Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Device event logs sources from MDM software as follows: Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?A . Malicious installation of an application; change the MDM configuration to remove application ID 1220.B . Resource leak; recover the...

January 31, 2025 No Comments READ MORE +

A company requires a task to be carried by more than one person concurrently. This is an example of:

A company requires a task to be carried by more than one person concurrently. This is an example of:A . separation of d duties.B . dual controlC . least privilegeD . job rotationView AnswerAnswer: B Explanation: Dual control is a security principle that requires two or more authorized individuals to...

January 30, 2025 No Comments READ MORE +

Which of the following would satisfy the requirement?

A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic. Which of the following would satisfy the requirement?A . NIDSB . NIPSC . WAFD ....

January 28, 2025 No Comments READ MORE +

Which of the following should the engineer report as the ARO for successful breaches?

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?A . 0.5B . 8C . 50D . 36,500View...

January 28, 2025 No Comments READ MORE +

Which of the following would BEST secure the company’s CI/CD pipeline?

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company’s CI/CD pipeline?A . Utilizing a trusted secrets managerB . Performing DAST on a weekly basisC . Introducing the use of container orchestrationD . Deploying instance...

January 27, 2025 No Comments READ MORE +

Which of the following is the BEST solution to meet these objectives?

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive...

January 27, 2025 No Comments READ MORE +

Which of the following phases establishes the identification and prioritization of critical systems and functions?

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items. Which of the following phases establishes the identification and prioritization of critical systems and functions?A . Review a recent gap analysis.B . Perform a cost-benefit analysis.C . Conduct a business impact...

January 27, 2025 No Comments READ MORE +

Which of the following should the engineer report as the ARO for successful breaches?

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?A . 0.5B . 8C . 50D . 36,500View...

January 25, 2025 No Comments READ MORE +

Which of the following ciphers should the security analyst remove to support the business requirements?

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration: Which of the following ciphers should the security analyst remove to support the business requirements?A . TLS_AES_128_CCM_8_SHA256B ....

January 25, 2025 No Comments READ MORE +

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time. Which of the following BEST describes the reason why utilizing a source code escrow...

January 24, 2025 No Comments READ MORE +