For which of the following reasons is the engineer concerned?

A systems security engineer is assisting an organization’s market survey team in reviewing requirements foran upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about aparticular class of devices that uses a separate SoC for baseband radio I/O. For which of the followingreasons is the engineer concerned? A. These devices can […]

Read More

Which of the following should the organization consider implementing along with VLANs to provide a

During a security assessment, an organization is advised of inadequate control over network segmentation.The assessor explains that the organization’s reliance on VLANs to segment traffic is insufficient to providesegmentation based on regulatory standards. Which of the following should the organization considerimplementing along with VLANs to provide a greater level of segmentation? A. Air gaps B. […]

Read More

Which of the following does the log sample indicate?

A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis: Which of the following does the log sample indicate? (Choose two.) A. A root user performed an injection attack via kernel module B. Encrypted payroll data was successfully decrypted by the attacker C. Jsmith successfully […]

Read More

Which of the following types of information could be drawn from such participation?

An organization has employed the services of an auditing firm to perform a gap assessment in preparationfor an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommendsthe organization engage with other industry partners to share information about emerging attacks toorganizations in the industry in which the organization functions. Which of […]

Read More

Which of the following approaches is described?

To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200vulnerabilities on production servers to be remediated. The security engineer must determine whichvulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate themost dangerous risks. The CISO wants the security engineer to act in the […]

Read More

Based on the data classification table above, which of the following BEST describes the overall

An engineer is evaluating the control profile to assign to a system containing PII, financial, and proprietary data. Based on the data classification table above, which of the following BEST describes the overall classification? A. High confidentiality, high availability B. High confidentiality, medium availability C. Low availability, low confidentiality D. High integrity, low availability Explanation: […]

Read More

Which of the following settings should be toggled to achieve the goal?

A security analyst is reviewing the corporate MDM settings and notices some disabled settings, whichconsequently permit users to download programs from untrusted developers and manually install them.After some conversations, it is confirmed that these settings were disabled to support the internaldevelopment of mobile applications. The security analyst is now recommending that developers and testershave a […]

Read More

Which of the following BEST meets this objective?

The Chief Information Security Officer (CISO) for an organization wants to develop custom IDS rulesetsfaster, prior to new rules being released by IDS vendors. Which of the following BEST meets this objective? A. Identify a third-party source for IDS rules and change the configuration on the applicable IDSs to pull in the new rulesets B. […]

Read More