A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization’s ERP .

Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?

Reveal Solution Hide Solution

DRAG DROP

A security administrator must configure the database server shown below to comply with the four requirements listed.

Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.

Reveal Solution Hide Solution

Correct Answer:

In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against.

Which of the following strategies should the engineer recommended be approved FIRST?

Reveal Solution Hide Solution

A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user’s age field. The developer was notified and asked to fix the issue.

Which of the following is the MOST secure solution for the developer to implement?

Reveal Solution Hide Solution

An organization is preparing to develop a business continuity plan. The organization is required to meet regulatory requirements relating to confidentiality and availability, which are well-defined. Management has expressed concern following initial meetings that the organization is not fully aware of the requirements associated with the regulations.

Which of the following would be MOST appropriate for the project manager to solicit additional resources for during this phase of the project?

Reveal Solution Hide Solution

A developer emails the following output to a security administrator for review:

Which of the following tools might the security administrator use to perform further security assessment of this issue?

Reveal Solution Hide Solution

An organization is currently performing a market scan for managed security services and EDR capability .

Which of the following business documents should be released to the prospective vendors in the first step of the process? (Select TWO).

Reveal Solution Hide Solution

Providers at a healthcare system with many geographically dispersed clinics have been fined five times this year after an auditor received notice of the following SMS messages:

Which of the following represents the BEST solution for preventing future fines?

Reveal Solution Hide Solution

A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control answer. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment .

Which of the following tools should the engineer load onto the device being designed?

Reveal Solution Hide Solution

An engineer wants to assess the OS security configurations on a company’s servers. The engineer has downloaded some files to orchestrate configuration checks.

When the engineer opens a file in a text editor, the following excerpt appears:

Which of the following capabilities would a configuration compliance checker need to support to interpret this file?

Reveal Solution Hide Solution