Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?
An organization developed a virtual thin client running in kiosk mode mat is used to access various software depending on the users' roles During a security evaluation, the test team identified the ability to exit kiosk mode and access system-level resources which led to privilege escalation Which of the following mitigations addresses this finding?
A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?
While investigating a recent security breach an analyst finds that an attacker gained access by SQL injection through a company website Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?
A company policy states that all new SaaS applications must authenticate users through a centralized service. Which of the following authentication types should most likely be configured in order to comply with this policy?
A company wants to begin taking online orders for products but has decided to outsource payment processing to limit risk. Which of the following best describes what the company should request from the payment processor?
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?
A systems administrator would like to set up a system that will make it difficult or impossible to deny that someone has performed an action. Which of the following is the administrator trying to accomplish?
An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?
A company executive experienced a security issue at an airport Photos taken during a strategy meeting were stolen when the executive used a free smartphone-charging station. Which of the following can be used to prevent this from occurring in the future?
A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?
Which of the following can be used to identify potential attacker activities without affecting production servers?
A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?
An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?
A security analyst at an organization observed several user logins from outside the organization's network The analyst determined that these logins were not performed by individuals within the organization Which of the following recommendations would reduce the likelihood of future attacks? (Select two).
A company requires that all user authentication against a core directory service must be secure. Which of the following should the company implement to meet this requirement?
A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?
While performing digital forensics. which of the following is considered the most volatile and should have the contents collected first?
A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?
TESTED 23 Feb 2025
