An organization is concerned about intellectual property theft by employees who leave the organization. Which
of the following should the organization MOST likely implement?
An organization recently released a software assurance policy that requires developers to run code scans each
night on the repository. After the first night, the security team alerted the developers that more than 2,000
findings were reported and need to be addressed. Which of the following is the MOST likely cause for the high
number of findings?
A. The vulnerability scanner was not properly configured and generated a high number of false positives. B. Third-party libraries have been loaded into the repository and should be removed from the codebase. C. The vulnerability scanner found several memory leaks during runtime, causing duplicate reports for the
same issue. D. The vulnerability scanner was not loaded with the correct benchmarks and needs to be updated.
A security analyst needs to centrally manage credentials and permissions to the company's network devices.
The following security requirements must be met:
All actions performed by the network staff must be logged.
Per-command permissions must be possible.
The authentication server and the devices must communicate through TCP.
Which of the following authentication protocols should the analyst choose?
A security engineer is reviewing the logs from a SAML application that is configured to use MFA. During this
review, the engineer notices a high volume of successful logins that did not require MFA from users who were
traveling internationally. The application, which can be accessed without a VPN, has a policy that allows time-
based tokens to be generated. Users who change locations should be required to reauthenticate but have been
able to log in without doing so. Which of the following statements BEST explains the issue?
A. OpenID is mandatory to make the MFA requirements work. B. An incorrect browser has been detected by the SAML application. C. The access device has a trusted certificate installed that is overwriting the session token. D. The user's IP address is changing between logins, but the application is not invalidating the token.
A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be
non-disruptive and user friendly. Which of the following technologies should the IT manager use when
implementing MFA?
A. One-time passwords B. Email tokens C. Push notifications D. Hardware authentication
A retail store has a business requirement to deploy a kiosk computer in an open area. The kiosk computer's
operating system has been hardened and tested. A security engineer is concerned that someone could use
removable media to install a rootkit. Which of the following should the security engineer configure to BEST
protect the kiosk computer?
A. Measured boot B. Boot attestation C. UEFI D. EDR
A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer
OS due to software compatibility issues. The OSs are still supported by the vendor, but the industrial software is
no longer supported. The Chief Information Security Officer has created a resiliency plan for these systems that
will allow OS patches to be installed in a non-production environment, while also creating backups of the
systems for recovery. Which of the following resiliency techniques will provide these capabilities?
A. Redundancy B. RAID 1+5 C. Virtual machines D. Full backups
A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system
for the company. The CISO categorizes the system, selects the controls that apply to the system, implements
the controls, and then assesses the success of the controls before authorizing the system. Which of the
following is the CISO using to evaluate the environment for this new ERP system?
A. The Diamond Model of Intrusion Analysis B. CIS Critical Security Controls C. NIST Risk Management Framework D. ISO 27002
