NEW QUESTION 234
An organization is facing budget constraints The Chief Technology Officer (CTO) wants to add a new marketing platform but the organization does not have the resources to obtain separate servers to run the new platform.
The CTO recommends running the new marketing platform on a virtualized video-conferencing server because video conferencing is rarely used.
The Chief Information Security Officer (CISO) denies this request.
Which of the following BEST explains the reason why the CISO has not approved the request?

NEW QUESTION 235
To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within Its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?

NEW QUESTION 236
A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.
Which of the following is t he NEXT step of the incident response plan?

NEW QUESTION 237
A company based in the United States holds insurance details of EU citizens.
Which of the following must be adhered to when processing EU citizens’ personal, private, and confidential data?

NEW QUESTION 238
A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:
Unauthorized insertions into application development environments
Authorized insiders making unauthorized changes to environment configurations Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

NEW QUESTION 239
A product development team has submitted code snippets for review prior to release.
INSTRUCTIONS
Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.
Code Snippet 1

Code Snippet 2

Vulnerability 1:
SQL injection
Cross-site request forgery
Server-side request forgery
Indirect object reference
Cross-site scripting
Fix 1:
Perform input sanitization of the userid field.
Perform output encoding of queryResponse,
Ensure usex:ia belongs to logged-in user.
Inspect URLS and disallow arbitrary requests.
Implement anti-forgery tokens.
Vulnerability 2
1) Denial of service
2) Command injection
3) SQL injection
4) Authorization bypass
5) Credentials passed via GET
Fix 2
A) Implement prepared statements and bind
variables.
B) Remove the serve_forever instruction.
C) Prevent the “authenticated” value from being overridden by a GET parameter.
D) HTTP POST should be used for sensitive parameters.
E) Perform input sanitization of the userid field.

NEW QUESTION 240
Which of the following BEST sets expectation between the security team and business units within an organization?

NEW QUESTION 241
A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee’ PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

NEW QUESTION 242
Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?

NEW QUESTION 243
A customer reports being unable to connect to a website at www.test.com to consume services. The customer notices the web application has the following published cipher suite:

Which of the following is the MOST likely cause of the customer’s inability to connect?

NEW QUESTION 244
Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

NEW QUESTION 245
An organization’s senior security architect would like to develop cyberdefensive strategies based on standardized adversary techniques, tactics, and procedures commonly observed. Which of the following would BEST support this objective?

NEW QUESTION 246
A security engineer needs to select the architecture for a cloud database that will protect an organization’s sensitive dat a. The engineer has a choice between a single-tenant or a multitenant database architecture offered by a cloud vendor. Which of the following best describes the security benefits of the single-tenant option? (Select two).

NEW QUESTION 247
A city government’s IT director was notified by the city council that the following cybersecurity requirements must be met to be awarded a large federal grant:
– Logs for all critical devices must be retained for 365 days to enable monitoring and threat hunting.
– All privileged user access must be tightly controlled and tracked to
mitigate compromised accounts.
– Ransomware threats and zero-day vulnerabilities must be quickly
identified.
Which of the following technologies would BEST satisfy these requirements? (Choose three.)

NEW QUESTION 248
A developer implement the following code snippet.

Which of the following vulnerabilities does the code snippet resolve?

NEW QUESTION 249
A company based in the United States holds insurance details of EU citizens. Which of the following must be adhered to when processing EU citizens’ personal, private, and confidential data?

NEW QUESTION 250
A threat hunting team receives a report about possible APT activity in the network.
Which of the following threat management frameworks should the team implement?

NEW QUESTION 251
A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.
Which of the following should a security architect recommend?