QUESTION NO: 1
As part of an internal banking project, a developer configured a new SSO solution between the company's native application, API gateway, and identity provider. All the traffic has been configured to be encrypted at rest and in transit. During a security review of the solution the developer highlights the requirements around long-lived sessions to support the digital experience. A security analyst is reviewing the solution. Which of the following controls should the analyst recommend to the developer ? (Select TWO.)
As part of an internal banking project, a developer configured a new SSO solution between the company's native application, API gateway, and identity provider. All the traffic has been configured to be encrypted at rest and in transit. During a security review of the solution the developer highlights the requirements around long-lived sessions to support the digital experience. A security analyst is reviewing the solution. Which of the following controls should the analyst recommend to the developer ? (Select TWO.)
Correct Answer: A,B
Vote an answer
QUESTION NO: 2
A company provides wireless connectivity to the internal network from all physical locations for company-owned devices. Users were able to connect the day before, but now all users have reported that when they connect to an access point in the conference room, they cannot access company resources. Which of the following BEST describes the cause of the problem?
A company provides wireless connectivity to the internal network from all physical locations for company-owned devices. Users were able to connect the day before, but now all users have reported that when they connect to an access point in the conference room, they cannot access company resources. Which of the following BEST describes the cause of the problem?
Correct Answer: D
Vote an answer
QUESTION NO: 3
Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter.
The access records are used to identify which staff members accessed the data center in the event of equipment theft.
Which of the following MUST be prevented in order for this policy to be effective?
Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter.
The access records are used to identify which staff members accessed the data center in the event of equipment theft.
Which of the following MUST be prevented in order for this policy to be effective?
Correct Answer: A
Vote an answer
QUESTION NO: 4
An analyst was testing the latest version of an internally developed CRM system. The analyst created a basic user account. Using a few tools in Kali's latest distribution, the analyst was able to access configuration files, change permissions on folders and groups, and delete and create new system objects. Which of the following techniques did the analyst use to perform these unauthorized activities?
An analyst was testing the latest version of an internally developed CRM system. The analyst created a basic user account. Using a few tools in Kali's latest distribution, the analyst was able to access configuration files, change permissions on folders and groups, and delete and create new system objects. Which of the following techniques did the analyst use to perform these unauthorized activities?
Correct Answer: D
Vote an answer
QUESTION NO: 5
The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the head of the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?
The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the head of the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?
Correct Answer: D
Vote an answer
QUESTION NO: 6
A cybersecurity analyst is currently auditing a new Active Directory server for compliance. The analyst uses Nessus to do the initial scan, and Nessus reports the following:
Which of the following critical vulnerabilities has the analyst discovered?
A cybersecurity analyst is currently auditing a new Active Directory server for compliance. The analyst uses Nessus to do the initial scan, and Nessus reports the following:
Which of the following critical vulnerabilities has the analyst discovered?
Correct Answer: A
Vote an answer
QUESTION NO: 7
In an effort to be proactive, an analyst has run an assessment against a sample workstation before auditors visit next month. The scan results are as follows:
Based on the output of the scan, which of the following is the BEST answer?
In an effort to be proactive, an analyst has run an assessment against a sample workstation before auditors visit next month. The scan results are as follows:
Based on the output of the scan, which of the following is the BEST answer?
Correct Answer: D
Vote an answer
QUESTION NO: 8
A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines.
Which of the following represents a FINAL step in the eradication of the malware?
A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines.
Which of the following represents a FINAL step in the eradication of the malware?
Correct Answer: D
Vote an answer
QUESTION NO: 9
A security analyst received an alert from the antivirus software identifying a complex instance of malware on a company's network. The company does not have the resources to fully analyze the malware and determine its effect on the system. Which of the following is the BEST action to take in the incident recovery and post-incident response process?
A security analyst received an alert from the antivirus software identifying a complex instance of malware on a company's network. The company does not have the resources to fully analyze the malware and determine its effect on the system. Which of the following is the BEST action to take in the incident recovery and post-incident response process?
Correct Answer: A
Vote an answer