| Question.21 To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL? (A) Include stable, long-term releases of third-party libraries instead of using newer versions. (B) Ensure the third-party library implements the TLS and disable weak ciphers. (C) Compile third-party libraries into the main code statically instead of using dynamic loading. (D) Implement an ongoing, third-party software and library review and regression testing. |
21. Click here to View Answer
Answer: D
| Question.22 A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user’s actions. An investigator took a forensic image of the VM and downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government? (A) Encryption in transit (B) Legal issues (C) Chain of custody (D) Order of volatility (E) Key exchange |
22. Click here to View Answer
Answer: C
| Question.23 A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines: Must have a minimum of 15 characters Must use one number Must use one capital letter Must not be one of the last 12 passwords used Which of the following policies should be added to provide additional security? (A) Shared accounts (B) Password complexity (C) Account lockout (D) Password history (E) Time-based logins |
23. Click here to View Answer
Answer: C
| Question.24 A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment. Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant? (A) NAC to control authorized endpoints (B) FIM on the servers storing the data (C) A jump box in the screened subnet (D) A general VPN solution to the primary network |
24. Click here to View Answer
Answer: D
| Question.25 A security operations center analyst is investigating anomalous activity between a database server and an unknown external IP address and gathered the following data: dbadmin last logged in at 7:30 a.m. and logged out at 8:05 a.m. A persistent TCP/6667 connection to the external address was established at 7:55 a.m. The connection is still active. Other than bytes transferred to keep the connection alive, only a few kilobytes of data transfer every hour since the start of the connection. A sample outbound request payload from PCAP showed the ASCII content: JOIN #community. Which of the following is the MOST likely root cause? (A) A SQL injection was used to exfiltrate data from the database server. (B) The system has been hijacked for cryptocurrency mining. (C) A botnet Trojan is installed on the database server. (D) The dbadmin user is consulting the community for help via Internet Relay Chat. |
25. Click here to View Answer
Answer: C