- (Exam Topic 3)
To validate local system-hardening requirements, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?
Correct Answer:
A
- (Exam Topic 2)
An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application The working hypothesis is as follows:
• Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant target.
• The platform Is most likely vulnerable to poor patching and Inadequate server hardening, which expose vulnerable services.
• The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.
As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SQL injection attacks Which of the following BEST represents the technique in use?
Correct Answer:
D
- (Exam Topic 3)
Which of the following solutions is the BEST method to prevent unauthorized use of an API?
Correct Answer:
D
- (Exam Topic 2)
Which of the following technologies can be used to store digital certificates and is typically used in highsecurity implementations where integrity is paramount?
Correct Answer:
A
- (Exam Topic 3)
A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during incident response. Which of the following procedures is the NEXT step for further in investigation?
Correct Answer:
C
