Which of the following is the MOST effective way to detect security flaws present on third-party libraries
embedded on software before it is released into production?


A. Employ different techniques for server- and client-side validations
B. Use a different version control system for third-party libraries
C. Implement a vulnerability scan to assess dependencies earlier on SDLC
D. Increase the number of penetration tests before software release

A security analyst is receiving several alerts per user and is trying to determine if various logins are malicious.
The security analyst would like to create a baseline of normal operations and reduce noise. Which of the
following actions should the security analyst perform?


A. Adjust the data flow from authentication sources to the SIEM.
B. Disable email alerting and review the SIEM directly.
C. Adjust the sensitivity levels of the SIEM correlation engine.
D. Utilize behavioral analysis to enable the SIEM's learning mode.

After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that
were not encrypting cardholder data at rest. Which of the following compliance frameworks would address the
compliance team's GREATEST concern?


A. PCI DSS
B. GDPR
C. ISO 27001
D. NIST CSF

A company acquired several other small companies. The company that acquired the others is transitioning
network services to the cloud. The company wants to make sure that performance and security remain intact.
Which of the following BEST meets both requirements?


A. High availability
B. Application security
C. Segmentation
D. Integration and auditing

An annual information security assessment has revealed that several OS-level configurations are not in
compliance due to outdated hardening standards the company is using. Which of the following would be BEST
to use to update and reconfigure the OS-level security configurations?


A. CIS benchmarks
B. GDPR guidance
C. Regional regulations
D. ISO 27001 standards

Which of the following controls is used to make an organization initially aware of a data compromise?


A. Protective
B. Preventative
C. Corrective
D. Detective

A Chief Information Security Officer wants to ensure the organization is validating and checking the integrity of
zone transfers. Which of the following solutions should be implemented?


A. DNSSEC
B. LDAPS
C. NGFW
D. DLP

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to
be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The
file share is located in a local data center. Which of the following should the security architect recommend to
BEST meet the requirement?


A. Fog computing and KVMs
B. VDI and thin clients
C. Private cloud and DLP
D. Full drive encryption and thick clients

A social media company based in North America is looking to expand into new, global markets and needs to
maintain compliance with international standards. With which of the following is the company's data protection
officer MOST likely concerned?


A. NIST Framework
B. ISO 27001
C. GDPR
D. PCI-DSS

A network engineer created two subnets that will be used for production and development servers. Per security
policy production and development servers must each have a dedicated network that cannot communicate with
one another directly. Which of the following should be deployed so that server administrators can access these
devices?


A. VLANs
B. Internet proxy servers
C. NIDS
D. Jump servers