| Question.1 A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open- source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away. Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed? (A) Scan the code with a static code analyzer, change privileged user passwords, and provide security training. (B) Change privileged usernames, review the OS logs, and deploy hardware tokens. (C) Implement MFA, review the application logs, and deploy a WAF. (D) Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities. |
1. Click here to View Answer
Answer: D
| Question.2 A company has instituted a new policy in which all outbound traffic must go over TCP ports 80 and 443 for all its managed mobile devices. No other IP traffic is allowed to be initiated from a device. Which of the following should the organization consider implementing to ensure internet access continues without interruption? (A) CYOD (B) MDM (C) WPA3 (D) DoH |
2. Click here to View Answer
Answer: D
| Question.3 A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements: Support all phases of the SDLC. Use tailored website portal software. Allow the company to build and use its own gateway software. Utilize its own data management platform. Continue using agent-based security tools. Which of the following cloud-computing models should the CIO implement? (A) SaaS (B) PaaS (C) MaaS (D) IaaS |
3. Click here to View Answer
Answer: D
| Question.4 A digital forensics expert has obtained an ARM binary suspected of including malicious behavior. The expert would like to trace and analyze the ARM binarys execution. Which of the following tools would BEST support this effort? (A) objdump (B) OllyDbg (C) FTK Imager (D) Ghidra |
4. Click here to View Answer
Answer: B
| Question.5 A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis. Which of the following steps would be best to perform FIRST? (A) Turn off the infected host immediately. (B) Run a full anti-malware scan on the infected host. (C) Modify the smb.conf file of the host to prevent outgoing SMB connections. (D) Isolate the infected host from the network by removing all network connections. |
5. Click here to View Answer
Answer: D