A company is looking to monitor and detect any suspicious activity on its servers. The company wants to implement a security solution that can detect any unauthorized access or unusual activity on the servers.
Which security technology will meet the needs of this company?
An organization wants to ensure that its website is free of certain vulnerabilities before the final hand-off to the client.
What testing method should the organization use to inspect traffic to detect potential issues?
The development team has requested permission to use several open-source libraries to build a corporate web application.
Which resource can the security team recommend to ensure these libraries can be trusted?
A small online retailer stores customer information, product inventory, and financial data on its local servers.
What are the necessary components of a business continuity and disaster recovery plan for this company?
A government agency is planning a hybrid cloud deployment. Strict controls must be in place that can label classified data. The solution must ensure that access rights will be granted based on the user's government security classification.
Which type of access control should be used?
What are three operating systems that are commonly used today?
Choose 3 answers
An IT organization has recently migrated its servers to the cloud. The security team needs to delegate administrative control of multiple cloud services to various administrators inside the company. This team needs a granular solution that will offer the most flexibility while maintaining a secure posture.
What is the best solution?
A consultancy organization has many employees who travel with different mobile devices. Having the employees visit an office to update their devices is not feasible due to their travel schedule.
How should the organization ensure that its employees receive the latest security updates?
A retail company wants to establish the frequency at which it needs to backup its critical data to ensure it can be restored in case of a disruption with the least amount of acceptable loss in recovery.
What is the term used to describe this metric?
A government agency needs to deploy a secure network connection between its offices in Chicago and New York.
What should be used to facilitate this connection?
How can the organizational culture support ethical guidelines?
Which technique allows someone to obtain a password while it is in transit?
A software development company is concerned about the potential risks associated with exploits that target vulnerabilities in the Linux operating system used by the company's servers. The company has decided to implement hardening techniques and endpoint security controls to mitigate the risk.
Which hardening technique will meet the needs of this company?
Which IT department goal would support business goals?
A government agency is required to comply with the Federal Information Security Modernization Act (FISMA), which establishes security requirements for federal information systems. The agency needs to secure its external network, which connects to the internet and is used by employees, contractors, and other authorized personnel.
Which security control will secure the external network and protect against unauthorized access?
Which operation converts raw data into information?
A company has recently experienced a data breach in which customer information was stolen. The company is concerned about the potential for future data breaches. A review of the incident revealed that the breach originated from stolen credentials.
Which security measure will meet the needs of this company?
A project manager is working on a project that involves securing the network of a tall building. The manager is tasked with managing these risks effectively to ensure the successful completion of the project within a given time frame and budget. The manager identified multiple potential risks associated with the project.
What is the next step in the risk management life cycle?
A company is planning to implement a new cloud-based system to store sensitive customer information.
What should be identified in the first step of the risk management process for this project?
How are IT and globalization related?
A security engineer has been asked to audit unapproved changes that have recently taken place in a corporate application.
Which logging mechanism will create an audit trail?
An organization is experiencing multiple instances of attempted access from geographical locations where there are no corporate offices or staff.
What should a network administrator do to prevent further access attempts?
A government agency is evaluating its business continuity plan to ensure that its operations can continue during a crisis.
What is the term used to describe the critical services that must be maintained during a disruption?
What is a component of IT infrastructure?
What is one purpose of an End User License Agreement?
An organization wants to implement a new encryption solution for a real-time video conferencing application. The organization wants to ensure that the encryption solution provides protection for the video stream without causing significant delays or latency in the conference.
Which type of encryption will meet the needs of the organization?
Which type of systems testing includes having end users test the system with simulated data and the help of the developer?
An engineer has noticed increased network traffic originating from an unknown internet protocol (IP) address.
Which action should be taken to analyze the unusual network traffic patterns?
A cloud service provider is concerned about the potential risks associated with hardware-based attacks on its virtual machines. The provider has decided to implement hardening techniques and endpoint security controls to mitigate the risk.
Which hardening technique will meet the needs of this provider?
Why should an information technology (IT) professional be aware of professional associations?
A company wants to improve the security of its software development process and reduce the risk of vulnerabilities in its applications. The company is looking for a solution that can isolate its applications and provide a secure environment for development and testing.
Which security technology meets the needs of this company?
Which type of communications media uses light waves to transmit data?
An insurance agency is concerned that some employees could be mishandling funds and covering it up. The agency wants to temporarily block these employees from working and ensure that operations continue.
Which strategy should the agency implement?
What type of software utilizes a commercial software license?
A software development company has experienced a noticeable slowdown in its network performance, which suggests that some machines on the network may have been infected by a botnet. The company has decided to analyze the threats and vulnerabilities within the enterprise based on the indicators of compromise to mitigate the risk.
What should the company do to detect a botnet and other malware-based threats within the enterprise based on the indicators of compromise?
Which action should an IT department take if an organization decides to expand its business by selling products online?
After a recent security assessment, it was discovered that many company devices have unnecessary ports opened to the network.
What should the company configure to fix this?
What signals the development of scope creep?
A retail company has recently implemented a new point of sale (POS) system that is critical to its business.
Which security control is essential for protecting the availability of the POS system?
Which system conversion method deploys the new system while the old system is still operational in order to compare output?
A software development company is required to comply with the Payment Card Industry Data Security Standard (PCI DSS), which sets requirements for the protection of cardholder data. The company uses Secure Shell (SSH) to connect to its cloud-based development environment, which contains cardholder data.
Which security control will meet the needs of the company?
During a vulnerability assessment, several end-of-life operating systems were discovered within the environment.
Which action should be taken to resolve the issue?
Which risk management strategy will help defeat piracy efforts on a new patient management system?
Which software allows the user to easily access the hardware of a computer?
What is the role of the CPU in a computing environment?
Choose 2 answers
A company is developing a new mobile application to support external customers and contractors. The application needs to allow users to sign in using third-party social identities.
What is the best protocol?
A large healthcare provider is acquiring a small clinic and has identified a full understanding of the clinic's organizational risks. The large provider has several tools it can implement to reduce the clinic's identified risks.
Which type of risk response should the healthcare provider use?
An organization wants to secure remote access to its servers and is looking for a secure protocol that can provide encryption and strong authentication. The organization wants to ensure that its servers can only be accessed by authorized users and that the data exchanged during the session is encrypted.
Which protocol meets the needs of the organization?
An employee needs to execute a program from the command line.
Which peripheral device should be used?
A company has identified a potential risk associated with a new software implementation, which could result in a significant data breach.
Which step of the risk management life cycle involves implementing security controls to prevent the risk?
A small start-up is setting up its first network, and it needs to ensure that its network security is adequate. The start-up is aware of the latest cybersecurity threats and the need for strong security measures. In addition to network security, the start-up wants to ensure that it has a disaster recovery plan in place in case of any unexpected events.
Which approach will meet the needs of the start-up?
A professional services organization deployed security edge devices in key locations on its corporate network.
How will these devices improve the organization's security posture?
What does the following SQL statement produce when executed?
SELECT ‘ FROM Customers
WHERE State = ’Arizona';