Which of the following would BEST secure the company’s CI/CD pipeline?

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company’s CI/CD pipeline?A . Utilizing a trusted secrets managerB . Performing DAST on a weekly basisC . Introducing the use of container orchestrationD . Deploying instance...

March 22, 2024 No Comments READ MORE +

Which of the following processes can be used to identify potential prevention recommendations?

An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented. Which of the following processes can be used to identify potential prevention recommendations?A . DetectionB . RemediationC . PreparationD . RecoveryView AnswerAnswer: C Explanation: Preparation...

March 22, 2024 No Comments READ MORE +

Which of the following technologies would mitigate the manipulation of memory segments?

A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation: graphic.linux_randomization.prg Which of the following technologies would mitigate the manipulation of memory segments?A . NX bitB . ASLRC . DEPD . HSMView AnswerAnswer: B Explanation: https://eklitzke.org/memory-protection-and-aslr ASLR (Address Space Layout Randomization)...

March 22, 2024 No Comments READ MORE +

Which of the following would be the BEST solution against this type of attack?

A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks. Which of the following would be the BEST solution against this...

March 22, 2024 No Comments READ MORE +

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away. Which of...

March 22, 2024 No Comments READ MORE +

An organization is planning for disaster recovery and continuity of operations

DRAG DROP An organization is planning for disaster recovery and continuity of operations. INSTRUCTIONS Review the following scenarios and instructions. Match each relevant finding to the affected host. After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding. Each finding...

March 22, 2024 No Comments READ MORE +

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?A . Lattice-based cryptographyB . Quantum computingC . Asymmetric cryptographyD . Homomorphic encryptionView AnswerAnswer: D Explanation: Reference: https://searchsecurity.techtarget.com/definition/cryptanalysis Homomorphic encryption is a type of encryption that allows computation and analysis of data within...

March 22, 2024 No Comments READ MORE +

Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?

An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment. Which of the following BEST describes the reason why traditional...

March 21, 2024 No Comments READ MORE +

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key. Which of the following would BEST secure the REST API connection to the database while preventing the use...

March 21, 2024 No Comments READ MORE +

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time. Which of the following BEST describes the reason why utilizing a source code escrow...

March 21, 2024 No Comments READ MORE +