length.Shorten the password lifespan.Deploy multifactor authentication.Add a PIN to all logins.51 Angela has decided to roll out a multifactor authentication system. What are the two most common factors used in MFA systems?Location and knowledgeKnowledge and possessionKnowledge and biometricKnowledge and location
52 As part of the investigation after the breach, Angela's team noticed that some staff were using organizational resources after hours when they weren't supposed to be logged in. What type of authentication model could she deploy to use information about an employee's role and work hours to manage when they can be logged in?Location factorsBiometric factorsContext based authenticationMultifactor authentication
53 Angela's multifactor deployment includes the ability to use text (SMS) messages to send the second factor for authentication. What issues should she point to?VoIP hacks and SIM swappingSMS messages are logged on the recipient's phonesPIN hacks and SIM swappingVoIP hacks and PIN hacks
54 Keith needs to manage digital keys, and he wants to implement a hardware security module in his organization. What U.S. government standard are hardware security modules often certified against?PCI-DSSHSM-2015FIPS 140-2CA-Check
55 What purpose does the OpenFlow protocol serve in software-defined networks?It captures flow logs from devices.It allows software-defined network controllers to push changes to devices to manage the network.It sends flow logs to flow controllers.It allows devices to push changes to SDN controllers to manage the network.
56 What type of access control system relies on the operating system to control the ability of subjects to perform actions on objects through a set of policies controlled by a policy administrator?RBACMACDACABAC
57 What term is used to describe an isolated pool of cloud resources for a specific organization or user allocated inside of a public cloud environment?VPNVPCCDACCA
58 Rick's security research company wants to gather data about current attacks and sets up a number of intentionally vulnerable systems that allow his team to log and analyze exploits and attack tools. What type of environment has Rick set up?A tarpitA honeypotA honeynetA blackhole
59 Kalea wants to prevent DoS attacks against her serverless application from driving up her costs when using a cloud service. What technique is not an appropriate solution for her need?Horizontal scalingAPI keysSetting a cap on API invocations for a given timeframeUsing timeouts
60 What is the purpose of change management in an organization?Ensuring changes are scheduledEnsuring changes are documentedEnsuring that only approved changes are madeAll of the above
61 What is the key difference between virtualization and containerization?Virtualization gives operating systems direct access to the hardware, whereas containerization does not allow applications to directly access the hardware.Virtualization lets you run multiple operating systems on a single physical system, whereas containerization lets you run multiple applications on the same system.Virtualization is necessary for containerization, but containerization is not necessary for virtualization.There is not a key difference; they are elements of the same technology.
62 Which software development methodology is illustrated in the diagram?SpiralRADAgileWaterfall
63 What advantage does a virtual desktop infrastructure have when addressing data theft?No data is stored locally on the endpoint deviceBuilt-in DLPAll data is encrypted at restAll data is stored locally on the endpoint device
64 Brandon is designing the hosting environment for containerized applications. Application group A has personally identifiable information, Application group B has health information with different legal requirements for handling, and Application group C has business sensitive data handling requirements. What is the most secure design for his container orchestration environment given the information he has?Run a single, highly secured container host with encryption for data at rest.Run a container host for each application group and secure them based on the data they contain.Run a container host for groups A and B, and a lower-security container host for group C.Run a container host for groups A and C, and a health information–specific container host for group B due to the health information it contains.
65 Local and domain administrator accounts, root accounts, and service accounts are all examples of what type of account?Monitored accountsPrivileged accountsRoot accountsUnprivileged accounts
66 Ned has discovered a key logger plugged into one of his workstations, and he believes that an attacker may have acquired usernames and passwords for all of the users of a shared workstation. Since he does not know how long the keylogger was in use or if it was used on multiple workstations, what is his best security option to prevent this and similar attacks from causing issues in the future?Multifactor authenticationPassword complexity rulesPassword lifespan rulesPrevent the use of USB devices
67 Facebook Connect, CAS, Shibboleth, and ADFS are all examples of what type of technology?Kerberos implementationsSingle sign-on implementationsFederation technologiesOAuth providers
68 Which of the following is not a common identity protocol for federation?SAMLOpenIDOAuthKerberos
69 Mei is designing her organization's datacenter network and wants to establish a secure zone and a DMZ. If Mei wants to ensure that user accounts and traffic that manage systems in the DMZ are easily auditable, and that all access can be logged while helping prevent negative impacts from compromised or infected workstations, which of the following solutions is Mei's best design option?Administrative virtual machines run on administrator workstationsA jump hostA bastion hostSSH or RDP from administrative workstations
70 The identity management system used by Greg's new employer provides rights based on his job as a system administrator. What type of access control system is this?RBACMACDACABAC
71 During a periodic audit of account privileges, Rhonda reviews the account rights in an Active Directory domain for every administrative user and removes any rights to directories or systems that should no longer be available to the administrative users. What type of review is this?Manual reviewIAM assessmentMandatory audit reviewDiscretional audit review
72 Naomi wants to enforce her organization's security policies on cloud service users. What technology is best suited to this?OAuthCASBOpenIDDMARC
73 Lucca wants to ensure that his Windows logs capture events for one month. What setting should he change in the settings to ensure this?Increase the size of the log file to 40480.Leave the log file as is.Change the setting to archive the log when full.Clear the log to start clean.
74 Elliott wants to encrypt data sent between his servers. What protocol is most commonly used for secure web communications over a network?TLSSSLIPSecPPTP
75 What occurs when a website's certificate expires?Web browsers will report an expired certificate to users.The website will no longer be accessible.The certificate will be revoked.All of the above.
76 What term is used to describe defenses that obfuscate the attack surface of an organization by deploying decoys and attractive targets to slow down or distract an attacker?An active defenseA honeyjarA bear trapAn interactive defense
77 The OWASP mobile application security checklist's cryptography requirements include a requirement that the application uses “proven implementations of cryptographic primitives.” What does this requirement mean, and why is it in the checklist?Only use basic cryptographic techniques to ensure that developers can understand themOnly use proven versions of cryptographic algorithms so that they will be secureOnly use in-house developed and tested cryptographic algorithms to avoid known vulnerabilitiesOnly use open source cryptographic techniques to ensure that their source code can be reviewed
78 Claire
