Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?
An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information. Which of the following provides the BEST guidance for protecting such information while it is at...
Which of the following solutions should the security team implement to mitigate the risk of data loss?
An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following: Unstructured data being exfiltrated after an employee leaves the...
Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments?
A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios: Unauthorized insertions into application development environments Authorized insiders making unauthorized changes to environment configurations Which...
Which of the following sources could the architect consult to address this security concern?
A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks. Which of the following sources could...
Which of the following should be modified to prevent the issue from reoccurring?
A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services. Which of the following should be modified to prevent the issue from reoccurring?A . Recovery point objectiveB . Recovery time objectiveC...
Which of the following actions would BEST resolve the issue?
A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.)A . Conduct input sanitization.B . Deploy...
Which of the following are risks associated with vendor lock-in? (Choose two.)
Which of the following are risks associated with vendor lock-in? (Choose two.)A . The client can seamlessly move data.B . The vendor can change product offerings.C . The client receives a sufficient level of service.D . The client experiences decreased quality of service.E . The client can leverage a multicloud...
Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?
While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were...
Based on RPO requirements, which of the following recommendations should the management team make?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the...
Which of the following is the BEST option to resolve the board’s concerns for this email migration?
A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following. * Transactions being required by...