that her organization needs to have in production has vulnerabilities due to a recent scan using a web application security scanner. What is her best protection option if she knows that the vulnerability is a known SQL injection flaw?A firewallAn IDSA WAFDLPUse the following scenario to answer questions 79–81.Donna has been assigned as the security lead for a DevSecOps team building a new web application. As part of the effort, she has to oversee the security practices that the team will use to protect the application. Use your knowledge of secure coding practices to help Donna guide her team through this process.79 A member of Donna's team recommends building a blacklist to avoid dangerous characters like ‘and <script> tags. How could attackers bypass a blacklist that individually identified those characters?They can use a binary attack.They can use alternate encodings.They can use different characters with the same meaning.The characters could be used together to avoid the blacklist.
80 The design of the application calls for client-side validation of input. What type of tool could an attacker use to bypass this?An XSS injectorA web proxyA JSON interpreterA SQL injector
81 A member of Donna's security team suggests that output encoding should also be considered. What type of attack is the team member most likely attempting to prevent?Cross-site scriptingSQL injectionCross-site request forgeryAll of the above
82 What type of access control system uses information like age, title, organization ID, or security clearance to grant privileges?RBACMACDACABAC
83 Alex has deployed a new model of network connected Internet of Things (IoT) devices throughout his organization's facilities to track environmental data. The devices use a system on a chip (SOC) and Alex is concerned about potential attacks. What is the most likely exploit channel for SOCs in this environment?Physical attacksAttacks via an untrusted foundryAttacks against the operating system and softwareSide channel attacks
84 Nathan downloads a BIOS update from Dell's website, and when he attempts to install it on the PC, he receives an error that the hash of the BIOS does not match the hash stored on Dell's servers. What type of protection is this?Full-disk encryptionFirmware protectionOperating system protectionNone of the above
85 What practice is typical in a DevSecOps organization as part of a CI/CD pipeline?Automating some security gatesProgrammatic implementation of zero-day vulnerabilitiesUsing security practitioners to control the flow of the CI/CD pipelineRemoving security features from the IDE
86 Naomi wants to validate files that are uploaded as part of her web application. Which of the following is not a common technique to help prevent malicious file uploads or denial of service attacks?Using input validation to ensure only allowed file extensionsUploading all files to a third-party virus scanning platform like VirusTotalChecking the size of uploaded files against a maximum allowed file sizeChecking zip files for their structure and path before unzipping them
87 Valerie wants to prevent potential cross-site scripting attacks from being executed when previously entered information is displayed in user's browsers. What technique should she use to prevent this?A firewallA HIDSOutput encodingString randomization
88 While developing a web application, Chris sets his session ID length to 128 bits based on OWASP's recommended session management standards. What reason would he have for needing such a long session ID?To avoid duplicationTo allow for a large group of usersTo prevent brute-forcingAll of the above
89 Robert is reviewing a web application and the developers have offered four different responses to incorrect logins. Which of the following four responses is the most secure option?Login failed for user; invalid passwordLogin failed; invalid user ID or passwordLogin failed; invalid user IDLogin failed; account does not exist
90 What technology is most commonly used to protect data in transit for modern web applications?VPNTLSSSLIPSec
91 Nathan is reviewing PHP code for his organization and finds the following code in the application he is assessing. What technique is the developer using?$stmt = $dbh->prepare("INSERT INTO REGISTRY (var1, var2) VALUES (:var1, :var2)"); $stmt->bindParam(':var1', $var1); $stmt->bindParam(':var2', $var2);Dynamic bindingParameterized queriesVariable limitationNone of the above
92 Which of the following components is not typically part of a service-oriented architecture?Service providerService guardianService brokerService consumer
93 Which role in a SAML authentication flow validates the identity of the user?The SPThe IDPThe principalThe RP
94 Anja is assessing the security of a SOAP-based web service implementation. Which of the following web service security requirements should she recommend to reduce the likelihood of a successful man-in-the-middle attack?Use TLS.Use XML input validation.Use XML output validation.Virus-scan files received by web service.
95 Which of the following components are not part of a typical SOAP message?The envelopeThe headerThe stampThe body
96 Alice wants to ensure proper access control for a public REST service. What option is best suited to help ensure that the service will not suffer from excessive use?Restricting HTTP methodsUsing JSON web tokensUsing API keysUsing HTTPS
97 How are requests in REST-based web services typically structured?As XMLAs a URLAs a SQL queryAs a SOAP statement
98 While reviewing the code for a Docker-based microservice, Erik discovers the following code:echo "pidfile = /run/example.pid">> /etc/example.conf && \ echo "logfile = /data/logs/example.log">> /etc/example.conf && \ echo "loglevel = debug">> /etc/example.conf && \ echo "port = : 5159">> /etc/example.conf && \ echo "username = svc">> /etc/example.conf && \ echo "password = secure">> /etc/example.conf && \What has he found?A misconfigured microserviceHard-coded credentialsImproperly configured log filesA prohibited port
99 What type of access is typically required to compromise a physically isolated and air-gapped system?Wired network accessPhysical accessWireless network accessNone of the above, because an isolated, air-gapped system cannot be accessed
100 The organization that Allan works for wants to securely store digital keys for their enterprise security certificates. What type of device should they select to help manage and protect their keys?A hardware tokenA HSMA PEBKACA cigar box CA
101 Charlene wants to provide an encrypted network connection for her users. She knows her users require a full network connection rather than application specific uses. What VPN technology should she choose?SSLTLSIPSecWPA2
102 How are eFuses used to prevent firmware downgrades?If they are burned, the firmware cannot be changed.The number of fuses burned indicates the current firmware level, preventing old versions from being installed.eFuses must be reset before firmware can be downgraded, requiring administrative access.eFuses cannot be used to prevent firmware downgrades.
103 Dev wants to use Secure Boot on a workstation. What technology must his workstation use to support Secure Boot?BIOSROMUEFITPM
104 What requirements must be met for a trusted execution environment to exist?All trusted execution environment assets must have been installed and started securely.The trusted execution environment must be verified and certified by a third party.The trusted execution environment must be verified and approved by the end user.Only trusted components built into the operating system can be run in a trusted execution environment.
105 What hardware feature do Apple devices use to manage keys in a secure way outside of the processor?A cryptographic bastionA Secure EnclaveA HSMA cryptolocker
106 Which of the following is not a typical capability of processor security extensions?Data and instruction path integrity checksError detection for
