A security analyst is assisting a team of developers with best practices for coding. The security analyst would
like to defend against the use of SQL injection attacks. Which of the following should the security analyst
recommend first?


A. Tokenization
B. Input validation
C. Code signing
D. Secure cookies

A security architect is designing a remote access solution for a business partner. The business partner needs
to access one Linux server at the company. The business partner wants to avoid managing a password for
authentication and additional software installation. Which of the following should the architect recommend?


A. Soft token
B. Smart card
C. CSR
D. SSH key

A data center has experienced an increase in under-voltage events following electrical grid maintenance
outside the facility. These events are leading to occasional losses of system availability. Which of the following
would be the most cost-effective solution for the data center to implement?


A. Uninterruptible power supplies with battery backup
B. Managed power distribution units to track these events
C. A generator to ensure consistent, normalized power delivery
D. Dual power supplies to distribute the load more evenly

A user reports that a bank's website no longer displays a padlock symbol. A security analyst views the user's
screen and notices the connection is using HTTP instead of HTTPS. Which of the following attacks is most
likely occurring?


A. Memory leak
B. SSL stripping
C. API
D. Pass the hash

A police department is using the cloud to share information with city officials. Which of the following cloud
models describes this scenario?


A. Hybrid
B. Private
C. Public
D. Community

Which of the following identifies the point in time when an organization will recover data in the event of an
outage?


A. ALE
B. RPO
C. MTBF
D. ARO

Which of the following should customers who are involved with UI developer agreements be concerned with
when considering the use of these products on highly sensitive projects?


A. Weak configurations
B. Integration activities
C. Unsecure user accounts
D. Outsourced code development

Which of the following best describes the situation where a successfully onboarded employee who is using a
fingerprint reader is denied access at the company's main gate?


A. Crossover error rate
B. False match rate
C. False rejection
D. False positive

A systems engineer thinks a business system has been compromised and is being used to exfiltrate data to a
competitor. The engineer contacts the CSIRT. The CSIRT tells the engineer to immediately disconnect the
network cable and to not do anything else. Which of the following is the most likely reason for this request?


A. The CSIRT thinks an insider threat is attacking the network.
B. Outages of business-critical systems cost too much money.
C. The CSIRT does not consider the systems engineer to be trustworthy.
D. Memory contents, including fileless malware, are lost when the power is turned off.

Which of the following would provide guidelines on how to label new network devices as part of the initial
configuration?


A. IP schema
B. Application baseline configuration
C. Standard naming convention policy
D. Wireless LAN and network perimeter diagram