A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed. Which of the following is the MOST likely cause of the error?
Correct Answer:
D
The most likely cause of the error is the failure of TPM authentication. TPM stands for Trusted Platform Module, which is a hardware component that stores encryption keys and other security information. TPM can be used by BitLocker to protect the encryption keys and verify the integrity of the boot process. If TPM fails to authenticate the laptop, BitLocker will enter recovery mode and ask for a recovery PIN, which is a 48-digit numerical password that can be used to unlock the system. The administrator should check the TPM status and configuration and make sure it is working properly. Verified References:
https://support.microsoft.com/en-us/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27- https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bi 
https://docs.sophos.com/esg/sgn/8-1/user/win/en-us/esg/SafeGuard-Enterprise/tasks/BitLockerRecoveryK
Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect recommend?
Correct Answer:
C
OCSP stapling is a solution that allows the web server to provide a time-stamped OCSP response signed by the CA along with the certificate during the TLS handshake, eliminating the need for the client to contact the CA separately to validate the certificate. OCSP stapling can reduce the delay caused by the certificate validation process by saving a round-trip between the client and the CA. It can also improve the security and privacy of the certificate validation by preventing potential attacks or tracking by malicious third parties. Verified References:
✑ https://en.wikipedia.org/wiki/OCSP_stapling
✑ https://www.digicert.com/knowledgebase/ssl-certificates/ssl-general-topics/what-is- ocsp-stapling.html
✑ https://www.entrust.com/knowledgebase/ssl/online-certificate-status-protocol-ocsp- stapling
During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.
Which of the following processes would BEST satisfy this requirement?
Correct Answer:
B
Reference: https://www.getkisi.com/access-control
This solution would implement a two-factor authentication (2FA) process that would prevent unauthorized individuals from entering the storage room by following an authorized employee. The two factors would be the card reader issued by the security team and the presence of a department manager.
As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.
Which of the following BEST describes this kind of risk response?
Correct Answer:
C
Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition, Company A is requiring the following:
• Before the merger is complete, users from both companies should use a single set of usernames and passwords.
• Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.
• Users from Company B should be able to access Company A's available resources. Which of the following are the BEST solutions? (Select TWO).
Correct Answer:
BD
Establishing one-way trust from Company B to Company A would allow users from Company B to access Company A’s resources using their existing credentials. Implementing attribute-based access control would allow users to have different sets of rights and privileges based on their attributes, such as department and IP address. Verified References: https://www.cloudflare.com/learning/access-management/what-is-sso/ https://frontegg.com/blog/a-complete-guide-to-implementing-single-sign-on https://learn.microsoft.com/en-us/host-integration-server/esso/enterprise-single-sign-on-basics
