Question 661
Which of the following techniques is MOST useful when dealing with advanced persistent threat (APT) intrusions on live virtualized environments?
A. Memory forensics
B. Logfile analysis
C. Reverse engineering
D. Antivirus operations
Question 662
Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user realizing it?
A. Process injection
B. Cross-Site request forgery (CSRF)
C. Cross-Site Scripting (XSS)
D. Broken Authentication And Session Management
Question 663
A scan report returned multiple vulnerabilities affecting several production servers that are mission critical. Attempts to apply the patches in the development environment have caused the servers to crash. What is the BEST course of action?
A. Mitigate the risks with compensating controls.
B. Upgrade the software affected by the vulnerability.
C. Remove the affected software from the servers.
D. Inform management of possible risks.
Question 664
A security professional has reviewed a recent site assessment and has noted that a server room on the second floor of a building has Heating, Ventilation, and Air Conditioning (HVAC) intakes on the ground level that have ultraviolet light filters installed, Aero-K Fire suppression in the server room, and pre-action fire suppression on floors above the server room. Which of the following changes can the security professional recommend to reduce risk associated with these conditions?
A. Remove the ultraviolet light filters on the HVAC intake and replace the fire suppression system on the upper floors with a dry system
B. Elevate the HVAC intake by constructing a plenum or external shaft over it and convert the server room fire suppression to a pre-action system
C. Add additional ultraviolet light filters to the HVAC intake supply and return ducts and change server room fire suppression to FM-200
D. Apply additional physical security around the HVAC intakes and update upper floor fire suppression to FM-200
Question 665
Which of the following is the MOST common use of the Online Certificate Status Protocol (OCSP)?
A. To verify the validity of an X.509 digital certificate
B. To obtain the expiration date of an X.509 digital certificate
C. To obtain the revocation status of an X.509 digital certificate
D. To obtain the author name of an X.509 digital certificate
Question 666
A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language (SAML). What is the PRIMARY security benefit in switching to SAML?
A. It enables single sign-on (SSO) for web applications.
B. It uses Transport Layer Security (TLS) to address confidentiality.
C. It limits unnecessary data entry on web forms.
D. The users’ password is not passed during authentication.
Question 667
An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to migrate the application into the cloud, but is concerned about the application security of the software in the organization’s dedicated environment with a cloud service provider. What is the BEST way to prevent and correct the software’s security weaknesses?
A. Follow the software end-of-life schedule
B. Implement a dedicated COTS sandbox environment
C. Transfer the risk to the cloud service provider
D. Examine the software updating and patching process
Question 668
What type of database attack would allow a customer service employee to determine quarterly sales results before they are publicly announced?
A. Inference
B. Aggregation
C. Polyinstantiation
D. Data mining
Question 669
In a multi-tenant cloud environment, what approach will secure logical access to assets?
A. Controlled configuration management (CM)
B. Transparency/Auditability of administrative access
C. Virtual private cloud (VPC)
D. Hybrid cloud
Question 670
An information technology (IT) employee who travels frequently to various countries remotely connects to an organization’s resources to troubleshoot problems. Which of the following solutions BEST serves as a secure control mechanism to meet the organization’s requirements?
A. Install a third-party screen sharing solution that provides remote connection from a public website.
B. Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access.
C. Implement a Dynamic Domain Name Services (DDNS) account to initiate a virtual private network (VPN) using the DDNS record.
D. Update the firewall rules to include the static Internet Protocol (IP) addresses of the locations where the employee connects from.
Question 671
Which of the following is the BEST way to determine the success of a patch management process?
A. Change management
B. Configuration management (CM)
C. Analysis and impact assessment
D. Auditing and assessment
Question 672
An organization has discovered that organizational data is posted by employees to data storage accessible to the general public. What is the PRIMARY step an organization must take to ensure data is properly protected from public release?
A. Implement a user reporting policy.
B. Implement a data encryption policy.
C. Implement a user training policy.
D. Implement a data classification policy.
Question 673
A security engineer is required to integrate security into a software project that is implemented by small groups that quickly, continuously, and independently develop, test, and deploy code to the cloud. The engineer will MOST likely integrate with which software development process?
A. Devops Integrated Product Team (IPT)
B. Structured Waterfall Programming Development
C. Service-oriented architecture (SOA)
D. Spiral Methodology
Question 674
Which of the following is the BEST method to identify security controls that should be implemented for a web-based application while in development?
A. Agile software development
B. Secure software development
C. Application threat modeling
D. Penetration testing
Question 675
Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
A. Data Link and Physical Layers
B. Session and Network Layers
C. Transport Layer
D. Application, Presentation, and Session Layers
Question 676
An organization’s retail website provides its only source of revenue, so the disaster recovery plan (DRP) must document an estimated time for each step in the plan. Which of the following steps in the DRP will list the GREATEST duration of time for the service to be fully operational?
A. Update the Network Address Translation (NAT) table.
B. Update Domain Name System (DNS) server addresses with domain registrar.
C. Update the Border Gateway Protocol (BGP) autonomous system number.
D. Update the web server network adapter configuration.
Question 677
In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware?
A. Disallow untested code in the execution space of the SCADA device.
B. Disable all command line interfaces.
C. Disable Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port 138 and 139 on the SCADA device.
D. Prohibit the use of unsecure scripting languages.
Question 678
Which of the following secure transport protocols is often used to secure Voice over Internet Protocol (VoIP) communications on a network from end to end?
A. Secure File Transfer Protocol (SFTP)
B. Secure Real-time Transport Protocol (SRTP)
C. Generic Routing Encapsulation (GRE)
D. Internet Protocol Security (IPSec)
Question 679
A healthcare insurance organization chose a vendor to develop a software application. Upon review of the draft contract, the information security professional notices that software security is not addressed. What is the BEST approach to address the issue?
A. Update the contract to require the vendor to perform security code reviews.
B. Update the service level agreement (SLA) to provide the organization the right to audit the vendor.
C. Update the contract so that the vendor is obligated to provide security capabilities.
D. Update the service level agreement (SLA) to require the vendor to provide security capabilities.
Question 680
Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud-based application?
A. Host-based intrusion prevention system (HIPS)
B. Access control list (ACL)
C. Data loss prevention (DLP)
D. File integrity monitoring (FIM)