- All Exams Instant Download
Which of the following enables the use of an input field to run commands that can view or manipulate data?
Which of the following enables the use of an input field to run commands that can view or manipulate data?A . Cross-site scriptingB . Side loadingC . Buffer overflowD . SQL injectionView AnswerAnswer: D Explanation: = SQL injection is a type of attack that enables the use of an input...
Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?
Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?A . InsiderB . Unskilled attackerC . Nation-stateD . HacktivistView AnswerAnswer: C Explanation: A nation-state is a threat actor that is sponsored by a government or a political...
Which of the following data classifications should be used to secure patient data?
A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?A . PrivateB . CriticalC . SensitiveD . PublicView AnswerAnswer: C Explanation: Data classification is a process of categorizing data...
Which of the following changes would allow users to access the site?
Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked. Which of the following changes would allow users to access the site?A . Creating a firewall rule to allow HTTPS trafficB ....
Which of the following describes this scenario?
The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?A . Shadow ITB . Insider threatC . Data exfiltrationD . Service disruptionView AnswerAnswer: A Explanation: Shadow IT is the term used to describe the use of unauthorized or...
Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?
A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?A . encryption=offB . http://C . www.*.comD . :443View AnswerAnswer: B Explanation: A web filter is...
Which of the following is the best option?
A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?A . Send out periodic security reminders.B . Update the content of new hire documentation.C . Modify the content of recurring training....
Which of the following social engineering techniques are being attempted?
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.) A. Typosquatting B. Phishing C. Impersonation D. Vishing E. Smishing F. MisinformationView AnswerAnswer: B E Explanation:...
Which of the following should the analyst do?
A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following...
Which of the following is the most important consideration during development?
A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development?A . ScalabilityB . AvailabilityC . CostD . Ease of deploymentView AnswerAnswer: B Explanation: Availability is the ability of a system or service...
