Following a prolonged data center outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements:
There must be visibility into how teams are using cloud-based services.
The company must be able to identify when data related to payment cards is being sent to the cloud.
Data must be available regardless of the end user's geographic location.
Administrators need a single pane-of-glass view into traffic and trends.
Which of the following should the security analyst recommend?


A. Create firewall rules to restrict traffic to other cloud service providers.
B. Install a DLP solution to monitor data in transit.
C. Implement a CASB solution.
D. Configure a web-based content filter.

An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of other popular websites. Which of the following should the company implement?


A. SSO
B. CHAP
C. 802.1x
D. OpenID

A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will best meet these requirements?


A. An NGFW
B. A CASB
C. Application whitelisting
D. An NG-SWG

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?


A. Ensure the scan engine is configured correctly.
B. Apply a patch to the domain controller.
C. Research the CVE.
D. Document this as a false positive.

During an investigation, events from two affected servers in the same subnetwork occurred at the same time:
Server 1: 192.168.10.1 [01/Apr/2021:06:00:00 PST] SAN access denied for user 'admin'
Server 2: 192.168.10.6 [01/Apr/2021:06:01:01 CST] SAN access successful for user 'admin'
Which of the following should be consistently configured to prevent the issue seen in the logs?


A. Geolocation
B. TOTP
C. NTP
D. MFA

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?


A. PaaS
B. Hybrid cloud
C. Private cloud
D. IaaS
E. SaaS

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicloud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location. Which of the following would best meet the architect's objectives?


A. Trusted Platform Module
B. IaaS
C. HSMaaS
D. PaaS

Which of the following best describes the risk that is present once mitigations are applied?


A. Control risk
B. Residual risk
C. Inherent risk
D. Risk awareness

While investigating a recent security breach, an analyst finds that an attacker gained access by SQL injection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?


A. Secure cookies
B. Input sanitization
C. Code signing
D. Blocklist

Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. Which of the following would best help prevent the malware from being installed on the computers?


A. AUP
B. NGFW
C. DLP
D. EDR