Which of the following actions would BEST resolve the issue?
A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.)A . Conduct input sanitization.B . Deploy...
Which of the following is the MOST likely cause?
A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application. Which of the following is the MOST likely cause?A . The user agent...
Which of the following should the security engineer do to BEST manage the threats proactively?
A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information. Which of the following should the security engineer do to BEST manage the threats proactively?A . Join an information-sharing community that is relevant to...
Which of the following would BEST mitigate this vulnerability?
A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests: Which of the following would BEST mitigate this vulnerability?A . CAPTCHAB . Input validationC . Data encodingD . Network intrusion...
An organization is planning for disaster recovery and continuity of operations
DRAG DROP An organization is planning for disaster recovery and continuity of operations. INSTRUCTIONS Review the following scenarios and instructions. Match each relevant finding to the affected host. After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding. Each finding...
Which of the following should the company use to make this determination?
A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign. Which of the following should the company use to make this determination?A . Threat huntingB . A system penetration testC ....
Which of the following are risks associated with vendor lock-in? (Choose two.)
Which of the following are risks associated with vendor lock-in? (Choose two.)A . The client can seamlessly move data.B . The vendor can change product offerings.C . The client receives a sufficient level of service.D . The client experiences decreased quality of service.E . The client can leverage a multicloud...
Which of the following threat management frameworks should the team implement?
A threat hunting team receives a report about possible APT activity in the network. Which of the following threat management frameworks should the team implement?A . NIST SP 800-53B . MITRE ATT&CKC . The Cyber Kill ChainD . The Diamond Model of Intrusion AnalysisView AnswerAnswer: B Explanation: MITRE ATT&CK is...
Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?
An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information. Which of the following provides the BEST guidance for protecting such information while it is at...
Which of the following should the company use to prevent data theft?
A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs. Which of the following should the company use to prevent data theft?A . WatermarkingB . DRMC . NDAD . Access loggingView AnswerAnswer: B Explanation: DRM (digital rights management) is a technology that...