GoToMeeling?
A retail company has recently implemented a new point of sale (POS) system that is critical to its business.
Which security control is essential for protecting the availability of the POS system?
Which stream cipher is a variant of the Salsa20 cipher, designed to be fast, secure, and resistant to cryptanalysis, and is commonly used in combination with the Poly1305 authentication mode?
An engineer has noticed increased network traffic originating from an unknown internet protocol (IP) address.
Which action should be taken to analyze the unusual network traffic patterns?
The cybersecurity analyst at a hardware company conducted a vulnerability assessment to identify potential security risks to the organization and discovered multiple vulnerabilities on the company’s webpage. The analyst then provided the results to the Chief Information Security Officer (CISO), who then decided to decommission the website and create a new page with increased security controls.
Management has asked its networking team to recommend a solution for direct communication between multiple virtual networks in the cloud. The solution must utilize the least amount of administrative effort.
Which solution meets the requirements?
An IT organization has recently suffered multiple data breaches. The security operations center (SOC) team has been tasked with preventing future breaches by implementing user monitoring. The proposed solution must provide insights about unusual user behaviors from a variety of internal corporate resources.
Which solution meets the requirements?
An organization is experiencing multiple instances of attempted access from geographical locations where there are no corporate offices or staff.
What should a network administrator do to prevent further access attempts?
An IT organization recently implemented a hybrid cloud deployment. The security team must be able to correlate event data combined from different sources in a central location.
What is an information system?
A healthcare organization is concerned about the potential risks associated with unauthorized access to sensitive patient information on its endpoint devices. The organization has decided to implement hardening techniques and endpoint security controls to mitigate the risk.
Which hardening technique will meet the needs of this organization?
A financial institution conducted a cybersecurity assessment, which identified several vulnerabilities including outdated software and weak password policies. The company also needs to implement a new core banking system that can handle a large number of transactions while ensuring the security of customer data.
Which risk mitigation process is the most effective approach to address these vulnerabilities, and what is the best topology for the new core banking system?
The DevSecOps team for an organization manages a continuous integration and continuous deployment (CI/CD) pipeline for a three-tier web application. Management has asked the team toperform a series of comprehensive post-deployment tests to make sure that all of the components of the application can interact and function properly.
What should the team recommend?