- All Exams Instant Download
Which of the following should the engineer report as the ARO for successful breaches?
A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?A . 0.5B . 8C . 50D . 36,500View...
Which of the following now describes the level of risk?
A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a...
Which of the following testing methods would be BEST for the engineer to utilize in this situation?
The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight. Which of the following testing methods would be BEST for the engineer to utilize in this situation?A . Software composition analysisB ....
Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?
An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information. Which of the following provides the BEST guidance for protecting such information while it is at...
Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?
An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer...
Which of the following phases establishes the identification and prioritization of critical systems and functions?
An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items. Which of the following phases establishes the identification and prioritization of critical systems and functions?A . Review a recent gap analysis.B . Perform a cost-benefit analysis.C . Conduct a business impact...
Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?
An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment. Which of the following BEST describes the reason why traditional...
Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?
A security engineer was auditing an organization’s current software development practice and discovered that multiple open-source libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops. Which of the following should the organization incorporate into the SDLC to ensure the security...
Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner?
A security architect is reviewing the following proposed corporate firewall architecture and configuration: Both firewalls are stateful and provide Layer 7 filtering and routing. The company has the following requirements: Web servers must receive all updates via HTTP/S from the corporate network. Web servers should not initiate communication with the...
Which of the following should the engineer report as the ARO for successful breaches?
A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?A . 0.5B . 8C . 50D . 36,500View...
