Which of the following should the engineer report as the ARO for successful breaches?

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?A . 0.5B . 8C . 50D . 36,500View...

January 25, 2025 No Comments READ MORE +

Which of the following ciphers should the security analyst remove to support the business requirements?

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration: Which of the following ciphers should the security analyst remove to support the business requirements?A . TLS_AES_128_CCM_8_SHA256B ....

January 25, 2025 No Comments READ MORE +

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time. Which of the following BEST describes the reason why utilizing a source code escrow...

January 24, 2025 No Comments READ MORE +

Which of the following techniques would be BEST suited for this requirement?

A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run...

January 23, 2025 No Comments READ MORE +

Which of the following solutions should the security engineer recommend to address these requirements?

A security engineer needs to recommend a solution that will meet the following requirements: Identify sensitive data in the provider’s network Maintain compliance with company and regulatory guidelines Detect and respond to insider threats, privileged user threats, and compromised accounts Enforce datacentric security, such as encryption, tokenization, and access control...

January 22, 2025 No Comments READ MORE +

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels. Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?A . Spawn a shell using...

January 22, 2025 No Comments READ MORE +

Which of the following should the engineer report as the ARO for successful breaches?

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?A . 0.5B . 8C . 50D . 36,500View...

January 22, 2025 No Comments READ MORE +

Based on RPO requirements, which of the following recommendations should the management team make?

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the...

January 21, 2025 No Comments READ MORE +

Which of the following is MOST likely the root cause?

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?A . The client application...

January 20, 2025 No Comments READ MORE +

Which of the following BEST sets expectation between the security team and business units within an organization?

Which of the following BEST sets expectation between the security team and business units within an organization?A . Risk assessmentB . Memorandum of understandingC . Business impact analysisD . Business partnership agreementE . Services level agreementView AnswerAnswer: E Explanation: A service level agreement (SLA) is the best option to set...

March 28, 2024 No Comments READ MORE +