لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Company A is establishing a contractual with Company
B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights
B. Company A OLA v1b
E. Company A-B NDA v03
عرض الإجابة
اجابة صحيحة: A
السؤال #2
The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements: * Transaction being requested by unauthorized individuals. * Complete discretion regarding client names, account numbers, and investment information. * Malicious attackers using email to malware and ransomeware. * Exfiltration of sensitive company information. The cloud-based email solution will provide anti-malware reputation-based scanning, signaturebased scanning
A. Data loss prevention
B. Endpoint detection response C
عرض الإجابة
اجابة صحيحة: A
السؤال #3
A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy. Which of the following solutions should the security architect recommend?
A. Replace the current antivirus with an EDR solution
B. Remove the web proxy and install a UTM appliance
عرض الإجابة
اجابة صحيحة: C
السؤال #4
A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered dat
A. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements
A. Designing data protection schemes to mitigate the risk of loss due to multitenancy
B. Implementing redundant stores and services across diverse CSPs for high availability C
عرض الإجابة
اجابة صحيحة: D
السؤال #5
Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?
A. Importing the availability of messages
B. Ensuring non-repudiation of messages C
عرض الإجابة
اجابة صحيحة: D
السؤال #6
A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text. Which of the following should the security analyst perform?
A. Contact the security department at the business partner and alert them to the email event
B. Block the IP address for the business partner at the perimeter firewall
عرض الإجابة
اجابة صحيحة: D
السؤال #7
A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios: Unauthorized insertions into application development environments Authorized insiders making unauthorized changes to environment configurations Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (
A. Perform static code analysis of committed code and generate summary reports
B. Implement an XML gateway and monitor for policy violations
E. Model user behavior and monitor for deviations from normal
F. Continuously monitor code commits to repositories and generate summary logs
عرض الإجابة
اجابة صحيحة: C
السؤال #8
An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue. Which of the following is the MOST cost-effective solution?
A. Move the server to a cloud provider
B. Change the operating system
عرض الإجابة
اجابة صحيحة: A
السؤال #9
A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?
A. Increased network latency
B. Unavailable of key escrow C
عرض الإجابة
اجابة صحيحة: A
السؤال #10
A developer implement the following code snippet. Which of the following vulnerabilities does the code snippet resolve? A.SQL inject
B. Buffer overflow C
عرض الإجابة
اجابة صحيحة: D
السؤال #11
An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key. Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string? A.Implement a VPN for all APIs. B.Sign the key with DSA. C.Deploy MFA for the service accounts. D.Utilize HMAC for the keys.
An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key
عرض الإجابة
اجابة صحيحة: AF
السؤال #12
A financial services company wants to migrate its email services from on-premises servers to a cloudbased email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following. * Transactions being required by unauthorized individual * Complete discretion regarding client names, account numbers, and investment information. * Malicious attacker using email to distribute malware and r
A. Data loss prevention
B. Endpoint detection response C
عرض الإجابة
اجابة صحيحة: A
السؤال #13
A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time. Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?
A. The company will have access to the latest version to continue development
B. The company will be able to force the third-party developer to continue support
عرض الإجابة
اجابة صحيحة: A
السؤال #14
A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated. Which of the following techniques would be BEST suited for this requirement?
A. Deploy SOAR utilities and runbooks
B. Replace the associated hardware
عرض الإجابة
اجابة صحيحة: A
السؤال #15
A security engineer was auditing an organization's current software development practice and discovered that multiple open-source libraries were Integrated into the organization's software. The organization currently performs SAST and DAST on the software it develops. Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?
A. Perform additional SAST/DAST on the open-source libraries
B. Implement the SDLC security guidelines
عرض الإجابة
اجابة صحيحة: D
السؤال #16
Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following sho
A. Traffic interceptor log analysis
B. Log reduction and visualization tools C
عرض الإجابة
اجابة صحيحة: C
السؤال #17
A company requires a task to be carried by more than one person concurrently. This is an example of:
A. separation of d duties
B. dual control C
عرض الإجابة
اجابة صحيحة: A
السؤال #18
A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are: The Chief marketing officer (CMO) email is being used department wide as the username The password has been shared within the department Which of the following controls would be BEST for the analyst to recommend?
A. Configure MFA for all users to decrease their reliance on other authentication
B. Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform
عرض الإجابة
اجابة صحيحة: A
السؤال #19
A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?
A. Hybrid IaaS solution in a single-tenancy cloud
B. Pass solution in a multinency cloud C
عرض الإجابة
اجابة صحيحة: B
السؤال #20
All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be: Leaked to the media via printing of the documents Sent to a personal email address Accessed and viewed by systems administrators Uploaded to a file storage site Which of the following would mitigate the department's concerns
A. Data loss detection, reverse proxy, EDR, and PGP B
عرض الإجابة
اجابة صحيحة: A
السؤال #21
A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following: The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run: Which of the following is an appropriate security control the company should implement?
A. Restrict directory permission to read-only access
B. Use server-side processing to avoid XSS vulnerabilities in path input
عرض الإجابة
اجابة صحيحة: C
السؤال #22
A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security. Which of the following encryption methods should the cloud security engineer select during the implementation phase?
A. Instance-based
B. Storage-based C
عرض الإجابة
اجابة صحيحة: B
السؤال #23
A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session: Which of the following BEST explains why secure LDAP is not working? (Select TWO.)
A. The clients may not trust idapt by default
B. The secure LDAP service is not started, so no connections can be made
E. The company is using the wrong port
F. Secure LDAP does not support wildcard certificates
عرض الإجابة
اجابة صحيحة: C
السؤال #24
A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system: Which of the following meets the budget needs of the business? A.Filter ABC B.Filter XYZ C.Filter GHI D.Filter TUV
A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system: Which of the following meets the budget needs of the business? A. ilter ABC B
عرض الإجابة
اجابة صحيحة: C
السؤال #25
A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee' PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the p
A. The company is using 802
B. The DHCP server has a reservation for the PC's MAC address for the wired interface
عرض الإجابة
اجابة صحيحة: B
السؤال #26
A security analyst is investigating a possible buffer overflow attack. The following output was found on a user's workstation: graphic.linux_randomization.prg Which of the following technologies would mitigate the manipulation of memory segments? A.NX bit B.ASLR C.DEP D.HSM
A security analyst is investigating a possible buffer overflow attack. The following output was found on a user's workstation: graphic
عرض الإجابة
اجابة صحيحة: B
السؤال #27
A threat analyst notices the following URL while going through the HTTP logs. Which of the following attack types is the threat analyst seeing?
A. SQL injection
B. CSRF C
عرض الإجابة
اجابة صحيحة: BE
السؤال #28
Which of the following BEST sets expectation between the security team and business units within an organization? A.Risk assessment
B. Memorandum of understanding C
E. Services level agreement
عرض الإجابة
اجابة صحيحة: A
السؤال #29
A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?
A. Community cloud service model
B. Multinency SaaS C
عرض الإجابة
اجابة صحيحة: C
السؤال #30
A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources. Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?
A. Union filesystem overlay
B. Cgroups C
عرض الإجابة
اجابة صحيحة: C
السؤال #31
A vulnerability analyst identified a zero-day vulnerability in a company's internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one. Which of the following would be BEST suited to meet these requirements? A.ARF B.ISACs C.Node.js D.OVAL
A vulnerability analyst identified a zero-day vulnerability in a company's internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one
عرض الإجابة
اجابة صحيحة: B
السؤال #32
A company's claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee's laptop when was opened.
A. Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department
B. Required all laptops to connect to the VPN before accessing email
عرض الإجابة
اجابة صحيحة: C
السؤال #33
A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis. A security engineer is concerned about the security of th
A. Hardware vulnerabilities introduced by the log aggregate server
B. Network bridging from a remote access VPN C
عرض الإجابة
اجابة صحيحة: A
السؤال #34
The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?
A. Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals
B. Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers
عرض الإجابة
اجابة صحيحة: D
السؤال #35
An organization recently started processing, transmitting, and storing its customers' credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers' information. Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit? A.NIST B.GDPR C.PCI DSS D.ISO
An organization recently started processing, transmitting, and storing its customers' credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers' information
عرض الإجابة
اجابة صحيحة: C
السؤال #36
A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer's company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?
A. DLP B
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.