| Question.6 An organization collects personal data from its global customers. The organization determines how that data is going to be used, why it is going to be used, and how it is manipulated for business processes. Which of the following will the organization need in order to comply with GDPR? (Choose two.) (A) Data processor (B) Data custodian (C) Data owner (D) Data steward (E) Data controller (F) Data manager |
6. Click here to View Answer
Answer: AE
| Question.7 An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice. Which of the following should the organization consider FIRST to address this requirement? (A) Implement a change management plan to ensure systems are using the appropriate versions. (B) Hire additional on-call staff to be deployed if an event occurs. (C) Design an appropriate warm site for business continuity. (D) Identify critical business processes and determine associated software and hardware requirements. |
7. Click here to View Answer
Answer: C
| Question.8 A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company’s CI/CD pipeline? (A) Utilizing a trusted secrets manager (B) Performing DAST on a weekly basis (C) Introducing the use of container orchestration (D) Deploying instance tagging |
8. Click here to View Answer
Answer: A
| Question.9 A security engineer is reviewing a record of events after a recent data breach incident that involved the following: A hacker conducted reconnaissance and developed a footprint of the companys Internet-facing web application assets. A vulnerability in a third-party library was exploited by the hacker, resulting in the compromise of a local account. The hacker took advantage of the accounts excessive privileges to access a data store and exfiltrate the data without detection. Which of the following is the BEST solution to help prevent this type of attack from being successful in the future? (A) Dynamic analysis (B) Secure web gateway (C) Software composition analysis (D) User behavior analysis (E) Stateful firewall |
9. Click here to View Answer
Answer: C
| Question.10 A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes. Which of the following should a security architect recommend? (A) A DLP program to identify which files have customer data and delete them (B) An ERP program to identify which processes need to be tracked (C) A CMDB to report on systems that are not configured to security baselines (D) A CRM application to consolidate the data and provision access based on the process and need |
10. Click here to View Answer
Answer: C