A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?


A. DLP
B. SIEM
C. NIDS
D. WAF

A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?

A. Password spraying
B. Account forgery
C. Pass-the-hash
D. Brute-force

An organization suffered numerous multiday power outages at its current location. The Chief Executive Officer wants to create a disaster recovery strategy to resolve this issue. Which of the following options offer low-cost solutions? (Choose two.)


A. Warm site
B. Generator
C. Hot site
D. Cold site
E. Cloud backups
F. UPS

A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?


A. Data masking
B. Encryption
C. Geolocation policy
D. Data sovereignty regulation

A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommend?


A. A content filter
B. A WAF
C. A next-generation firewall
D. An IDS

A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices. Which of the following is a cost-effective approach to address these concerns?


A. Enhance resiliency by adding a hardware RAID.
B. Move data to a tape library and store the tapes off-site.
C. Install a local network-attached storage.
D. Migrate to a cloud backup solution.

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider Implementing?


A. DLP
B. VPC
C. CASB
D. Content filtering

Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?


A. GDPR
B. PCI DSS
C. ISO 27000
D. NIST 800-53

A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks. Which of the following would be best for the security manager to use in a threat model?


A. Hacktivists
B. White-hat hackers
C. Script kiddies
D. Insider threats

A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website. The malicious actor posted an entry in an attempt to trick users into clicking the following:
https://www.c0mpt1a.com/contact-us/%3Fname%3D%3Cscript%3Ealert(docu…
3C%2Fscript%3E
Which of the following was most likely observed?


A. DLL injection
B. Session replay
C. SQLi
D. XSS