Which of the following is a hardware-specific vulnerability?
Which of the following is a hardware-specific vulnerability?A . Firmware versionB . Buffer overflowC . SQL injectionD . Cross-site scriptingView AnswerAnswer: A Explanation: Firmware is a type of software that is embedded in a hardware device, such as a router, a printer, or a BIOS chip. Firmware controls the basic...
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?A . Risk toleranceB . Risk transferC . Risk registerD . Risk analysisView AnswerAnswer: C Explanation: A risk register is a document that records and tracks the risks associated with a project, system,...
Which of the following is the most effective way to limit this access?
A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?A . Data maskingB . EncryptionC . Geolocation policyD . Data sovereignty regulationView...
Which of the following security control types does an acceptable use policy best represent?
Which of the following security control types does an acceptable use policy best represent?A . DetectiveB . CompensatingC . CorrectiveD . PreventiveView AnswerAnswer: D Explanation: An acceptable use policy (AUP) is a set of rules that govern how users can access and use a corporate network or the internet. The...
Which of the following should the hosting provider consider first?
A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?A . Local data protection regulationsB . Risks from hackers residing in other countriesC . Impacts to existing contractual obligationsD . Time zone differences in log correlationView...
Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?
A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?A . encryption=offB . http://C . www.*.comD . :443View AnswerAnswer: B Explanation: A web filter is...
Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?
Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?A . InsiderB . Unskilled attackerC . Nation-stateD . HacktivistView AnswerAnswer: C Explanation: A nation-state is a threat actor that is sponsored by a government or a political...
Which of the following should a security administrator adhere to when setting up a new set of firewall rules?
Which of the following should a security administrator adhere to when setting up a new set of firewall rules?A . Disaster recovery planB . Incident response procedureC . Business continuity planD . Change management procedureView AnswerAnswer: D Explanation: A change management procedure is a set of steps and guidelines that...
Which of the following data classifications should be used to secure patient data?
A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?A . PrivateB . CriticalC . SensitiveD . PublicView AnswerAnswer: C Explanation: Data classification is a process of categorizing data...
Which of the following is the best explanation for what the security analyst has discovered?
A security analyst reviews domain activity logs and notices the following: Which of the following is the best explanation for what the security analyst has discovered?A . The user jsmith's account has been locked out.B . A keylogger is installed on [smith's workstationC . An attacker is attempting to brute...