company is looking at a new CRM model to reach customers that includes social media. The marketing director, Tucker, would like to share news, updates, and promotions on all social websites. What are the major security risks?Malware, phishing, and social engineeringDDOS, brute force, and SQLiMergers and data ownershipRegulatory requirements and environmental changes123 In the last 5 years, your manufacturing group merged twice with competitors and acquired three startups, which led to more than 60 unique customer web applications. To reduce cost and improve workflows, you are put in charge of a project to implement centralized security. You need to ensure a model to enable integration and accurate identity information and authentication as well as repeatability. Which is the best solution?Implementation of web access control and relay proxiesAutomated provisioning of identity managementSelf-service single sign-on using KerberosBuilding an organizational wide granular access control model in a centralized location
124 You are tasked with creating a single sign-on solution for your security organization. Which of these would you not deploy in an enterprise environment?Directory servicesKerberosSAML 2.0Workgroup
125 The Domain Name System (DNS) maintains an index of every domain name and corresponding IP address. Before someone visits a website on your corporate network, DNS will resolve your domain name to its IP address. Which of the following is a weakness of DNS?SpoofingLatencyAuthenticationInconsistency
126 Your database team would like to use a service-oriented architecture (SOA). The CISO suggested you investigate the risk for adopting this type of architecture. What is the biggest security risk to adopting an SOA?SOA is available only over the enterprise network.Lack of understanding from stakeholders.Risk of legacy networks and system vulnerabilities.Source code.
127 A large enterprise social media organization underwent several mergers, divestitures, and acquisitions over the past three years. Because of this, the internal networks and software have extremely complex dependencies. Better integration is mandatory. Which of the following integration platforms is best for security and standards-based software architecture?IDEDNSSOAESB
128 The retail division of your organization purchased touchscreen tablets and wireless mice and keyboards for all their representatives to increase productivity. You communicated the risk of nonstandard devices and wireless devices, but the deployment continued. What is the best method for evaluating and presenting potential threats to upper management?Conducting a vulnerability assessmentDeveloping a standard image for these assetsMaking new recommendations for security policiesWorking with the management team to understand the processes these devices will interface with, and to classify the risk connected with the hardware/software deployment life cycle
129 You are selected to manage a software development and implementation project. Your manager suggests that you follow the phases in the SDLC. In which of these phases do you determine the controls needed to ensure that the system complies with standards?TestingInitiationAccreditationAcceptance
130 You were selected to manage a software development project. Your supervisor asked you to follow the proper phases in the systems development life cycle. Where does the SDLC begin?Requirement analysisSystem design specificationsInitiationImplementation
131 You have turned a software project over to the fielding phase, delivering the working system to the customer. Which phase is this otherwise known as?DeploymentLicensingDevelopmentEvaluation
132 Your vulnerability manager contacted you because of an operating system software issue. There are a few security-related issues due to patches and upgrades needed for an application on the systems in question. When is the best time to complete this task?As quickly as possible after testingAfter experiencing the issue that the vulnerability manager describedAfter other organizations have tested the patch or upgradeDuring the usual monthly maintenance
133 Arnold has developed an application and want to prevent the reuse of information in memory when a user quits the program. Which of these is his best option to accomplish this task?Garbage collectionData validationSDLCOOP
134 Simon is a security engineer. While testing an application during a regular assessment to make sure it is configured securely, he sees a REQUEST containing method, resources, and headers, and a RESPONSE containing status code and headers. What technique did he most likely use to generate that type of output?FingerprintingFuzzingVulnerability scanningHTTP intercepting
135 You have been asked to make a change to software code. What type of testing do you complete to make sure program inputs and outputs are correct and everything functions as it's supposed to?White boxBlack hatCode reviewRegression
136 You are conducting a unit test on a new piece of software. By looking at an individual program, how do you ensure that each module behaves as it should?Input/outputBIOSProcesses runningServices running
137 Christopher is a software developer, and as part of the testing phase in the SDLC, he will need to ensure that an application is handling errors correctly. What is the best tool for him to use in this situation?FuzzerComplianceAccess controlIntegration testing
138 Your IT group is modernizing and adopting a DevSecOps approach, making everyone responsible for security. Traditionally, storage and security were separate disciplines inside IT as a whole. As a security analyst, what is your primary concern of data at rest?EncryptionAuthenticationInfrastructureAuthorization
139 As a software developer, Brian is extremely frustrated with a customer who keeps calling him on the phone and leaving messages to make changes to the software. What approach should Brian take with this customer to make the development process easier?Change controlIncrease securityAppraise senior managementProvide detailed documentation
140 Jackie is a software engineer and inherently prefers to use a flexible framework that enables software development to evolve with teamwork and feedback. What type of software development model would this be called?PrototypingCeremonyAgileRadical
141 You are working on a high-risk software development project that is large, the releases are to be frequent, and the requirements are complex. The waterfall and agile models are too simple. What software development model would you opt for?FunctionalCost estimationContinuous deliverySpiral
142 You are a software engineer and need to use a software development process that follows an extremely strict predetermined path through a set of phases. What type of method is this called?AgileWaterfallAdaptableVerifiable
143 The SDLC phases are part of a bigger process known as the system life cycle (SLC). The SLC has two phases after the implementation phase of the SDLC that address postinstallation and future changes. What are they called?Operations, maintenance, revisions, and replacementReplacement, crepitation, evaluation, and versioningValidation, verification, authentication, and monitoringRevisions, discovery, compliance, and functionality
144 You are using continuous integration/continuous delivery methodology involving different members of your team while developing a new application. You meet every day after lunch to review, which can mean multiple integrations every day. What are the security implications of using CI/CD?There are no security issues.Errors will not need to be fixed because the next integration will fix them.Encryption will be impossible because of timing.Errors can be handled as soon as possible.
145 IT security is a rapidly evolving field. As a software engineer, you need to stay current on industry trends and potential impact on an enterprise. Many of these changes will lead to you adopting which of the following?Best practicesDigital threatsAntivirus programsNIST
146 You perform a security audit to find out whether any IoT devices on your network are publicly accessible. What website would you use to find this type of information?ShodanOWASPVirusTotalMaltego
147 During
