A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
A. Testing input validation on the user input fields
B. Performing code signing on company-developed software
C. Performing static code analysis on the software
D. Ensuring secure cookies are use
Which of the following is used to validate a certificate when it is presented to a user?
A. OCSP
B. CSR
C. CA
D. CRC
A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?
A. Local data protection regulations
B. Risks from hackers residing in other countries
C. Impacts to existing contractual obligations
D. Time zone differences in log correlation
A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?
A. Encryption at rest
B. Masking
C. Data classification
D. Permission restrictions
A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?
A. EAP
B. DHCP
C. IPSec
D. NAT
A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?
A. Clustering servers
B. Geographic dispersion
C. Load balancers
D. Off-site backups
An organization disabled unneeded services and placed a firewall in front of a business- critical legacy system. Which of the following best describes the actions taken by the organization?
A. Exception
B. Segmentation
C. Risk transfer
D. Compensating controls
An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an IoC?
A. Reimage the impacted workstations
B. Activate runbooks for incident response
C. Conduct forensics on the compromised system
D. Conduct passive reconnaissance to gather information
A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?
A. Accept the risk if there is a clear road map for timely decommission
B. Deny the risk due to the end-of-life status of the application.
C. Use containerization to segment the application from other applications to eliminate the risk
D. Outsource the application to a third-party developer group
Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule. Which of the following but describes this form of security control?
A. Physical
B. Managerial
C. Technical
D. Operational