the single point of failure for his connectivity, Scott wants to fix the issue. What would be the best solution for the issue he identified?A second connection from the same ISP on the same fiber pathA second connection from a different ISP on the same fiber pathA second connection from the same ISP on a different fiber pathA second connection from a different ISP on a different fiber path136 Scott has been asked to review his infrastructure for any other critical points of failure. If point E is an edge router and individual workstations are not considered mission critical, what issue should he identify?Point DPoint EPoint FNone of the above
137 Which of the following options is most effective in preventing known password attacks against a web application?Account lockoutsPassword complexity settingsCAPTCHAsMultifactor authentication
138 Ben adds a unique, randomly generated string to each password before it is hashed as part of his web application's password storage process. What is this process called?MashingHashingSaltingPeppering
139 Which of the following is not a common use case for network segmentation?Creating a VoIP networkCreating a shared networkCreating a guest wireless networkCreating trust zones
140 Kwame discovers that secrets for a microservice have been set as environment variables on the Linux host that he is reviewing using the following command:docker run -it -e "DBUSER= appsrv" -e DBPASSWD=secure11" dbappsrvWhich processes can read the environment variables?The dbuserThe Docker userAll processes on the systemRoot and other administrative users
141 What three layers make up a software defined network?Application, Datagram, and Physical layersApplication, Control, and Infrastructure layersControl, Infrastructure, and Session layersData link, Presentation, and Transport layers
142 Which of the following is not a security advantage of VDI?No data is stored locally on the endpoint device.Patch management is easier due to use of a single central image.VDI systems cannot be infected with malware.There is isolation of business tools and files even when using personally owned devices.
143 Micah is designing a containerized application security environment and wants to ensure that the container images he is deploying do not introduce security issues due to vulnerable applications. What can he integrate into the CI/CD pipeline to help prevent this?Automated checking of application hashes against known good versionsAutomated vulnerability scanningAutomated fuzz testingAutomated updates
144 Susan wants to optimize the DevOps workflow as part of a DevSecOps initiative. What optimization method should she recommend to continuously integrate security without slowing work down?Automate some security gates.Perform security testing before development.Perform security testing only after all code is fully operational.None of the above.
145 Camille wants to integrate with a federation. What will she need to authenticate her users to the federation?An IDPA SPAn API gatewayA SSO serverAnswer the next three questions based on your knowledge of container security and the following scenario.Brandon has been tasked with designing the security model for container use in his organization. He is working from the NIST SP 800-190 document and wants to follow NIST recommendations wherever possible.
146 What can Brandon do to create a hardware-based basis for trusted computing?Only use in-house computing rather than cloud computing.Use a hardware root of trust like a TPM module and Secure Boot methods.Manually inspect hardware periodically to ensure that no keyloggers or other unexpected hardware is in place.Only use signed drivers.
147 Brandon needs to deploy containers with different purposes, data sensitivity levels, and threat postures to his container environment. How should he group them?Segment containers by purposeSegment containers by data sensitivitySegment containers by threat modelAll of the above
148 What issues should Brandon consider before choosing to use the vulnerability management tools he has in his non-container-based security environment?Vulnerability management tools may make assumptions about host durability.Vulnerability management tools may make assumptions about update mechanisms and frequencies.Both A and BNeither A nor B
149 Timing information, power consumption monitoring, electromagnetic emanation monitoring, and acoustic monitoring are all examples of what types of attacks against SOCs, embedded systems, and other platforms?Trusted foundry attacksSide-channel attacksPrimary channel attacksUntrusted foundry attacks
150 What key functionality do enterprise privileged account management tools provide?Password creationAccess control to individual systemsEntitlement management across multiple systemsAccount expiration tools
151 Amira wants to deploy an open standard–based single sign-on (SSO) tool that supports both authentication and authorization. What open standard should she look for if she wants to federate with a broad variety of identity providers and service providers?LDAPSAMLOAuthOpenID Connect
152 Nathaniel wants to use an access control system that takes into account information about resources like the resource owner, filename, and data sensitivity. What type of access control system should he use?ABACDACMACRBAC
153 What secure processing technique requires an operation to be complete before the memory locations it is accessing or writing to can be used by another process?Trusted executionAtomic executionAnti-tamperBus encryption
154 Betty wants to review the security logs on her Windows workstation. What tool should she use to do this?Secpol.mscEvent ViewerLog ViewerLogview.msc
155 What type of attack is the use of query parameterization intended to prevent?Buffer overflowsCross-site scriptingSQL injectionDenial-of-service attacks
156 Isaac is configuring syslog on a Linux system and wants to send the logs in a way that will ensure that they are received. What protocol should he specify to do so?UDPHTTPHTTPSTCP
157 Bob wants to deploy a VPN technology with granular access controls for applications that are enforced at the gateway. Which VPN technology is best suited to this requirement?IKE VPNsTLS VPNsX.509 VPNsIPsec VPNs
158 What type of attack is output encoding typically used against?DoSXSSXMLDDoS
159 Alaina wants to identify only severe kernel issues on a Linux system, and she knows that log levels for the kernel range from level 0 to level 7. Which of the following levels is the most severe?Level 1, KERN_ALERTLevel 2, KERN_CRITLevel 4, KERN_WARNINGLevel 7, KERN_DEBUGUse the following scenario for questions 160–162.Scott has been asked to select a software development model for his organization and knows that there are a number of models that may make sense for what he has been asked to accomplish. Use your knowledge of SDLC models to identify an appropriate model for each of the following requirements.
160 Scott's organization needs basic functionality of the effort to become available as soon as possible and wants to involve the teams that will use it heavily to ensure that their needs are met. What model should Scott recommend?WaterfallSpiralAgileRapid Application Development
161 A parallel coding effort needs to occur; however, this effort involves a very complex system and errors could endanger human lives. The system involves medical records and drug dosages, and the organization values stability and accuracy over speed. Scott knows the organization often adds design constraints throughout the process and that the model he selects must also deal with that need. What model should he choose?WaterfallSpiralAgileRapid Application Development
162 At the end of his development cycle, what SDLC phase will Scott enter as the new application is installed and replaces the old code?User acceptance testingTesting and integrationDispositionRedesign
163 Sofía wants to ensure that the ICs in the new device that her commercial consumer products company is releasing cannot be easily reverse engineered. Which technique
